# Solved how to bring back to work a software after recovery ?

February 1, 2013 at 14:49:02
Specs: Windows 7

 hi guys i need some help , i want to recover my laptop because virus attack that means it will delete all softwar and other stuf, but i dont want to delete just one software because i lost my CD and i cant find it again , and its very expensive , how can i save that software and bring it back to work after recovery ,, pls if someone knows how to do pls tell me .. thanks :D (sorry for my english)

See More: how to bring back to work a software after recovery ?

February 1, 2013 at 15:28:40

#1
February 1, 2013 at 14:53:37

 "but i dont want to delete just one software"What is the exact name of that software please?

Report •

#2
February 1, 2013 at 14:54:34

 Do you have the Windows 7 CD?

Report •

#3
February 1, 2013 at 14:56:46

 If you do a recovery (I assume you mean using the manufacturer's recovery partition?), you will lose everything you have installed & the laptop will be returned to the condidition it was in the day you bought it. Why don't you just remove the virus instead?

Report •

Related Solutions

#4
February 1, 2013 at 14:59:00

 its a bussines program , you cant find it on internet , its called Drpimapen ,

Report •

#5
February 1, 2013 at 15:01:19

 yes i know , i will lose everything , my laptop its atacked with malaware and worm , and i cant delete them ,

Report •

#6
February 1, 2013 at 15:01:55

 no i dont have , i want to return to factory condition ,

Report •

#7
February 1, 2013 at 15:05:31

 "its called Drpimapen"Ok, I was hoping that I may have been able to offer another program.

Report •

#8
February 1, 2013 at 15:07:47

 ok :( thanks anyway

Report •

#9
February 1, 2013 at 15:11:36

 "no i dont have , i want to return to factory condition"The problem with malware infections is, they may require you to delete ALL partitions, if you do that or return to factory condition you will lose Drpimapen.Do you want me to guide you through removing the Malware?If so, post the logs of what you have tried.

Report •

#10
February 1, 2013 at 15:20:31

 ok then im not professional with pc , i have scaned my pc with antivirus microsoft security esentisial , but its not detecting anything,, my pc it still very low and it have very low connection ,

Report •

#11
February 1, 2013 at 15:26:46

 " i have scaned my pc with antivirus microsoft security esentisial"Ok, that is what I use, but once you have been conned, we have to use specialized programs.Malware Preventionhttp://www.malwarevault.com/index.html"There is no magic involved. The majority of malware is installed by the user themselves"

Report •

#12
February 1, 2013 at 15:28:40

Report •

#13
February 1, 2013 at 15:30:36

 Restoring an installed application without the install media is so difficult that few experts would even attempt it. If you have a legal copy of the software the supplier may be able to supply replacement install media.

Report •

#14
February 1, 2013 at 15:31:28

 i will try right now , thank you very much

Report •

#15
February 1, 2013 at 15:33:21

 that means its imposible for me :( ok then thanks :D

Report •

#16
February 1, 2013 at 15:34:29

 JohnwYou might wish to update your link in #11 - it's changed.

Report •

#17
February 1, 2013 at 15:36:12

 alboWhat time zone/city are you in please?

Report •

#18
February 1, 2013 at 15:38:31

 Thanks Derek, I rely on others to help me.

Report •

#19
February 1, 2013 at 15:40:54

 johnw if youre talking with me... i live in kosovo its near albania and near serbia, time right know its 12:40 AM

Report •

#20
February 1, 2013 at 15:45:06

 Thanks albo, brrrrrr, let me know when you want to go to bed.http://www.timeanddate.com/worldclo...My time zone.http://www.timeanddate.com/worldclo...

Report •

#21
February 1, 2013 at 15:47:08

 hahha :D you find it , i will go when i finish this i downloaded the hitman now its clasifying he found something .

Report •

#22
February 1, 2013 at 15:51:06

 now i see your time zone , i love australia :D the scan has finished hitman found 6 threats (traces 436), and now it says removal results,

Report •

#23
February 1, 2013 at 16:15:17

 "the scan has finished"Copy & Paste the log please. We are not finished yet.hitman pro log file locationhttp://is.gd/hOJwkjhttp://forums.majorgeeks.com/showth...

Report •

#24
February 1, 2013 at 16:21:12

 really , ok i am doing this right now ,

Report •

#25
February 1, 2013 at 16:29:23

 its finished ,but now he dosnt find anything , in first time he found 6 ,but now they are in history ,,have i done something wrong ??

Report •

#26
February 1, 2013 at 16:32:18

Report •

#27
February 1, 2013 at 16:35:42

 i have done all like how it says in that forum , in history are 6 items , 5 are deleted and 1 is quarantined

Report •

#28
February 1, 2013 at 16:49:06

 "5 are deleted and 1 is quarantined"I want to see what those are, Copy & Paste that info please.

Report •

#29
February 1, 2013 at 17:03:49

 I just ran Hitman, the screenshot ( SS ) below shows where the logs are.Copy & paste the contents of the logs please.

Report •

#30
February 2, 2013 at 00:29:17

 i found that , i copyed them , but where do i need to Paste them ,and do i need to copy all the text ?

Report •

#31
February 2, 2013 at 00:39:57

 "but where do i need to Paste them"Right here."and do i need to copy all the text ?"Same as post #12 here. In other words I want to see everything the Hitman log shows.http://www.computing.net/answers/se...

Report •

#32
February 2, 2013 at 02:20:20

 this is all what it says in that log part one ,[code]HitmanPro 3.7.1.186www.hitmanpro.com Computer name . . . . : ALBANBERISHA-PC Windows . . . . . . . : 6.1.0.7600.X64/2 User name . . . . . . : Albanberisha-PC\Alban berisha UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (29 days left) Scan date . . . . . . : 2013-02-02 00:42:53 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 6 Traces . . . . . . . : 436 Objects scanned . . . : 1,813,881 Files scanned . . . . : 37,187 Remnants scanned . . : 546,840 files / 1,229,854 keysMalware _____________________________________________________________________ C:\Users\Alban berisha\Desktop\cs cheats\[cheat-project.com] ESW B1008 2010-10-13\ESW_B1008\ESW_B1008\ESW B1008.exe -> Quarantined Size . . . . . . . : 167,424 bytes Age . . . . . . . : 475.5 days (2011-10-15 12:13:45) Entropy . . . . . : 7.8 SHA-256 . . . . . : 750595D0E0A8CB7B9AE18526FA4A75DC3D17B956632C16DC9B2354E9D83CF4A4 > Ikarus . . . . . . : Trojan.Win32.Agent!IK Fuzzy . . . . . . : 114.0 C:\Windows\SysWOW64\.exe -> Deleted Size . . . . . . . : 53,723 bytes Age . . . . . . . : 669.4 days (2011-04-04 14:24:50) Entropy . . . . . : 7.0 SHA-256 . . . . . : BD0B3AF2BE37EC1D9445F030A1346305D7C0560598BC94C14181D90E95AB7A96 Needs elevation . : Yes > a-Squared . . . . : Trojan-Clicker.Win32.NSIS.j!A2 > G Data . . . . . . : Application.Generic.358118 (Engine-A) Fuzzy . . . . . . : 108.0

Report •

#33
February 2, 2013 at 02:21:08

 Suspicious files ____________________________________________________________ C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll Size . . . . . . . : 954,496 bytes Age . . . . . . . : 61.5 days (2012-12-02 11:45:09) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll Size . . . . . . . : 954,496 bytes Age . . . . . . . : 60.2 days (2012-12-03 19:31:12) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll Size . . . . . . . : 954,496 bytes Age . . . . . . . : 61.5 days (2012-12-02 11:38:40) Entropy . . . . . : 7.6 SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys Size . . . . . . . : 139,424 bytes Age . . . . . . . : 61.5 days (2012-12-02 11:41:08) Entropy . . . . . : 7.8 SHA-256 . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\dll\wc002293.dll Size . . . . . . . : 949,190 bytes Age . . . . . . . : 136.5 days (2012-09-18 13:28:23) Entropy . . . . . : 7.6 SHA-256 . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\pbcl.dll Size . . . . . . . : 949,190 bytes Age . . . . . . . : 136.5 days (2012-09-18 13:28:23) Entropy . . . . . : 7.6 SHA-256 . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\pbclold.dll Size . . . . . . . : 963,613 bytes Age . . . . . . . : 139.3 days (2012-09-15 16:26:00) Entropy . . . . . : 7.6 SHA-256 . . . . . : E7EB0F070DDDBDC1793677B6EF811338CDCEC5AE744A032C223DD1763D97A56B Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys Size . . . . . . . : 140,480 bytes Age . . . . . . . : 139.3 days (2012-09-15 16:26:15) Entropy . . . . . : 7.7 SHA-256 . . . . . : 64063C820C5972BBD6E524C68065570BF54D85FA0FFE0BD063B6954298F7D015 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Alban berisha\AppData\Local\PunkBuster\COD4\pb\pbcl.dll Size . . . . . . . : 956,558 bytes Age . . . . . . . : 732.7 days (2011-01-31 08:20:52) Entropy . . . . . : 7.6 SHA-256 . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\COD4\pb\pbcls.dll Size . . . . . . . : 956,558 bytes Age . . . . . . . : 732.7 days (2011-01-31 08:20:52) Entropy . . . . . : 7.6 SHA-256 . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys Size . . . . . . . : 138,160 bytes Age . . . . . . . : 732.7 days (2011-01-31 08:22:53) Entropy . . . . . : 7.8 SHA-256 . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Alban berisha\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll Size . . . . . . . : 947,283 bytes Age . . . . . . . : 96.3 days (2012-10-28 18:33:48) Entropy . . . . . : 7.6 SHA-256 . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys Size . . . . . . . : 139,080 bytes Age . . . . . . . : 96.3 days (2012-10-28 18:34:58) Entropy . . . . . : 7.8 SHA-256 . . . . . : FAE59652245B6F30D2B5173E1EBC7079F8BBB1CBAC168BBF151AE81879F26AB7 RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Alban berisha\AppData\Local\PunkBuster\UNCO\pb\pbcl.dll Size . . . . . . . : 833,236 bytes Age . . . . . . . : 747.1 days (2011-01-16 22:24:15) Entropy . . . . . : 7.6 SHA-256 . . . . . : 224E58B68FE38C7B9DE702D8E970158B3DB6B0CAE3429B4903DAFC68AE60C83C Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Alban berisha\Desktop\cs cheats\super_cheats\super_cheats\test.dll Size . . . . . . . : 54,784 bytes Age . . . . . . . : 475.4 days (2011-10-15 16:02:34) Entropy . . . . . : 7.9 SHA-256 . . . . . : B06937D8FC757BE1194ECF71BB138F1A7263AAFA0056526D04AA10B8AE3C0FB2 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The Entry Point of this file lies in a resource section. This is an indication of malware infection. The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs.

Report •

#34
February 2, 2013 at 02:22:43

Report •

#35
February 2, 2013 at 02:23:19

Report •

#36
February 2, 2013 at 02:24:15

 this is alll , there nothing more , is this text that you wanted to see ,??

Report •

#37
February 2, 2013 at 02:31:04

 I have to go out soon, MrGoodguy will be looking after you.

Report •

#38
February 2, 2013 at 02:34:23

 ok thanks for all Johnw

Report •

#39
February 2, 2013 at 03:03:46

Report •

#40
February 2, 2013 at 05:09:08

 hi MrGoodGuythanks for this helpful information , i have download the Adwcleaner ,and i have done everything what you have say , when he fineshed, he robote my pc , and after reebotin a text document automaticly its open , and he showes the deleted files ,folders, and other things , i think its much better now , do i need to do something else or this is all , thanks again from all of you guys ,

Report •

#41
February 2, 2013 at 07:00:04

 It appears you have several Trojans not to mention a bunch of crapware installed, try this: http://www.simplysup.com/And I suggest you uninstall Chrome & stick to Firefox.

Report •

#42
February 2, 2013 at 08:15:19

 Hi albo, back again, you haven't done this as requested by MrGoodGuy who is in New Zealand.. They are 12 hours ahead of you, so he will be available before me, I'm off to bed now.Post #39"Please include the log in your next reply"

Report •

#43
February 2, 2013 at 10:08:28

Report •

#44
February 2, 2013 at 10:42:07

Report •

#45
February 2, 2013 at 10:52:24

 Can try looking in C:/ for the first AdwCleaner log please if it's not on your desktop?We will have to run Junkware Removal Tool (JRT) also. Turn off your Antivirus realtime protection. http://www.bleepingcomputer.com/dow...Then run HighJackThis please just to see a basic overview of whats on your pc?http://www.bleepingcomputer.com/dow...Run, Scan and Save log only do not fix anything yet please.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#46
February 2, 2013 at 11:42:58

Report •

#47
February 2, 2013 at 11:43:34

Report •

#48
February 2, 2013 at 11:44:27

 and now i will try to download those programs what you says,

Report •

#49
February 2, 2013 at 11:46:49

Report •

#50
February 2, 2013 at 11:54:29

 yes no problem , now i am using Junkware removal tool , and when this its finished i will use the highjack ,

Report •

#51
February 2, 2013 at 11:59:23

 the junkware removal tool its finished , and this is the log from this program ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.5.8 (01.31.2013:1)OS: Windows 7 Home Premium x64Ran by Alban berisha on Sat 02/02/2013 at 20:46:36.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f0381dbd-e018-4e07-ae40-d96ab15083f0} Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\DisplayNameSuccessfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\URL~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_current_user\software\sweetimSuccessfully deleted: [Registry Key] hkey_local_machine\software\sweetimSuccessfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll~~~ FilesSuccessfully deleted: [File] C:\eula.1028.txtSuccessfully deleted: [File] C:\eula.1031.txtSuccessfully deleted: [File] C:\eula.1033.txtSuccessfully deleted: [File] C:\eula.1036.txtSuccessfully deleted: [File] C:\eula.1040.txtSuccessfully deleted: [File] C:\eula.1041.txtSuccessfully deleted: [File] C:\eula.1042.txtSuccessfully deleted: [File] C:\eula.1049.txtSuccessfully deleted: [File] C:\eula.2052.txtSuccessfully deleted: [File] C:\install.res.1028.dllSuccessfully deleted: [File] C:\install.res.1031.dllSuccessfully deleted: [File] C:\install.res.1033.dllSuccessfully deleted: [File] C:\install.res.1036.dllSuccessfully deleted: [File] C:\install.res.1040.dllSuccessfully deleted: [File] C:\install.res.1041.dllSuccessfully deleted: [File] C:\install.res.1042.dllSuccessfully deleted: [File] C:\install.res.1049.dllSuccessfully deleted: [File] C:\install.res.2052.dllSuccessfully deleted: [File] C:\install.res.3082.dll~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\Alban berisha\AppData\Roaming\drivercure"~~~ FireFoxSuccessfully deleted the following from C:\Users\Alban berisha\AppData\Roaming\mozilla\firefox\profiles\ft5s9j04.default\prefs.jsuser_pref("extension.WeatherBug.DefaultTab", "0");~~~ ChromeSuccessfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\afbcibndhffhhbokgpbpecjmejjcgcejSuccessfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\afbcibndhffhhbokgpbpecjmejjcgcej~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 02/02/2013 at 20:56:23.76End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Report •

#52
February 2, 2013 at 12:01:13

Report •

#53
February 2, 2013 at 12:05:53

Report •

#54
February 2, 2013 at 12:20:56

 i have use this software before , look at post #41 do you want the first log , or do you want the second log ive done it right now ??

Report •

#55
February 2, 2013 at 12:26:26

 To delete with HJT run it again and check mark the following for removal please.O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dllO4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeOk there was nothing too nasty in the HJT log, but these four Tcpip look out of place. If you did not add them or know nothing of them we will remove them?O17 - HKLM\System\CCS\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2O17 - HKLM\System\CCS\Services\Tcpip\..\{640BA023-EF3A-4A7D-AE53-CCE0D3197F16}: NameServer = 8.8.8.8O17 - HKLM\System\CS1\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2O17 - HKLM\System\CS2\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#56
February 2, 2013 at 12:29:59

 Im after the second Malwarebytes log please :)Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#57
February 2, 2013 at 12:37:52

 im so sorry but from this last post for hijack i didnt understand what to do , its too hard for me because i have never done something like this before, and for malaware bytes im going to send you the second log .. right??

Report •

#58
February 2, 2013 at 12:42:20

 Yes please send the second malwarebytes log in. You are doing just fine :)HighJackThis you will need to run it again, in the main windows check mark (Tick) the following for removal. O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dllO4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeI want to check with johnw about the Tcpip entries just to be sure they should be removed.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#59
February 2, 2013 at 12:47:25

 ok :D ,, i founded those two , i marked them and now what should i press to delete them ,and here is the log from malwarebytes Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.02.02.08Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Alban berisha :: ALBANBERISHA-PC [administrator]Protection: Enabled2/2/2013 9:14:56 PMMBAM-log-2013-02-02 (21-18-33).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 217902Time elapsed: 2 minute(s), 37 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 4C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A} (PUP.Zwangi) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome (PUP.Zwangi) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\defaults (PUP.Zwangi) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\defaults\preferences (PUP.Zwangi) -> No action taken.Files Detected: 4C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome.manifest (PUP.Zwangi) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\install.rdf (PUP.Zwangi) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome\resulturl.jar (PUP.Zwangi) -> No action taken.C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\defaults\preferences\prefs.js (PUP.Zwangi) -> No action taken.(end)

Report •

#60
February 2, 2013 at 13:09:20

 For the two HJT entries press the "Fix checked" button then close HJT.For the Malwarebytes PUP removals you need to run the quick scan again, when you get to the found entries list you need to check mark the entries for removal. Then press the "Remove Selected" button.http://www.bleepingcomputer.com/vir...Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#61
February 2, 2013 at 13:29:27

 ok i have done everything what you have say , what should i do now , or this is all ?

Report •

#62
February 2, 2013 at 13:39:23

 We are getting there :) Download the ESET Online scanner, it needs Internet explorer to run.http://www.eset.com/online-scanner-...Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#63
February 2, 2013 at 14:20:04

 ok i downloaded the eset online scaner , and its scaning my computer ,now its 37 % and infected files are 0,, i will tell you when this is finished , :D

Report •

#64
February 2, 2013 at 14:28:13

 ESET can take a long time to scan, but it does an excellent job so is worth the wait :)Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#65
February 2, 2013 at 14:50:12

 Do you have a Antivirus program installed? I suggest Avast free version. http://www.avast.com/en-au/free-ant...Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#66
February 2, 2013 at 14:53:54

 yeah very long time now its 52 minuts till he started , for antivirus i have internet security esentsial , what to you think for this ,

Report •

#67
February 2, 2013 at 15:03:56

 :) Sorry about ESET, I know it's getting late where you are. I would remove Internet Security Essentials, are you sure of your spelling. Its a fake Antivirus program; http://en.wikipedia.org/wiki/Intern...Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#68
February 2, 2013 at 15:06:14

 Is it Webroot's Internet Security Essentials, I would still choose Avast free.Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#69
February 2, 2013 at 15:13:48

 oohhh im soo sorry its microsoft security esentsial , i am getting tired thats why i writed that wrong

Report •

#70
February 2, 2013 at 15:19:59

 All good, I would replace MSE with Avast in my opinion. We can call it a night for now, leave ESET running. Send the log in when you can :) Goodnight get some sleep.Its 12:19pm here. (12hr difference) Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#71
February 2, 2013 at 15:23:23

 ok bro ,thank you very much , i will send you the log tomorrow , and for antivirus if you think is better.. then i will change , :D

Report •

#72
February 3, 2013 at 00:40:33

 hello MrGoodGuy , i just get up :D the scan has finished and it says Threats Found infected files 7cleande files 6what should i do now , and where i can find the log ,

Report •

#73
February 3, 2013 at 01:35:40

 "where i can find the log"The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop."what should i do now"We will let you know after looking at the log.

Report •

#74
February 3, 2013 at 01:43:44

 Hi albo, At the end of the scan you would have seen a "Finish" button. When you clicked that it would have removed the infected entries. We can make sure by looking over your log.ESET online scanner log.txt is the name of the log. You should should find it here "C:\Program Files\ESET\EsetOnlineScanner\log.txt"Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#75
February 3, 2013 at 01:46:24

 Sorry for the overlap. I was just checking in, I will leave you with Johnw as he will do exactly what I would do :) Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

Report •

#76
February 3, 2013 at 02:02:41

 hello again Johnw :D i think i fonunden the log , ESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6889# api_version=3.0.2# EOSSerial=3634125d5042f746b13bc6233443963c# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=false# unsafe_checked=false# antistealth_checked=true# utc_time=2013-02-02 11:36:57# local_time=2013-02-03 12:36:57 (+0100, Central Europe Standard Time)# country="United States"# lang=1033# osver=6.1.7600 NT # compatibility_mode=5892 16777213 88 94 10607933 13491189 0 0# scanned=211417# found=7# cleaned=6# scan_time=5758C:\Windows\SysWOW64\4bd4b8ea.exe Win32/Adware.Primawega.AJ application A52CD826EDF157EB616789ABDDFA8884CB172342 IC:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\chrome\content\searchqutb.js Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 73C7F651635F7B5096284FF13B16A1E08C2D017B CC:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\chrome\content\toolbar.htm Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 55E8B149404360EB7E208194DA4B402F56A2D155 CC:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\chrome\content\toolbar.xul Win32/Adware.Bandoo application (cleaned by deleting - quarantined) D0A7CD7BEBC7D02B8C49AE227CD7F9446739F33E CC:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\SearchquDx.dll Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 21569742DB2E4B878560C81B1C4D660AA411F2EE CC:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\SearchquTb.dll Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 1A498F432A96828D995C4CC065C8C030702BC1A7 CC:\Windows\System32\4bd4b8ea.exe Win32/Adware.Primawega.AJ application (cleaned by deleting - quarantined) A52CD826EDF157EB616789ABDDFA8884CB172342 C

Report •

#77
February 3, 2013 at 02:03:30

 well thanks and good night , MrGoodguy :D

Report •

#78
February 3, 2013 at 02:15:03

 Thanks albo.Run RogueKiller please.http://www.softpedia.com/get/Securi...http://www.softpedia.com/progScreen...http://majorgeeks.com/RogueKiller_d...http://www.geekstogo.com/forum/file...http://www.sur-la-toile.com/RogueKi...http://www.sur-la-toile.com/RogueKi...RogueKiller tutorialhttp://en.kioskea.net/faq/11626-rog...•Please quit all programs•Right-click the RogueKiller file and select "Run as Administrator'•Press: SCAN•On the RogueKiller console, click the Registry tab.•Make sure the entries there are checked.•Then, press the [Delete] button.An RKreport (Mode: Delete) is created on the Desktop.Please provide the RKreport (Mode: Delete) in your reply.Restart the computer.

Report •

#79
February 3, 2013 at 03:33:43

 ok johnw , i downloaded the roguekiller and i pressed scan he found 2 threats and then i pressed delete , and this is the log , RogueKiller V8.4.4 [Feb 1 2013] by Tigzymail : tigzyRKgmailcomFeedback : http://www.geekstogo.com/forum/file...Website : http://tigzy.geekstogo.com/roguekil...Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Alban berisha [Admin rights]Mode : Remove -- Date : 02/03/2013 12:21:14| ARK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++--- User ---[MBR] d99d21e0fbb8ab50c668ee2c2b6676c7[BSP] 74d065e0e76ac4d415baab153130345c : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[3]_D_02032013_02d1221.txt >>RKreport[1]_S_02032013_02d1220.txt ; RKreport[2]_S_02032013_02d1221.txt ; RKreport[3]_D_02032013_02d1221.txt

Report •

#80
February 3, 2013 at 03:35:12

 ok johnw , i downloaded the roguekiller and i pressed scan he found 2 threats and then i pressed delete ,

Report •

#81
February 3, 2013 at 03:40:22

 Thanks albo.Run Malwarebytes' Anti-Malware ( MBAM ) again. Use Quick scan. Click the Remove Selected button after the scan. Post log please.

Report •

#82
February 3, 2013 at 03:47:41

 ok done .. here is the log , i think its a good news :D :D Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.02.02.08Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Alban berisha :: ALBANBERISHA-PC [administrator]Protection: Enabled2/3/2013 12:42:39 PMmbam-log-2013-02-03 (12-42-39).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 217940Time elapsed: 3 minute(s), 30 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

Report •

#83
February 3, 2013 at 03:51:14

 Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.http://www.softpedia.com/get/System...http://www.softpedia.com/progScreen...http://www.wisecleaner.com/download...Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.http://www.softpedia.com/get/Tweak/...http://www.softpedia.com/progScreen...http://www.wisecleaner.com/wiseregi...

Report •

#84
February 3, 2013 at 03:58:12

 "i think its a good news :D :D"I do to.When finished post #83, let me know how it is running.Malware Preventionhttp://www.malwarevault.com/prevent..."There is no magic involved. The majority of malware is installed by the user themselves"

Report •

#85
February 3, 2013 at 04:11:31

 ok its done with #83 , he found lot of thing , and now they are deleted its there any log for this ,

Report •

#86
February 3, 2013 at 04:24:08

 "its there any log for this"Nope.

Report •

#87
February 3, 2013 at 04:29:14

 Run TFChttp://www.geekstogo.com/forum/file...http://oldtimer.geekstogo.com/TFC.exehttp://www.itxassociates.com/OT-Too...Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Report •

#88
February 3, 2013 at 04:31:26

 do i need to do something else or this is all ? and can i delete some logs that they are now in my desktop , its full of them :D

Report •

#89
February 3, 2013 at 04:40:18

 sorry i saw your post after i writed my post , ok its done with TFC , he deleted 101mb ,.

Report •

#90
February 3, 2013 at 04:41:10

Report •

#91
February 3, 2013 at 04:42:12

 "can i delete some logs that they are now in my desktop , its full of them :D?Yes.

Report •

#92
February 3, 2013 at 04:52:38

 ok done , here is the checkup.txt , Results of screen317's Security Check version 0.99.57 Windows 7 x64 (UAC is enabled) [url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b] Internet Explorer 9 [b][u]Antivirus/Firewall Check:[/b][/u] [color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color] Microsoft Security Essentials Antivirus up to date! [b][u]Anti-malware/Other Utilities Check:[/b][/u] Trojan Remover 6.8.5 Malwarebytes Anti-Malware version 1.70.0.1100 TuneUp Utilities 2013 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2013 Wise Disk Cleaner 7.74 Wise Registry Cleaner 7.62 Java 7 Update 7 [color=red][b]Java version out of Date![/b][/color] Adobe Flash Player 10 [color=red][b]Flash Player out of Date![/b][/color] Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color] Mozilla Firefox 11.0 [color=red][b]Firefox out of Date![/b][/color] Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 [b][u]Process Check: objlist.exe by Laurent[/b][/u] [b][u]System Health check[/b][/u] Total Fragmentation on Drive C: 1% [b][u]End of Log[/b][/u]

Report •

#93
February 3, 2013 at 04:55:57

 To get your computer more secure, these need updating, they all have security holes.Java 7 Update 7[color=red][b]Java version out of Date![/b][/color]Adobe Flash Player 10 [color=red][b]Flash Player out of Date![/b][/color]Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]Mozilla Firefox 11.0 [color=red][b]Firefox out of Date![/b][/color] We are all done, worked out beautifully with MrGoodguy, when he was asleep, I was awake & vice versa.Congratulate yourself for getting around the language difficulty. Well done.Have fun with your computer. John.

Report •

#94
February 3, 2013 at 05:04:00

 ok i will update them ,, i dont know how to thank you guys , you and mrGoodguy have done an amazing job :D if i need help again ,, now i know where i can find the best answer :D thanks ,good bye and all the best :D

Report •

#95
February 3, 2013 at 05:09:28

 Thank you, all the best.

Report •

#96
February 3, 2013 at 05:26:24

 "you and mrGoodguy have done an amazing job"Amen to that.You can update Java from the icon in Control Panel, or from a download - now 7-13.Always pop back and let us know the outcome - thanks

Report •