Solved i have a message that says my windows aren't geniune

December 21, 2013 at 20:32:09
Specs: Windows BUSINESS VISTA
it tries to direct me to buy new windows also one of my taba at the top of google chrome says sweetpacks and i can't find it tpo unstall it..any suggestions please..thank you

See More: i have a message that says my windows arent geniune

Report •


#1
December 21, 2013 at 20:46:05
✔ Best Answer
1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
December 21, 2013 at 23:24:48
i Smart Defender! Below are the log files of latest version.

=============================
Version: 1.9.3
Fize Size: 25.3M
=============================

Changelog
-----

Improvements:
Fixed the registration bug that may cause registration failed when system reinstalled

=============================
Version: 1.9.2
Fize Size: 24.4M
=============================

Changelog
-----

Improvements:

Fixed bug that program failed to delete any detected, occupied malicious file;
Fixed real-time guard bug that blocked files which have been added in white list;
Fixed bug that time duration didn¡¯t show correctly when delete detected malware in demand scan.
Added languages-Chinese Simplified, Bulgarian.

=============================
Version: 1.9.1
Fize Size: 24.6M


Report •

#3
December 21, 2013 at 23:36:57
*HiJjohnw...i had to go with Derek's link that he sent in the previous message because i can't afford to download the ones you suggested but i copied and pasted one of the things i did and removed ant suspicious programs and add ons. changed my browser manually and the rest i used Anvi slimtoolbar v1,2...cloud system booster 3.0 and antismart defender and they cleaned 946 regristry errors etc and found 3 viruses and removed them and i will check to see if there is anything i missed and i will let you know if we had success ok. i was very intimidated by the instructions you left..not because there was anything wrong but i have not very much computer experience and i started to get lost immediatly, but i appreciate the help and lets see what happen...will update in the morning,,thank you very much

Report •

Related Solutions

#4
December 22, 2013 at 02:35:52
See if you can get your head around malwarebytes Robert.

Please Copy and Paste the instructions into a text file, print or write down the steps & info. You will need them, as they are hard to remember, for when you are offline. Cross off each step as you do it.

Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.softpedia.com/progScreenshots/Malwarebytes-Anti-Malware-Screenshot-81598.html
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
Make sure you uncheck > Enable free trial during install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/index.php?showtopic=48541

message edited by Johnw


Report •

#5
December 22, 2013 at 04:06:27
ok, i;ll try..Thank you John

Report •

#6
December 22, 2013 at 04:51:44
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabe :: GABE-PC [administrator]

Protection: Enabled

22/12/2013 4:23:14 AM
MBAM-log-2013-12-22 (04-42-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217521
Time elapsed: 18 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Gabe\Downloads\InstallConverter_brch.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Gabe\Downloads\vid_xxx1280p.mkv (1).zip (Trojan.Agent.ED) -> No action taken.
C:\Users\Gabe\Downloads\vid_xxx1280p.mkv.zip (Trojan.Agent.ED) -> No action taken.

(end)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5508

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/01/2011 6:23:54 PM
mbam-log-2011-01-12 (18-23-54).txt

Scan type: Quick scan
Objects scanned: 164479
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Gabe\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5508

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/01/2011 9:00:43 PM
mbam-log-2011-01-12 (21-00-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 359653
Time elapsed: 1 hour(s), 11 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Gabe\AppData\Local\Google\Chrome\user data\Default\Cache\f_0003c4 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Gabe\Desktop\Gabe\software\windows xp genuine key generator for windows xp 32-bit\windows xp genuine key generator\magicjellybeankeyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Gabe\Desktop\Gabe\software\windows xp genuine key generator for windows xp 32-bit\windows xp genuine key generator\windows key generator.exe (Trojan.Banker) -> Quarantined and deleted successfully.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabe :: GABE-PC [administrator]

Protection: Enabled

22/12/2013 4:23:14 AM
mbam-log-2013-12-22 (04-23-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217521
Time elapsed: 18 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Gabe\Downloads\InstallConverter_brch.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Gabe\Downloads\vid_xxx1280p.mkv (1).zip (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Gabe\Downloads\vid_xxx1280p.mkv.zip (Trojan.Agent.ED) -> Quarantined and deleted successfully.

(end)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabe :: GABE-PC [administrator]

Protection: Enabled

22/12/2013 4:23:14 AM
MBAM-log-2013-12-22 (04-42-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217521
Time elapsed: 18 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Gabe\Downloads\InstallConverter_brch.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Gabe\Downloads\vid_xxx1280p.mkv (1).zip (Trojan.Agent.ED) -> No action taken.
C:\Users\Gabe\Downloads\vid_xxx1280p.mkv.zip (Trojan.Agent.ED) -> No action taken.

(end)
013/12/22 04:20:30 -0800 GABE-PC Gabe MESSAGE Starting protection
2013/12/22 04:20:31 -0800 GABE-PC Gabe MESSAGE Protection started successfully
2013/12/22 04:20:31 -0800 GABE-PC Gabe MESSAGE Starting IP protection
2013/12/22 04:22:02 -0800 GABE-PC Gabe MESSAGE IP Protection started successfully
2013/12/22 04:22:18 -0800 GABE-PC Gabe MESSAGE Starting database refresh
2013/12/22 04:22:18 -0800 GABE-PC Gabe MESSAGE Stopping IP protection
2013/12/22 04:22:36 -0800 GABE-PC Gabe MESSAGE IP Protection stopped successfully
2013/12/22 04:22:45 -0800 GABE-PC Gabe MESSAGE Database refreshed successfully
2013/12/22 04:22:45 -0800 GABE-PC Gabe MESSAGE Starting IP protection
2013/12/22 04:23:27 -0800 GABE-PC Gabe MESSAGE IP Protection started successfully
i clicked the remove selected after i copied and pasted the first log......Is this what you wanted John?


Report •

#7
December 22, 2013 at 04:59:47
Top stuff Robert.

It appears you havn't taken any action on some files.
Reread my instructions please.


Report •

#8
December 22, 2013 at 05:44:40
Going to bed now Robert, catch up with you in about 8 hrs. I'm here.
http://www.timeanddate.com/worldclo...

Report •

#9
December 22, 2013 at 06:23:53
alwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabe :: GABE-PC [administrator]

Protection: Enabled

22/12/2013 5:22:56 AM
mbam-log-2013-12-22 (05-22-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217417
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Gabe\Downloads\InstallConverter_brch.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)
Gee, i wonder why no action taken as i clicked removed selected...ok...goodnight John..Thank you for helping me..although i think i may belong in computer kindergarden...Ps...is the pup file from the puppies disk i made because it was in the footnotes of the download that someone said it was corrupt..Just curious...thanks

message edited by Robertbangay


Report •

#10
December 22, 2013 at 09:16:49
"can't afford to download"
There is nothing Johnw suggested that you have to pay for.

Maybe Johnw will have some idea why that Open Candy was not removed - just keep MalwareBytes installed for now. Open Candy is not "awful" but it is certainly undesirable and comes with free software (often declared). One example is dvdvideosoft products. It wouldn't have been with the Puppy Linux download.

I think it would be confusing for you to have two of us at it, so generally I'll leave you with Johnw who has a wide experience of removing malware. In the meantime I'll just "hold the fort" and try to keep things moving with his suggestions.

With ADWCleaner all you do is download and Save the file (rather than using Run online). Putting it on the desktop is convenient but as long as you know where the file goes to it can be run from anywhere. To run it you go to the downloaded file "AdwCleaner.exe" then double left click it. First do the Scan. When it is done you will see a tab called "Report" (the log). That can be copy pasted directly, or use the location Johnw has already given.

Hope that keeps things rolling a bit.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#11
December 22, 2013 at 12:25:05
dwCleaner v3.015 - Report created 22/12/2013 at 12:14:41
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Gabe - GABE-PC
# Running from : C:\Users\Gabe\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\AskBarDis
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\XP4G
Folder Deleted : C:\Users\Gabe\AppData\Local\Conduit
Folder Deleted : C:\Users\Gabe\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Gabe\AppData\Local\Temp\AskBarDis
Folder Deleted : C:\Users\Gabe\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gabe\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Gabe\AppData\LocalLow\XP4G
Folder Deleted : C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\p6nd3u8t.default\StumbleUpon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2754399
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13B9BCC3-03D7-4971-86F6-A38A9A43A141}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6844864-D436-4389-B163-76DE4E5FBDEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13B9BCC3-03D7-4971-86F6-A38A9A43A141}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13B9BCC3-03D7-4971-86F6-A38A9A43A141}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6844864-D436-4389-B163-76DE4E5FBDEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{13B9BCC3-03D7-4971-86F6-A38A9A43A141}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6844864-D436-4389-B163-76DE4E5FBDEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2601D3F-D557-4D91-A39D-6E8C4E03895E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41419E23-04FE-4E52-84D1-1C0C53E16C04}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B26B666-5F52-48F2-A968-1313E875EBDC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{13B9BCC3-03D7-4971-86F6-A38A9A43A141}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{13B9BCC3-03D7-4971-86F6-A38A9A43A141}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{13B9BCC3-03D7-4971-86F6-A38A9A43A141}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{13B9BCC3-03D7-4971-86F6-A38A9A43A141}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKCU\Software\AskBarDis
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\XP4G
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\XP4G
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XP4G Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v

[ File : C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\p6nd3u8t.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8021 octets] - [22/12/2013 12:10:12]
AdwCleaner[S0].txt - [7284 octets] - [22/12/2013 12:14:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7344 octets] ##########
i hope that's what you wanted,


Report •

#12
December 22, 2013 at 12:33:15
Cripes, you need to be a lot more careful about what you download - it's full of junk.

Run the "Clean" and it will remove them all - restart when it asks you to. Next paste the log again so that we can see it removed everything it found (it usually does).

At the same time, let us know if there is any improvement.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#13
December 22, 2013 at 13:14:54
OK,Will try again..i think i just clicked scan.......

Report •

#14
December 22, 2013 at 13:30:16
GOD..I hope this is what you're looking for...thank you for the help.Derek
AdwCleaner v3.015 - Report created 22/12/2013 at 13:22:04
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Gabe - GABE-PC
# Running from : C:\Users\Gabe\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v

[ File : C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\p6nd3u8t.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Gabe\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8021 octets] - [22/12/2013 12:10:12]
AdwCleaner[R1].txt - [1098 octets] - [22/12/2013 13:18:59]
AdwCleaner[S0].txt - [7440 octets] - [22/12/2013 12:14:41]
AdwCleaner[S1].txt - [1024 octets] - [22/12/2013 13:22:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1084 octets] ##########


Report •

#15
December 22, 2013 at 14:04:33
Perfect backup/teamwork Derek.

Have a go at Junkware Removal Tool now Robert.


Report •

#16
December 22, 2013 at 14:09:22
"Ps...is the pup file from the puppies disk i made because it was in the footnotes of the download that someone said it was corrupt"
Don't know Robert.

What is a PUP file?
http://pc.net/helpcenter/answers/wh...


Report •

#17
December 22, 2013 at 15:06:05
Re #16

Gotta a feeling it's just that PUP can stand for "Potentially Unwanted Program" (as per your link) and might have also been used as a shortened form of "Puppy", as in Puppy Linux. No connection, just coincidence - the download was safe.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#18
December 22, 2013 at 16:09:35
Thanks Derek..also i remembered that i never even put puppies in the new laptop

Report •

#19
December 22, 2013 at 21:04:16
HOLY SMOKES YOU GUYS..I started the scan at 6:04 pm and it's now 9pm and the scan has found 1 threat and has been at 83% for 1/2 hours now...Although i have an overwhelming compulsion to turn it off i won't and will wait until it's over...will update soon i hope

Report •

#20
December 22, 2013 at 21:25:15
Take a photo & upload it to site of your choosing.Robert.

You may have to put it on a thumb drive & use another computer to upload it.


Report •

#21
December 22, 2013 at 21:25:48
Well, it's finally done however it didn't give me the same type of log thingy but i saved everything in my documents and maybe you could tell me how to get it to you...it said it found 1 threat....talk tommorrow if you have time ..thanks again...

Report •

#22
December 22, 2013 at 21:57:06
Now it's finished, you can take a screenshot & use Image Uploader.

How To Capture a Screen Shot with the Snipping Tool in Windows Vista / Windows 7
http://graphicssoft.about.com/od/mi...

I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for images.
http://i.imgur.com/mWxzNlv.gif
http://i.imgur.com/ODCCcPf.gif
http://i.imgur.com/zalhLtW.gif

message edited by Johnw


Report •

#23
December 23, 2013 at 11:04:31
Ok john..thank you i'll get right on that, in the meantime here's the log from my last scan and i still have to do the macefee scan...alwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.23.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gabe :: GABE-PC [administrator]

Protection: Enabled

23/12/2013 10:33:38 AM
mbam-log-2013-12-23 (10-33-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218391
Time elapsed: 16 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-2970019544-1224834032-2609011339-1000\$R5J3AP3.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)


Report •

#24
December 23, 2013 at 13:23:20
"Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-2970019544-1224834032-2609011339-1000\$R5J3AP3.exe (PUP.Optional.OpenCandy) -> No action taken"
It is now in your Recycle.Bin Robert.

Run TFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. ( Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

message edited by Johnw


Report •

#25
December 24, 2013 at 01:51:28
Hi ya John..Well after on and off the entire day and evening..i have been attempting to accomplish the assignments you gave me...and started off shaky at first because the web site was outdated by 129 days the lady said and quite a few times when i attempted to do a task it wouldn't allow me because i wasn't the administrator..so i learned off youtube how to fix that. Finally after 10-14 different kinds of scans and removing and uninstalling i feel not too bad about it but it still puts up a message at the beginning about windows not geniune etc...and it keeps popping up speratically..and i don't think that's normal...Well, i know the holidays are busy for people so maybe sometime when you have a moment can give me a litle ( ok alo ) of guidance, if not i ask on the forum but thank you for all your help and merry christmas..

Report •

#26
December 24, 2013 at 02:15:16
No idea what you taking about Robert.

Be really clear please.

Is it in reference to my post #22 or #24.

Screenshots will help a lot, a picture is worth a thousand words.


Report •

#27
December 24, 2013 at 03:25:43
I was referencing the maleware site,junk removable tool, another antivirus that derek left a link for reoair tool and my mcafee antivirus. i'm not suppose to keep so many at one time right ? some of the tasks i had limited access because i didn't have administration rights until i changed it. Sorry for the trouble i just found this laptop in the trash last week and it's 100 times more complecated then my other one and i was having difficulty understanding that one. I only used a computer for the first time 1.5 years ago and only do facebook...So, i'm going to study screen shot now and see if i can do it

Report •

#28
December 24, 2013 at 03:40:07
" I only used a computer for the first time 1.5 years ago"
You are going super well then.

"i'm not suppose to keep so many at one time right ?"
Only one AV ( antivirus ) should be installed. I will sort that out later. They use what's called Real-Time mode of operation.
Programs that hunt through an infected comp, you can have as many as needed to remove the problems.

message edited by Johnw


Report •

#29
December 24, 2013 at 03:46:21
ok, i will make a note of that..thank you

Report •

#30
December 26, 2013 at 04:22:55
Good morning John...Just thought i'd let you know that i think i've fixed everything for now including the windows is not genuine message. I googled it and it turned out to be a plug and play and went to system32 and slui ..properties,avanced,changed owners etc and then deleted it successfully..i also ran maleware again and realized i wasn't checking the files before i clicked remove the files so i did it correctly and reran the scan and i'm ok...macafee says ok..windows defenders says ok..If there's anything i missed maybe you could let me know and thanks again to Derek and yourself for all your help...sincerly Robert

Report •

#31
December 26, 2013 at 09:12:26
Re #30
It might not be too clever to have McAfee running at the same time as Windows Defender, as they both run in real time (together, continuously). They might "fight". I've not used McAfee since dinosaurs but it is easy to turn off real time scanning in Windows Defender. You just open up the program from the tray icon, go to Settings and untick real time working. The tray icon will go red (warning) but you could still keep it on-board and use it for the odd scan if you are ever suspicious of something.

I respect the view of Johnw on security matters so if he thinks differently then run with whatever he suggests.

EDIT:
#28 "I will sort that out later"
Oops, just noticed this had already been raised.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#32
December 26, 2013 at 12:46:45
Afternoon Robert,

"If there's anything i missed maybe you could let me know"
I still haven't seen the screenshots as requested or know if you ran TFC.

The AV part of your post, I would like to run this please.

Download Security Check by screen317 from one of the following links and save it to your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

message edited by Johnw


Report •

#33
December 26, 2013 at 14:20:57
Results of screen317's Security Check version 0.99.77
Windows 7 x64 (UAC is enabled)
[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.170
Google Chrome 31.0.1650.63
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 2%
[b][u]````````````````````End of Log``````````````````````[/b][/u]
Hey John Oh boy i've really screwed things up. i think i only 1/2 removed the genuine windows message and it won't let me do many things and i'm lost but here's the security report you wanted..i forgot to save top desk top but i know where it is is that ok? now i'm going to try and turn off defender

message edited by Robertbangay


Report •

#34
December 26, 2013 at 14:30:16
"Hey boy i've really screwed things up. i think i only 1/2 removed the genuine windows message and it won't let me do many things and i'm lost but here's the security report you wanted...oh boy"
I suspected that.

Download OTL from any of the following links and save to your Desktop.
http://itxassociates.com/OT-Tools/O...
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Too...
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/AT6bjjD.gif
http://i.imgur.com/txFkgpT.gif

message edited by Johnw


Report •

#35
December 26, 2013 at 16:26:24
Hi John i'm having a hard time figuring out the image loader
is it possible to take remote access to my laptop/

message edited by Robertbangay


Report •

#36
December 26, 2013 at 16:37:03
I'm glad you suggested that Robert, I've been thinking the same, but have never used the programs.

This is the one I see often on forums, is that alright with you?

TeamViewer
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.teamviewer.com/index.aspx
Manual
http://support.teamviewer.com/index...
http://support.teamviewer.com/index...


Report •

#37
December 26, 2013 at 16:47:08
ok...it says to give you the id #

message edited by Robertbangay


Report •

#38
December 26, 2013 at 16:49:41
i found remote access on my computer but i don't know how to use it

Report •

#39
December 26, 2013 at 16:55:11
Opp's, I was waiting to see if it was Ok with you, will download now.

Report •

#40
December 26, 2013 at 17:03:45
ok, so looks like i'm ready but i need your id |#

Report •

#41
December 26, 2013 at 17:08:44
My ID 670 587 980

Report •

#42
December 26, 2013 at 17:12:06
ok i'm on line maybe you can find gabe bangay..i'll try from my side

Report •

#43
December 26, 2013 at 17:13:32
it's calling for your password to

Report •

#44
December 26, 2013 at 17:16:09
now it says my i

message edited by Robertbangay


Report •

#45
December 26, 2013 at 17:17:06
"it's calling for your password to"
I just removed My Password

message edited by Johnw


Report •

#46
December 26, 2013 at 17:20:50
ok got it mine

message edited by Robertbangay


Report •

#47
December 27, 2013 at 01:30:04
Hi John...Sorry for frustrating you today..on the upside though i think i got most everything on the uploader under desktop and all the downloads on my desktop like you asked..again sorry for being so incompedant but i stayed with it all evening

Report •

#48
December 27, 2013 at 01:38:31
What I also learnt Robert, is I need to do it alone, probably when you are in bed.

Can't afford to have too much happening, otherwise screens are opening & closing all over the place.

message edited by Johnw


Report •

#49
December 27, 2013 at 03:39:19
I scenced that besides it's impossible to feel in control when someone that doesn't know what they are doing moving the cursor etc...So if it's alright for you , how about you choose anytime you feel comfortable and i'll make sure be be there to connect and i go out or bed etc....sorry about that...so just say the word, i will check email often. Thanks for your honest,that's why i suggest because i didn't want to make you annoyed...

Report •

#50
December 27, 2013 at 03:47:22
Ok, Robert, shall be available in about 10 hours, will let you know via a post here.

Report •

#51
December 27, 2013 at 03:57:50
Thank you John,,will do.

Report •

#52
December 27, 2013 at 13:58:29
All set to go Robert

Report •

#53
December 27, 2013 at 14:01:10
Sorry John i don't know why your message just show ed up now ready?

Report •

#54
December 27, 2013 at 14:03:41
I recently discovered this tool - after an on-line support session with QNAPs. They use it to good effect and it is now high on my list of utilities for the purpose...

http://www.teamviewer.com/en/index....


Report •

#55
December 27, 2013 at 14:03:54
id #670591921... secret word 1annacrowellbangay2
password w16jb3

message edited by Robertbangay


Report •

#56
December 27, 2013 at 14:05:41
TeamViewer Robert.

I tried yesterdays password, no go so far.


Report •

#57
December 27, 2013 at 14:12:34
i need your password please

Report •

#58
December 27, 2013 at 14:15:02
I just removed my password, have got your desktop now, shall slowly go through the comp to check it out. Want to make sure all the basics are right.

message edited by Johnw


Report •

#59
December 27, 2013 at 14:15:05
new id and password is 670591921..password w16jb3

Report •

#60
December 27, 2013 at 14:21:06
can you see me yet?

Report •

#61
December 27, 2013 at 14:38:16
"can you see me yet?"
Yes, I have your desktop, need nil mouse interaction from you please.


Report •

#62
December 27, 2013 at 15:37:55
are you all finished now John?

Report •

#63
December 27, 2013 at 15:42:17
Not yet Robert, had to do a reboot, just tried all your passwords etc, can't get back on, shall have to start again.

Report •

#64
December 27, 2013 at 15:49:23
i need your password please

Report •

#65
December 27, 2013 at 15:51:05
ok i'm all ready to go just need you to log on and your password please also if you have reboot in future password under gabe is anna ok?

Report •

#66
December 27, 2013 at 15:51:52
lets exchange email address when we log on.

16h8zp


Report •

#67
December 27, 2013 at 15:55:57
Now I need your PW

Report •

#68
December 27, 2013 at 16:02:06
w16jb3 is the password

Report •

#69
December 27, 2013 at 18:55:25
Reboot for me please Robert, won't do it from my end, was trying to do something I shouldn't whilst the Junk program was running.

Connect me up again please.


Report •

#70
December 27, 2013 at 19:03:11
i need your password please

Report •

#71
December 27, 2013 at 19:05:01
vq53n6

I need yours as well.


Report •

#72
December 27, 2013 at 19:06:55
42v9mc and well connect again

Report •

#73
December 28, 2013 at 01:53:29
As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, they make you aware what Ad-supported programs the author of the program has included, down the bottom of the page.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif
Use Unchecky to prevent these third party installs.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

Report •

#74
December 28, 2013 at 02:57:54
These are excellent advice and links, but i don't know why i'm having such a hard time choosing which download button is the correct one as i see when i put the cursor unchecky but when i click all of a sudden i'm download some converter stuff...by the way i think i've half way got rid of windows not genuine but the background of my desktop is still black so i know it wasn't fully any advice? in the meantime i will try to look it up " but not touch" John you went far beyond the call of duty and putting up with me. Maybe they should issue drivers licenses for computers and i would only be appling for beginners..but in closing i must say that between Derek and yourself and me being 53 years old when i first ever tried a computer and everything i know i either had to learn by myself or from you and you guys were invaluable to me because you are clear,accurate and very festidious and you have be great role models for me because it has caused me to want to learn the computer and do it right where as before i only typed in capitals and never paid attention..and i promise i will. If there's anything i could do for you even a donation to you and or Dereks christmas fund i have paypal. I also want to mention even though it's not usually socially accepted to say but thank you for recognizing that not only i needed help but i was an accident waiting to happen and going the extra yard and preventing me from really fudging things up...That is an uncommon trait in todays society and that's admirable.......

Report •

#75
December 28, 2013 at 03:12:58
How to download from Softpedia.
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif

message edited by Johnw


Report •

#76
December 28, 2013 at 03:18:43
Thank you very much John

Report •

Ask Question