Solved problems with failed windows 7 updates

Microsoft Winhome prem 7 sp1 64bit eng 3...
January 2, 2015 at 02:28:33
Specs: Windows 7
hiya, i keep getting notifications that updates are failing to download on my comp. there are x 4 that they consider as 'important' and x 8 that are 'optional'.

i get diff error msgs when i click on their tech help/info etc.,

one is:

MS14-085: Vulnerability in Microsoft graphics component could allow information disclosure: December 9, 2014

another is:

MS14-080: Cumulative security update for Internet Explorer: December 9, 2014
( i don't use Explorer at all, i use google chrome and firefox)

other notification/warning?:

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

it's a nightmare trying to get any tech help from Microsoft.. you have to sign in over and over and they keep asking you to verify your security info.. blah blah... which i have now done several times. it should be reset on 1/2/15.. until then.. it looks like you'd have to pay MS to get any tech help. i think i've discussed this here before?

anyway the main issue is ... i'm concerned that updates are FAILING. not sure how protected my comp is .. or if that is effected? i've done several comp scans to check for viruses etc.. nothing comes up as suspect.

any clues?

cheers
Sam


See More: problems with failed windows 7 updates

Report •

✔ Best Answer
January 9, 2015 at 05:32:47
just had a THOUGHT!!.. if i never use /don't like Internet Explorer.. can't i just delete/uninstall?? or are windows and IE chained at the hip for tech reasons? or other? it would mean that i'd wasted a crap load of time trying to sort out that one update issue. it doesn't account for the other update fails though (i assume?).

on the other hand... i've learned HEAPS! the last few days .. you guys are amazing and apparently my brain is paying attention at least part of the time.... but i hope i don't forget it and have to keep re-learning. who am i kidding that IS part of the i have a computer deal isn't it? lol

message edited by SammiJ



#1
January 2, 2015 at 06:56:12
"i don't use Explorer at all"

It doesn't matter if you use it or not, but it's a necessary Windows component that needs to be kept updated. When's the last time you actually opened IE? You need to open it for the updates to take effect. If you haven't been doing so, there's probably a log jam of IE updates that are failing to install.


Report •

#2
January 2, 2015 at 10:01:12
Yes, updates have to be installed using IE even if you use an alternative browser for everything else. This is probably the reason you are having difficulties. You should also keep IE updated (security).

If that doesn't help then try downloading them as individual files using the KB numbers. You can get them from here but you need to ensure that they are for Windows 7 and 32 or 64 bit as appropriate:
http://test.catalog.update.microsof...
If any are cab files (office products) then search for them using Google and get them from an MS site as exe files.

Maybe if you get some installed (double click the downloaded files) it will cure the issue.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#3
January 4, 2015 at 19:57:09
hi ,

i haven't opened explorer for ages. ooops. didn't know i had to do that.

when you say: 'You should also keep IE updated (security).'

does that mean i should update to Explorer 11 ?? that seems to be where some of the trouble shooting options are taking me?

message edited by SammiJ


Report •

Related Solutions

#4
January 4, 2015 at 20:06:51
getting the KB numbers from

.. well i'm a bit lost ..

Information Thank you for visiting the Microsoft Update Catalog
To use this Web site's full functionality, you must be running Microsoft Internet Explorer 6.0 or later.
To upgrade to the latest version of the browser, go to the Internet Explorer Downloads Website.
If you prefer to use a different Web browser, you can get updates from the Microsoft Download Center.

i went to both places but found it confusing. guess there's a lot to read and i get easily overwhelmed with too many options speically when it's about trouble shooting? then i get too scared to clik on anything! lol



Report •

#5
January 4, 2015 at 20:31:38
ohh i found a bunch of info on Microsoft help that i'd saved ages ago. i tried the live chat. i got redirected to call a tech help # and it said make sure yr comp is on as remote access may be required..

well i know enough to know that REMOTE ACCESS is not a good idea!'

now i remember that i had been there before. it must be dodgy site that looks like microsoft, but isn't?!


Report •

#6
January 5, 2015 at 08:06:42
A few things:

Yes, be careful of websites - they often pretend to be MS and you have no idea what bad stuff they might lumber you with.

Unless you use remote access it is best left disabled - why offer another way in if you don't need it. Similarly you are most unlikely to need Java, so you could disable it in browsers, which gives you an easy way back in the unlikely event that you need it. See Control Panel > Java > Security tab.

Yes, I do think you should have the latest IE on-board even if you hardly use it. There is a chance it will fix your issue too:
http://www.microsoft.com/en-gb/down...
I think the above website will work (I'm on Win 8 so it tells me I'm bonkers or words to that effect). From Win 7 it should offer the download - ensure it is 32 or 64 bit as applicable. Shout back if it doesn't look right.

If you are still in trouble after installing IE11 and want to try manual updates, first you go to Windows Update and collect the KB numbers against whatever it is offering. You then put each one into the search box, top right, on the website I gave in #2. It will usually then give a list, so make sure you select the ones for Win 7 (32 or 64 bit as applicable) and it will put them in a basket to download in one go. Alternatively you might find it easier to download them one at a time. Double click each saved file to install them. Don't be blinded by science - it is very easy, just a lot of words to explain it.

If anything is not clear pop back.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#7
January 5, 2015 at 09:28:35
Please note that if you run a Windows update manually, if/when it fails, there will be a link to click on to find/fix the issue. The first two or three options are so obvious that you have already tried them but keep at it. At some point, probably the 5th or 6th, there will be an option to download a fix for Windows Update itself. Once you get that one, you are home free... Just install it and restart as required and you should be fixed. I had this issue quite a while ago on one machine and this solved it.
I also agree that you should keep IE up to date for security reasons even if you never use it. Note that Windows Update does use it and that may be some or most of your issue.

You have to be a little bit crazy to keep you from going insane.


Report •

#8
January 7, 2015 at 01:00:26
thanks, a few options there. i tried to download EI 11 but it said i already had a latest version on my comp?
right now i'm trying the find/fix option.

also i gave my product ID number to the tech help scammers.. arrggh feeling pretty stupid right about now

back soon


Report •

#9
January 7, 2015 at 01:14:37
also i thought my remote access setting was disabled.. it wasn't! i've changed it now.

just doing fix it thing for the second time. so far it hasn't fixed it.


Report •

#10
January 7, 2015 at 01:19:59
i have downloaded the fix it for Win update thing. i've run it a few times now. i never know if it's worked until i restart the comp. feel like i'm going round in circles. will go back and read other suggestions here for sorting otu the prob.

Report •

#11
January 7, 2015 at 01:24:03
p.s. i noticed windows trying to update java but i can't find any java script on my comp, i did a search, it came up 0. but i noticed there are java in a few files and sites i visited. i think firefox uses java. tried to check that.. can't find it, not sure where to look

message edited by SammiJ


Report •

#12
January 7, 2015 at 01:36:08
ok so now i've tried

'Windows Update and collect the KB numbers against whatever it is offering. You then put each one into the search box, top right, on the website I gave in #2. It will usually then give a list, so make sure you select the ones for Win 7 (32 or 64 bit as applicable) and it will put them in a basket to download...'

can't see any basket only some options like twitter and yahoo and bing and ebay and stuff like that...???


Report •

#13
January 7, 2015 at 01:46:32
ok so i've ended up here: http://www.microsoft.com/security/p...

which doesn't tell me anything i don't know about setting updates schedules.

but there's a further option ....

Download and run the Windows Upgrade Assistant (link) ... it takes me to a (binary) file for Win 8 upgrades assist .exe and asks if i want to save the file

? i have Win7 ??

haven't downloaded it. there are many links and options on the first link above.. too many to read in fact.. some would lead to MS tech help which will probably require me to pay for their help.

hmmn.. dizzy. might take a break and see if i can focus on the prob again later. meanwhile i'll run find/fix one more time.


Report •

#14
January 7, 2015 at 02:50:41
None of what you've said is anything like what I had in mind. The link in #2 should have come up with "Microsoft Update Catalog" - screen with a blue background. It does from here in the UK. Try this link instead (I've attempted to kid Google I'm from the USA and it found a different link to the MS Catalog website):
http://catalog.update.microsoft.com...

Hope it now works for you.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#15
January 7, 2015 at 19:59:06
As far as Java is concerned, you can go into your browser Tools>Add Ons (Firefox, others probably similar) and if you see Java there you can either disable it or select for the browser to ask you first. As an alternative, you can go to Control Panel>Programs and uninstall Java there.
IF you need Java, it needs to be kept up to date to improve security.
The 'Ask me' option is not too bad if you sometimes need it.
It is not as important to have Java as it once was so many no longer keep it.
It has been linked to security issues.

You have to be a little bit crazy to keep you from going insane.


Report •

#16
January 8, 2015 at 03:59:49
Hi Derek,

thanks for the links.. from here (Australia) they both lead to exactly the same page. with the same options. i think where i got lost is:

'If any are cab files (office products) then search for them using Google and get them from an MS site as exe files'

and this bit ..

'try downloading them as individual files using the KB numbers.'

ok so i think part of the prob with that last one was that i wasn't searching or downloading them from IE.. i had firefox open.

just tried to download some of the KB numbers but the IE search thing said this upgrade is not applicable for you computer.

i might try another way, but is that what you meant by downloading them as and .exe ??


Report •

#17
January 8, 2015 at 04:38:12
AHHHUHHH!!

hey Derek, .. i finally found the updates and the basket.. and managed to search and find the KB numbers and individually download them. need to restart comp now and see if it worked! fingers crossed.


Report •

#18
January 8, 2015 at 04:39:31
Fingers i did do a search last nite for JAVA in the Control Panel>Programs but it wasn't there. gonna check out the firefox settings.

thanks


Report •

#19
January 8, 2015 at 06:44:38
hi, firstly thanks for helping out and being sooo patient :)

progress(?) report:

there appear to be no java add-ons or extensions in firefox. (though i do notice on the start up configurations it always stops at JAVA for a while.. then continues, till windows o/s is fully open?? i think that's what i'm looking at?

i am now officially extremely sick of doing restarts!

---------------------------------------------------------------------------
i have manually downloaded and then installed from the downloaded KB# files --- updates. There were x4 'important' updates, one of them said it was not applicable to this computer. the others said successfully installed but ...at restart windows updates thing went right back to FAILED :(

there are also x 5 optional updates avail. i don't think they worked either.

----------------------------------------------------------------------------------------

>>>>..in the update history these were successful ... >>>>>


Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.1786.0)

Installation date: ‎8/‎01/‎2015 10:44 PM

Installation status: SUCCESSFUL

Update type: Optional

Install this update to revise the definition files that are used to detect viruses, spyware, and other potentially unwanted software. Once you have installed this item, it cannot be removed.


-----------------------------------------------------------------------

>>>>..the ones that FAILED:>>>>>


Update for Windows 7 for x64-based Systems (KB2952664)

Installation date: ‎9/‎01/‎2015 12:51 AM

Installation status: Failed


Error details: Code 80070005

Update type: Recommended

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

------------------------------------------------------------------


Security Update for Windows 7 for x64-based Systems (KB3013126)

Installation date: ‎9/‎01/‎2015 12:51 AM

Installation status: Failed

Error details: Code 80070005

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.


-----------------------------------------------------------------------

Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3008923)

Installation date: ‎9/‎01/‎2015 12:51 AM

Installation status: Failed

Error details: Code 80070005

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

-----------------------------------------------------------------


Microsoft Silverlight (KB2977218)

Installation date: ‎9/‎01/‎2015 12:40 AM

Installation status: Failed

Error details: Code 643

Update type: Optional

Microsoft Silverlight is a Web browser plug-in for Windows and Mac OS X that delivers high quality video/audio, animation, and richer Website experiences in popular Web browsers.

--------------------------------------------------------------------------------


Update for Windows (KB3014406)

Installation date: ‎9/‎01/‎2015 12:08 AM

Installation status: Failed

Error details: Code 80070005

Update type: Important

Fix for KB3014406


--------------------------------------------------------------------------------

Update for Windows (KB2952664)

Installation date: ‎9/‎01/‎2015 12:03 AM

Installation status: Failed

Error details: Code 80070005

Update type: Important

Fix for KB2952664

--------------------------------------------------------------------------------

Security Update for Windows (KB3008923)

Installation date: ‎8/‎01/‎2015 11:58 PM

Installation status: Failed

Error details: Code 80070005

Update type: Important

Fix for KB3008923

--------------------------------------------------------------------------------

I'm exhausted. there's another 'odd' thing going on: when the comp starts up.. this box appears with:
'Acrobat Distiller unable to create the temp folder. Error: 5. Access Denied.

i've searched for Acrobat Distiller and found version 9, where the error window pops up again. i've run compatibility checks on the Adobe programs, i just found an option to do that with Acrobat Distiller 9. so will try that?!! not sure about the 'use previous versions' option.


is there any point to doing a restore point thing on the whole hard drive? turning the clock back etc? i have done lots of scans for viruses and bugs etc.. and found nothing.

:(

message edited by SammiJ


Report •

#20
January 8, 2015 at 09:03:44
Sorry, I'm short of time right now so have only time for a few quick comments.

Is Adobe Distiller something you purchased for a specific purpose? Most folk just use Adobe Reader. Not that I'm suggesting it should affect Windows update in any way.

If you still can't get normal updates from IE then sure, Windows System Restore might fix it if you know when this problem came along and can go back to just before that time. This, of-course, is quite different to Factory Restore when you lose all your own stuff - something best avoided unless essential.

You should be able to get to System Restore by just typing it in search - but you probably already know this,

I shall definitely be back when I have time to delve deeper into your recent findings. Maybe someone else will assist in the meantime.

Always pop back and let us know the outcome - thanks


Report •

#21
January 8, 2015 at 17:35:45
Only back briefly as it's well past 1.00 am here in the UK.

In your original post you said:
"i keep getting notifications that updates are failing to download on my comp"
What we need is exactly what it says on the screen to tell you that. That will confirm that it is a downloading issue rather than an installing issue. Pending that info, this general discussion might be of interest:
http://answers.microsoft.com/en-us/...

For info, what you mentioned (tech help info) is just the nature of the updates, which are not error messages.

I realise you have done some virus checking but if you didn't try MalwareBytes then it would be interesting to know if it finds anything. This often finds what AV's and other programs miss. See free version, green button top right:
http://filehippo.com/download_malwa...

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#22
January 8, 2015 at 19:29:36
hi Derek,

exactly what it says firstly ...is


'Preparing to install Windows updates. Creating a restore point.
(1... of 4)'

then asks to restart.

when restarting it says:

'Applying updates. Preparing to configure Windows'

then it says:

'Windows could not install important updates'

'Failure configuring Windows updates. Reverting changes.'


message edited by SammiJ


Report •

#23
January 8, 2015 at 19:40:35
ok so last nite i was basically up ALL nite.. trying to trouble shoot the issues (actually i learned a lot from you guys and from my explorations into the great computer unknown)

i ended up doing all kinds of AVG scans and cleanses etc..

AVG PC Tune up .. which took ages... like hours and hours.. and focused on root directories i think and registry and other stuff which now i'm too tired to remember.

Windows security scans found all these 'issues' and supposedly fixed them?

the Acrobat distiller folder error has stopped appearing. i don't remember installing it at all.. maybe it came with other Acrobat/Adobe stuff?


btw now AVG Tune Up icon won't go away. have to uninstall it manually.


Report •

#24
January 8, 2015 at 19:42:06
it was approx a month ago that the update failures started happening.

Report •

#25
January 8, 2015 at 19:42:47
Aha, then it looks like it's the install that is the issue rather than the downloading - very useful info.

Gotta get to bed before the sun rises (night owl LOL). Will be back tomorrow. In the meantime run through this lot:
http://www.thewindowsclub.com/failu...

Did anything show with MalwareBytes?

Nite

Always pop back and let us know the outcome - thanks


Report •

#26
January 8, 2015 at 19:48:42
ohhh i just remembered.. some of these probs started happening around the time i installed and started using torrent. i have uninstalled it now.

message edited by SammiJ


Report •

#27
January 8, 2015 at 19:50:02
i had noticed VLC player behaving strangely at one point.. but then it seemed ok.. so wasn't sure if it was serious. do you think these things may be linked to the updates failures?

uninstalled VLC last nite.. though i want to download it again as it's a good thing for watching videos and music etc..

message edited by SammiJ


Report •

#28
January 8, 2015 at 20:02:17
thanks Derek, oh sorry i thought i did say it was the updates not installing.. maybe i said downloading.. oops i get the terminology mixed up.

i am looking at the Malwarebytes page, but haven't downloaded it yet.

get some sleep!


Report •

#29
January 8, 2015 at 20:53:18
i just tried downloading the malewarebytes it says it's downloading but i can't see it anywhere on my comp. not in the downloads folder. something was 'not allowing' the firefox, clicked allow a couple of times, no go. will check out the windows club (is lunch included? lol)

Report •

#30
January 8, 2015 at 20:54:44
p.s. what about the button (in BLUE) at the top of this page for removing malware free?

Report •

#31
January 8, 2015 at 22:23:06
ok so .. so many things i've tried. with the Windows club it was firstly giving lots of into about Windows 8 ..then i found relevant looking(?) links and instructions.. for Win7 first one: clean up temp files and cache etc.. i did that. nothing changed. though i wasn't sure if i should delete all the things that were ticked. including the recently downloaded the Update catalogue thingie.. (though my brain is scrambling so i may have that wrong... can't even see it now, though i un-ticked it before doing the disk cleanup. ??

friend just suggested that if the prob can't be fixed (after trying just about everything that i may have to reinstall the operating system.. which is totally freaking me out as i don't want to lose any of my data/files stuff.. i'm an artist and musician and i have HEAPS of art files.. which have taken me years to do.. as i have large online digital art galleries which i need to maintain from my art files... and photos galore.

i do back ups to external drives, but haven't done one for a while (been sick).. just doing and emergency back up now and fingers crossed stuff from my comp won't infect that!!!??

btw i did a system RESTORE but it only allowed me to go back as far as late Dec.. as far as i can tell the probs with updates not installing correctly started prior to that.. around the 11th dec. anyway the restore didn't change the prob.. updates still not working. same old error msg. if that makes sense???

right now i'm scanning my External hard drive for bugs. before doing the backup. wondering if i should do yet ANOTHER computer scan.. blah blah... this is getting really really really frustrating! there were so many options on the windows club site.. i got tired trying to follow the billions of instructions.. maybe will have a re-look at it later.

:(

message edited by SammiJ


Report •

#32
January 8, 2015 at 22:24:11
btw firefox PREVENTS this page from automatically redirecting to another page... every time i come here?? i click ALLOW but i have no idea if that's a good idea.. or not? i may have changed the security setting when i was trying find JAVA

message edited by SammiJ


Report •

#33
January 8, 2015 at 22:29:53
avg scan of E drive said it found 1 threat.. .. a virus was found! ...? the more info.. view details took me here:

http://www.avgthreatlabs.com/virus-...

AVG said i can remove the selected item which i did, now it says it's SECURE ??

Though it looks like it might be a ploy to get you to upgrade AVG to PREMIUM:

'BAT/Crypt : AVG detects this highly active Virus and its 2 known variants.'

---------------------
i haven't scanned it with the windows security thing (sorry i keep forgetting what some things are called).


message edited by SammiJ


Report •

#34
January 8, 2015 at 22:31:03

i scanning a diff external back drive .. it doesn't detect any infected or virus things. (i scanned it with both Windows scan and also AVG)

message edited by SammiJ


Report •

#35
January 9, 2015 at 05:32:47
✔ Best Answer
just had a THOUGHT!!.. if i never use /don't like Internet Explorer.. can't i just delete/uninstall?? or are windows and IE chained at the hip for tech reasons? or other? it would mean that i'd wasted a crap load of time trying to sort out that one update issue. it doesn't account for the other update fails though (i assume?).

on the other hand... i've learned HEAPS! the last few days .. you guys are amazing and apparently my brain is paying attention at least part of the time.... but i hope i don't forget it and have to keep re-learning. who am i kidding that IS part of the i have a computer deal isn't it? lol

message edited by SammiJ


Report •

#36
January 9, 2015 at 08:07:53
You should keep IE installed because it is the only browser that MS uses for updates (as per responses #1 & #2). You don't have to use it for anything else. It is indeed well mangled into Windows.

If that is the genuine AVG it does not give false information in order to push you towards their paid version. Only bogus ones do that.

What started as an update issue now seems to be many issues and from what you have said recently viruses or malware seem almost a certainty. It is not unusual for these nasties to prevent the install of MalwareBytes and similar programs.

Just for now, download and "Save" this file (if you can) which attacks different areas - blue download icon near top:
http://www.bleepingcomputer.com/dow...
You then double click the saved file and run the Scan. Please copy/paste the log on here.

In the meantime if you want to avoid factory restore then you need specialist malware/virus cleaning activity. I can ask a Johnw to come in on this if he is available. This area is his prime expertise but you will probably have to "to and fro" on a number of programs and tricks in order to trap this infection and to properly clean this computer. Let me know if you wish to take this recommendation. John (also from Australia - Perth) has done this successfully many times on here.

EDIT:
I've alerted John anyway so that we can quickly get the ball rolling if required - hope that's OK. I feel that if we don't start sorting this the infection could spread, which can only add more difficulties.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#37
January 9, 2015 at 15:22:23
Thanks Derek for the PM, shall now wait for the contents of the log.

Report •

#38
January 9, 2015 at 15:52:46
As I was reading down the latest comments, I was getting to the same conclusion as Derek but since JohnW is now here, I will leave it all to him. Just follow each step carefully, if you are tired, come back to it when you are fresh and have the time.

You have to be a little bit crazy to keep you from going insane.


Report •

#39
January 10, 2015 at 00:16:27
hi Derek and Fingers,

thanks for your help (once again)! i am now running the Adw Cleaner (from the link you provided). back soon.
cheers


Report •

#40
January 10, 2015 at 00:17:23
btw i had to do that in google Chrome as Firefox keeps blocking pages (including this one).

Report •

#41
January 10, 2015 at 00:21:18
ok here's the report log... (a note: the program is asking me to uncheck elements you don't want to remove. ie:
folders, files, shortcuts, scheduled tasks, registry, IE, FireF, Chrome.

??

also my comp crashed earlier (rare). but i was doing several tasks at once.. .


# AdwCleaner v4.107 - Report created 10/01/2015 at 19:14:05
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sam - SAM-PC
# Running from : C:\Users\Sam\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\1rgyb8j3.default\user.js
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\Program Files (x86)\tuguu sl
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Sam\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\tuguu sl
Key Found : [x64] HKCU\Software\tuguu sl
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [2319 octets] - [10/01/2015 19:14:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2379 octets] ##########


Report •

#42
January 10, 2015 at 00:25:14
it says: Pending.

i'm not sure if i'm supposed to click on CLEAN and/or UNINSTALL ??


Report •

#43
January 10, 2015 at 00:28:28
p.s. hi Johnw ;)

Report •

#44
January 10, 2015 at 00:33:55
ummm... i just checked FireF and i had ticked the Block Pop Up Windows.
i checked the Exceptions tab and there were 2 things which looked like other sites linked to either marketing spammers from facebook or stuff that maybe gets through yahoo mail now that they have introduced 'permanently rolling' adds at the top of your inbox, which you cannot get rid of unless you pay them to 'not' have the ads. (insert swearing)!

i entered this site into the exceptions.. however FireF is still asking me whether to allow?

message edited by SammiJ


Report •

#45
January 10, 2015 at 01:01:29
G'day SammiJ.

I shall deal with this side of things, lets get you clean before doing anything else.

"i'm not sure if i'm supposed to click on CLEAN and/or UNINSTALL ??"

Click Clean & post a new log please.

message edited by Johnw


Report •

#46
January 10, 2015 at 01:22:52
ok after CLEAN and reboot...here's the log:

# AdwCleaner v4.107 - Report created 10/01/2015 at 20:16:05
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sam - SAM-PC
# Running from : C:\Users\Sam\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\tuguu sl
Folder Deleted : C:\Users\Sam\AppData\Roaming\NCH Software
File Deleted : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\1rgyb8j3.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\tuguu sl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [2483 octets] - [10/01/2015 19:14:05]
AdwCleaner[R1].txt - [2543 octets] - [10/01/2015 20:11:13]
AdwCleaner[S0].txt - [2446 octets] - [10/01/2015 20:16:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2506 octets] ##########


Report •

#47
January 10, 2015 at 01:27:06
Ok, we are on the right track.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#48
January 10, 2015 at 01:31:44
ok thanks Jonh, i h ope i can follow all those instructions.. there's a lot. i'll do my best.

do i clik on all these links?

tep 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...


Report •

#49
January 10, 2015 at 01:39:20
Take your pick, links are like us, they die, just use the one you find easiest.

Report •

#50
January 10, 2015 at 01:39:48
should i also disable the windows security things?

Report •

#51
January 10, 2015 at 01:42:43
No need for this one.

Report •

#52
January 10, 2015 at 01:53:20
ok i tried softpedia which scared the crap out of me (feeling a little overhwelmed).. i can't see if it's downloaded or where.'

i will try the next link in your list


Report •

#53
January 10, 2015 at 01:55:53
ohh i keep forgetting downloading from sites isn't working in FireF.. doing it in google chrome is working. back soon (i hope)

Report •

#54
January 10, 2015 at 01:57:52
i have disabled AVG but not sure about Windows firewall.. i can see that it's ON.. but cna't see a way to disable it. do i need to?

Report •

#55
January 10, 2015 at 02:02:07
not exactly sure whether i have anti spyware real time protection. is it part of AVG?

Report •

#56
January 10, 2015 at 02:09:29
Yaay..i did it! ..and i didn't die :)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sam on Sat 10/01/2015 at 21:04:57.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1062782309-1659453800-475143970-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Sam\AppData\Roaming\mozilla\firefox\profiles\1rgyb8j3.default\minidumps [199 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/01/2015 at 21:07:40.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message edited by SammiJ


Report •

#57
January 10, 2015 at 02:10:59
Step 3: Please download Rkill from any one of these links and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your reply.
http://www.bleepingcomputer.com/dow...
Double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Step 4: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#58
January 10, 2015 at 02:16:22
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 01/10/2015 09:14:48 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Program Files\avgwdsvc.exe (PID: 1624) [P-HEUR]
* C:\Program Files\avgui.exe (PID: 3356) [P-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com

Program finished at: 01/10/2015 09:15:27 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)


Report •

#59
January 10, 2015 at 02:28:00
oops, i'm up to roguekiller action/scan..but i forgot to run it as administrator. should i cancel or do it again?

Report •

#60
January 10, 2015 at 02:30:50
this one looked diff and then said after delete that some things were unchecked or ticked.. but i'd already run the scan and deleted? something?

RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sam [Administrator]
Mode : Delete -- Date : 01/10/2015 21:28:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Avgfwfd (system32\DRIVERS\avgfwd6a.sys) -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 14 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] e53d8cc8760ea1f3bf397462f239839e
[BSP] 60ed549d5bc79b80958989527f8fb412 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_01102015_212802.log


Report •

#61
January 10, 2015 at 02:33:23
ok i've re-enabled AVG stuff..

Report •

#62
January 10, 2015 at 02:39:44
should i reboot. or check on those pesky windows updates? btw the little icon that had been appearing constantly telling me to update isn't showing for now.

Report •

#63
January 10, 2015 at 03:17:34
Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif


Report •

#64
January 10, 2015 at 03:53:34
lotsa things found.. i didn't get to click Apply Actions, i just clicked on Quarantine and it did it's task anyway?. here's the log:


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/01/2015
Scan Time: 10:37:43 PM
Logfile: anti malware log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.10
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341041
Time Elapsed: 7 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],

Files: 38
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\playlist.vpl, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\config.ini, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_193.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_199.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_200.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_201.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_204.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_219.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_221.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_224.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_268.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_28.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_34.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_37.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_49.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_57.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_86.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_99.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_103.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_11.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_120.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_121.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_122.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_123.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_124.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_125.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_126.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_127.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_136.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_137.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_140.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_141.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_149.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_150.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_160.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_165.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_181.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],
PUP.Optional.VPLMedia.A, C:\Users\Sam\AppData\Roaming\player\images\channel_ld_191.png, Quarantined, [80189a5aee9b76c0a9f7eed329db619f],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#65
January 10, 2015 at 04:03:40
phew! that was a trip.. i don't think i missed any steps.. hope not

thank you Johnw!!


what does it all mean? what is

AppData\Roaming\player\images\ ?

PUP.Optional.VPLMedia.A, ?


Report •

#66
January 10, 2015 at 04:05:48
Things are going well, it will take me quite a while to go through the Farbar log, so don't hang around for me, shall get back ASAP.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#67
January 10, 2015 at 04:21:27
holey moley i thought i was done. lol.. ok more work to do.. will try and do it right.... i can't believe i have done all this!! way out of my depth.. thanks Johnw. i am very thankful for your help.

cheers
Sammi


Report •

#68
January 10, 2015 at 04:32:43
FRST.txt

http://www52.zippyshare.com/v/99852...


Report •

#69
January 10, 2015 at 04:35:45
ADDITION.txt

http://www28.zippyshare.com/v/95763...


Report •

#70
January 10, 2015 at 06:25:13
"what does it all mean? what is
AppData\Roaming\player\images\ ?
PUP.Optional.VPLMedia.A, ?"
All stuff you shouldn't have on your comp.

"way out of my depth"
Well done.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1062782309-1659453800-475143970-1000\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1062782309-1659453800-475143970-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Profile 1 -> hxxp://www.google.com
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed]
U4 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
C:\Users\Sam\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Sam\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Sam\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Sam\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Sam\AppData\Local\Temp\Quarantine.exe
C:\Users\Sam\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Sam\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Sam\AppData\Local\Temp\sqlite3.dll
C:\Users\Sam\AppData\Local\Temp\utt171.tmp.exe
C:\Users\Sam\AppData\Local\Temp\utt172F.tmp.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#71
January 10, 2015 at 19:07:15
hi Johnw,

ok cool, i've done that.. and FRST didn't need to restart until it had finished it's task.

here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Sam at 2015-01-11 13:59:28 Run:1
Running from C:\Users\Sam\Desktop
Loaded Profile: Sam (Available profiles: Sam)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1062782309-1659453800-475143970-1000\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1062782309-1659453800-475143970-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Profile 1 -> hxxp://www.google.com
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed]
U4 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
C:\Users\Sam\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Sam\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Sam\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Sam\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Sam\AppData\Local\Temp\Quarantine.exe
C:\Users\Sam\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Sam\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Sam\AppData\Local\Temp\sqlite3.dll
C:\Users\Sam\AppData\Local\Temp\utt171.tmp.exe
C:\Users\Sam\AppData\Local\Temp\utt172F.tmp.exe
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1062782309-1659453800-475143970-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKU\S-1-5-21-1062782309-1659453800-475143970-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
NIHardwareService => Service deleted successfully.
Avgfwfd => Error deleting Service
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
C:\Users\Sam\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\utt171.tmp.exe => Moved successfully.
C:\Users\Sam\AppData\Local\Temp\utt172F.tmp.exe => Moved successfully.
EmptyTemp: => Removed 48.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 14:00:04 ====


Report •

#72
January 10, 2015 at 19:12:19
"EmptyTemp: => Removed 48.5 GB temporary data"
That is way, way to much, shall deal with that later.

Please Copy and Paste ALL instructions into a text file & print them. If a printer is not available, write them down. Tick or cross off each step as you do it.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

message edited by Johnw


Report •

#73
January 10, 2015 at 19:22:50
Just in case you have already done the above post, note I have edited it.

Report •

#74
January 10, 2015 at 20:33:09
no, i'm still reading it and trying to take it all in. copying text to win doc. printer out of ink.
cheers will check back soon (i hope)

Report •

#75
January 10, 2015 at 21:19:12
Johnw i am not sure if i was supposed to manually install or add Microsoft Windows Recovery Console or if it was already included with ComboFix?

combofix ran and here's the log. pls let me know if i have done someting wrong or missed a step? i'll re-read the instructions for using combofix.

here's the log:


ComboFix 15-01-08.01 - Sam 11/01/2015 16:04:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8054.6342 [GMT 11:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sam\025.jpg
.
.
((((((((((((((((((((((((( Files Created from 2014-12-11 to 2015-01-11 )))))))))))))))))))))))))))))))
.
.
2015-01-11 05:08 . 2015-01-11 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-11 02:33 . 2014-09-17 12:55 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26063560-E7BA-4BA1-9EEF-4E13E085AD23}\gapaengine.dll
2015-01-11 02:33 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96123518-E208-483A-9531-ECF986986C36}\mpengine.dll
2015-01-10 12:25 . 2015-01-11 03:00 -------- d-----w- C:\FRST
2015-01-10 11:34 . 2015-01-10 11:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-10 11:34 . 2015-01-10 11:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-10 11:34 . 2015-01-10 11:34 -------- d-----w- c:\programdata\Malwarebytes
2015-01-10 11:34 . 2014-11-20 19:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-10 11:34 . 2014-11-20 19:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-10 11:34 . 2014-11-20 19:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-10 10:23 . 2015-01-10 10:23 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-10 10:23 . 2015-01-10 10:23 -------- d-----w- c:\programdata\RogueKiller
2015-01-10 10:04 . 2015-01-10 10:04 -------- d-----w- c:\windows\ERUNT
2015-01-10 08:14 . 2015-01-10 09:16 -------- d-----w- C:\AdwCleaner
2015-01-09 15:36 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-08 15:54 . 2015-01-08 15:55 -------- d-----w- c:\program files\banners
2015-01-08 15:18 . 2015-01-08 15:18 -------- d-----w- c:\users\Sam\AppData\Roaming\AVG
2015-01-08 15:17 . 2015-01-08 15:17 -------- d-----w- c:\program files (x86)\AVG
2015-01-08 15:15 . 2015-01-08 15:15 -------- d-----w- c:\users\Sam\AppData\Local\Avg
2015-01-08 13:29 . 2015-01-08 13:29 320528 ----a-w- c:\program files\avgndisa.exe
2015-01-07 09:53 . 2015-01-08 11:28 -------- d-----w- c:\users\Sam\AppData\Local\ElevatedDiagnostics
2015-01-07 02:42 . 2015-01-07 02:42 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2015-01-07 02:39 . 2015-01-07 02:39 62992 ----a-w- c:\program files\avguirux.exe
2015-01-07 02:39 . 2015-01-07 02:39 6134048 ----a-w- c:\program files\avgmfapx.exe
2015-01-07 02:39 . 2015-01-07 02:39 521232 ----a-w- c:\program files\avgmfarx.dll
2015-01-07 02:39 . 2015-01-07 02:39 3066896 ----a-w- c:\program files\avgupdx.dll
2015-01-07 02:39 . 2015-01-07 02:39 16912 ----a-w- c:\program files\avgrdtesta.exe
2015-01-07 02:39 . 2015-01-07 02:39 15888 ----a-w- c:\program files\avgrdtestx.exe
2015-01-05 03:11 . 2015-01-05 03:11 -------- d-sh--w- c:\users\Sam\AppData\Local\EmieBrowserModeList
2015-01-05 02:49 . 2015-01-05 02:49 -------- d-----w- c:\program files\Intel
2015-01-05 02:46 . 2015-01-05 02:46 -------- d-----w- c:\program files\Microsoft Silverlight
2014-12-27 15:23 . 2015-01-08 15:23 -------- d-----w- c:\programdata\AVG
2014-12-17 22:56 . 2014-12-17 22:56 962576 ----a-w- c:\program files\avgoutlooka.dll
2014-12-17 22:55 . 2014-12-17 22:55 2822672 ----a-w- c:\program files\avguiadva.dll
2014-12-17 22:54 . 2014-12-17 22:54 3907088 ----a-w- c:\program files\avgkrnlapia.dll
2014-12-17 22:54 . 2014-12-17 22:54 2764376 ----a-w- c:\program files\avgwd.dll
2014-12-17 22:54 . 2014-12-17 22:54 3432976 ----a-w- c:\program files\avgidsagent.exe
2014-12-17 22:54 . 2014-12-17 22:54 2267664 ----a-w- c:\program files\avguiadvx.dll
2014-12-17 22:53 . 2014-12-17 22:53 814608 ----a-w- c:\program files\avgoutlookx.dll
2014-12-17 22:52 . 2014-12-17 22:52 3091984 ----a-w- c:\program files\avgkrnlapix.dll
2014-12-17 22:51 . 2014-12-17 22:51 864784 ----a-w- c:\program files\avgsecapix.dll
2014-12-17 22:51 . 2014-12-17 22:51 1528848 ----a-w- c:\program files\avgceix.dll
2014-12-17 22:51 . 2014-12-17 22:51 3667472 ----a-w- c:\program files\avgui.exe
2014-12-17 22:51 . 2014-12-17 22:51 310800 ----a-w- c:\program files\avgqconvertx.dll
2014-12-17 22:51 . 2014-12-17 22:51 2916368 ----a-w- c:\program files\avgdiagex.exe
2014-12-17 22:51 . 2014-12-17 22:51 369680 ----a-w- c:\program files\avgdecider.dll
2014-12-17 22:51 . 2014-12-17 22:51 986640 ----a-w- c:\program files\avgsecapia.dll
2014-12-17 22:50 . 2014-12-17 22:50 795152 ----a-w- c:\program files\avgpostinstx.dll
2014-12-17 22:50 . 2014-12-17 22:50 890896 ----a-w- c:\program files\avgremovalx.dll
2014-12-17 22:50 . 2014-12-17 22:50 531984 ----a-w- c:\program files\avgsched.dll
2014-12-17 22:50 . 2014-12-17 22:50 1305104 ----a-w- c:\program files\avgcfga.dll
2014-12-17 22:49 . 2014-12-17 22:49 2661392 ----a-w- c:\program files\avgduix.dll
2014-12-17 22:49 . 2014-12-17 22:49 1264144 ----a-w- c:\program files\avgutilx.dll
2014-12-17 22:49 . 2014-12-17 22:49 498704 ----a-w- c:\program files\avgxpl.dll
2014-12-17 22:49 . 2014-12-17 22:49 152592 ----a-w- c:\program files\avgfilevaultx.dll
2014-12-17 22:48 . 2014-12-17 22:48 346128 ----a-w- c:\program files\avgidpsdkx.dll
2014-12-17 22:48 . 2014-12-17 22:48 611344 ----a-w- c:\program files\avgxpla.dll
2014-12-17 22:48 . 2014-12-17 22:48 1291280 ----a-w- c:\program files\avgnsa.exe
2014-12-17 22:48 . 2014-12-17 22:48 593424 ----a-w- c:\program files\avgnetclia.dll
2014-12-17 22:48 . 2014-12-17 22:48 779280 ----a-w- c:\program files\avgemca.exe
2014-12-17 22:47 . 2014-12-17 22:47 1021456 ----a-w- c:\program files\avgcfgx.dll
2014-12-17 22:47 . 2014-12-17 22:47 708112 ----a-w- c:\program files\avgdumpx.exe
2014-12-17 22:47 . 2014-12-17 22:47 391792 ----a-w- c:\program files\avgwsc.exe
2014-12-17 22:47 . 2014-12-17 22:47 394256 ----a-w- c:\program files\avgsea.dll
2014-12-17 22:47 . 2014-12-17 22:47 1083920 ----a-w- c:\program files\avgremovala.dll
2014-12-17 22:47 . 2014-12-17 22:47 693776 ----a-w- c:\program files\avgrkta.dll
2014-12-17 22:47 . 2014-12-17 22:47 240656 ----a-w- c:\program files\avgidpmx.dll
2014-12-17 22:46 . 2014-12-17 22:46 187408 ----a-w- c:\program files\avglnga.dll
2014-12-17 22:46 . 2014-12-17 22:46 336400 ----a-w- c:\program files\avgse.dll
2014-12-17 22:46 . 2014-12-17 22:46 584208 ----a-w- c:\program files\avgcsla.dll
2014-12-17 22:46 . 2014-12-17 22:46 243216 ----a-w- c:\program files\avgcmgr.exe
2014-12-17 22:46 . 2014-12-17 22:46 160784 ----a-w- c:\program files\avgshredx.dll
2014-12-17 22:46 . 2014-12-17 22:46 324112 ----a-w- c:\program files\avgadvisorx.dll
2014-12-17 22:44 . 2014-12-17 22:44 221712 ----a-w- c:\program files\avgopensslx.dll
2014-12-17 22:44 . 2014-12-17 22:44 1569296 ----a-w- c:\program files\avgutila.dll
2014-12-17 22:44 . 2014-12-17 22:44 704528 ----a-w- c:\program files\avgntdumpx.exe
2014-12-17 22:44 . 2014-12-17 22:44 584720 ----a-w- c:\program files\avgcclia.dll
2014-12-17 22:44 . 2014-12-17 22:44 668688 ----a-w- c:\program files\avgchjwa.dll
2014-12-17 22:44 . 2014-12-17 22:44 1092112 ----a-w- c:\program files\avgrsa.exe
2014-12-17 22:44 . 2014-12-17 22:44 691216 ----a-w- c:\program files\avgcsrvx.exe
2014-12-17 22:44 . 2014-12-17 22:44 259088 ----a-w- c:\program files\avgopenssla.dll
2014-12-17 22:44 . 2014-12-17 22:44 446480 ----a-w- c:\program files\avgclita.dll
2014-12-17 22:43 . 2014-12-17 22:43 580624 ----a-w- c:\program files\avgcmla.dll
2014-12-17 22:43 . 2014-12-17 22:43 406032 ----a-w- c:\program files\avgloga.dll
2014-12-17 22:43 . 2014-12-17 22:43 155664 ----a-w- c:\program files\avgpsica.dll
2014-12-17 22:43 . 2014-12-17 22:43 369680 ----a-w- c:\program files\avgcerta.dll
2014-12-17 22:43 . 2014-12-17 22:43 307728 ----a-w- c:\program files\avgdetallocatorx.dll
2014-12-17 22:43 . 2014-12-17 22:43 34320 ----a-w- c:\program files\winamapix.dll
2014-12-17 22:43 . 2014-12-17 22:43 765456 ----a-w- c:\program files\avgntsqlitea.dll
2014-12-17 22:43 . 2014-12-17 22:43 234512 ----a-w- c:\program files\avgchcla.dll
2014-12-17 22:43 . 2014-12-17 22:43 851472 ----a-w- c:\program files\avgcsrva.exe
2014-12-17 22:43 . 2014-12-17 22:43 287248 ----a-w- c:\program files\avgcertx.dll
2014-12-17 22:43 . 2014-12-17 22:43 494608 ----a-w- c:\program files\avgcmlx.dll
2014-12-17 22:42 . 2014-12-17 22:42 374288 ----a-w- c:\program files\avgdetallocatora.dll
2014-12-17 22:42 . 2014-12-17 22:42 465936 ----a-w- c:\program files\avgcclix.dll
2014-12-17 22:42 . 2014-12-17 22:42 25616 ----a-w- c:\program files\avgapps.dll
2014-12-17 22:42 . 2014-12-17 22:42 150544 ----a-w- c:\program files\avglngx.dll
2014-12-17 22:42 . 2014-12-17 22:42 1294352 ----a-w- c:\program files\avgntopenssla.dll
2014-12-17 22:42 . 2014-12-17 22:42 327184 ----a-w- c:\program files\avglogx.dll
2014-12-17 22:41 . 2014-12-17 22:41 873488 ----a-w- c:\program files\avgdumpa.exe
2014-12-17 22:41 . 2014-12-17 22:41 587792 ----a-w- c:\program files\avgcomma.dll
2014-12-17 22:41 . 2014-12-17 22:41 1008144 ----a-w- c:\program files\avgntopensslx.dll
2014-12-17 22:41 . 2014-12-17 22:41 374288 ----a-w- c:\program files\avgclitx.dll
2014-12-17 22:41 . 2014-12-17 22:41 189456 ----a-w- c:\program files\avgchclx.dll
2014-12-17 22:41 . 2014-12-17 22:41 629264 ----a-w- c:\program files\avgntsqlitex.dll
2014-12-17 22:41 . 2014-12-17 22:41 482968 ----a-w- c:\program files\avghookx.dll
2014-12-17 22:41 . 2014-12-17 22:41 133136 ----a-w- c:\program files\avgpsicx.dll
2014-12-17 22:41 . 2014-12-17 22:41 469520 ----a-w- c:\program files\avgcommx.dll
2014-12-17 22:40 . 2014-12-17 22:40 539576 ----a-w- c:\program files\avghooka.dll
2014-12-17 22:38 . 2014-12-17 22:38 944656 ----a-w- c:\program files\avgsysx.dll
2014-12-17 22:38 . 2014-12-17 22:38 1106960 ----a-w- c:\program files\avgsysa.dll
2014-12-17 22:37 . 2014-12-17 22:37 2722320 ----a-w- c:\program files\avguires.dll
2014-12-17 02:46 . 2014-12-17 02:46 8979984 ----a-w- c:\program files\avgcorea.dll
2014-12-17 02:46 . 2014-12-17 02:46 7270416 ----a-w- c:\program files\avgcorex.dll
2014-12-17 02:46 . 2014-12-17 02:46 5972496 ----a-w- c:\program files\avgcrema.exe
2014-12-13 04:24 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-13 04:24 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-15 09:13 . 2012-12-29 05:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-15 09:13 . 2012-12-29 05:26 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 08:11 . 2012-12-15 09:20 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-08 10:24 . 2014-12-08 10:24 260888 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-11-18 17:31 . 2014-11-18 17:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-18 10:42 . 2014-11-18 10:42 203544 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-11-11 03:08 . 2014-11-20 02:42 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 02:42 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-20 02:42 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 02:42 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-09 10:35 . 2014-11-09 10:35 966224 ----a-w- c:\program files\HtmLayout.dll
2014-11-08 03:16 . 2014-12-11 03:58 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 03:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-11-07 19:49 . 2014-11-12 07:39 388272 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-06 04:04 . 2014-11-12 07:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 04:03 . 2014-11-12 07:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 04:03 . 2014-11-12 07:39 25110016 ----a-w- c:\windows\system32\mshtml.dll
2014-11-06 03:47 . 2014-11-12 07:39 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:46 . 2014-11-12 07:39 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:46 . 2014-11-12 07:39 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 03:44 . 2014-11-12 07:39 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 03:43 . 2014-11-12 07:39 2884096 ----a-w- c:\windows\system32\iertutil.dll
2014-11-06 03:36 . 2014-11-12 07:39 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-06 03:35 . 2014-11-12 07:39 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-06 03:31 . 2014-11-12 07:39 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-06 03:30 . 2014-11-12 07:39 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 03:30 . 2014-11-12 07:39 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 03:29 . 2014-11-12 07:39 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 03:28 . 2014-11-12 07:39 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23 . 2014-11-12 07:39 6040064 ----a-w- c:\windows\system32\jscript9.dll
2014-11-06 03:20 . 2014-11-12 07:39 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 03:16 . 2014-11-12 07:39 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-06 03:13 . 2014-11-12 07:39 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-06 03:13 . 2014-11-12 07:39 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-06 03:12 . 2014-11-12 07:39 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10 . 2014-11-12 07:39 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07 . 2014-11-12 07:39 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 03:02 . 2014-11-12 07:39 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-06 03:00 . 2014-11-12 07:39 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-06 02:59 . 2014-11-12 07:39 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58 . 2014-11-12 07:39 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:57 . 2014-11-12 07:39 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-06 02:42 . 2014-11-12 07:39 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:41 . 2014-11-12 07:39 716800 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-06 02:41 . 2014-11-12 07:39 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-06 02:39 . 2014-11-12 07:39 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 02:38 . 2014-11-12 07:39 2124288 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:30 . 2014-11-12 07:39 14390272 ----a-w- c:\windows\system32\ieframe.dll
2014-11-06 02:21 . 2014-11-12 07:39 4298240 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-06 02:21 . 2014-11-12 07:39 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20 . 2014-11-12 07:39 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17 . 2014-11-12 07:39 2365440 ----a-w- c:\windows\system32\wininet.dll
2014-11-06 02:04 . 2014-11-12 07:39 1550336 ----a-w- c:\windows\system32\urlmon.dll
2014-11-06 01:53 . 2014-11-12 07:39 799232 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-06 01:52 . 2014-11-12 07:39 1892864 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-05 17:56 . 2014-11-12 07:39 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-05 17:56 . 2014-11-12 07:39 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-05 17:52 . 2014-11-12 07:39 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-25 01:57 . 2014-11-12 07:34 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 07:34 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 07:34 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-11 08:09 4121600 ----a-w- c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 07:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 08:09 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-10-14 02:16 . 2014-11-12 07:39 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 07:39 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 07:34 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 07:39 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 07:39 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 07:39 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 07:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 07:34 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 07:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 07:39 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 07:39 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"AVG_UI"="c:\program files\avgui.exe" [2014-12-17 3667472]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avgidsagent.exe;c:\program files\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\avgwdsvc.exe;c:\program files\avgwdsvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 05:14 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 09:13]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 05:02]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-15 05:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-11 440128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-11 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-11 398656]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\1rgyb8j3.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Native Instruments Controller Editor - c:\programdata\{B9F6456A-E0C8-4BD3-A6E8-AFA8859EC4C4}\Controller Editor Setup PC.exe
AddRemove-Native Instruments Guitar Rig 5 - c:\programdata\{A4FF347C-7353-4B5D-B479-1933EFF12E9A}\Guitar Rig 5 Setup PC.exe
AddRemove-O - c:\programdata\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.exe
AddRemove-O - c:\programdata\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.exe
AddRemove-Native Instruments Rig Kontrol 3 - c:\programdata\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\switch.exe
AddRemove-{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9} - c:\programdata\{A4FF347C-7353-4B5D-B479-1933EFF12E9A}\Guitar Rig 5 Setup PC.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{B9F6456A-E0C8-4BD3-A6E8-AFA8859EC4C4}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
AddRemove-{2930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.exe
AddRemove-{7930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.exe
AddRemove-{B962AD08-335F-46f7-A182-257D37672E5C} - c:\programdata\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-11 16:10:27
ComboFix-quarantined-files.txt 2015-01-11 05:10
.
Pre-Run: 707,005,431,808 bytes free
Post-Run: 706,839,298,048 bytes free
.
- - End Of File - - D077D581E75A6C65BC54C004132694F5
A36C5E4F47E84449FF07ED3517B43A31


Report •

#76
January 10, 2015 at 21:25:05
Nice work.

Nearly finished.

Update Malwarebytes & run again. Post the new log please.


Report •

#77
January 10, 2015 at 21:28:58
"Microsoft Windows Recovery Console"
The program looks to see if you have it already installed, if it wasn't, you would have seen a message.

Report •

#78
January 10, 2015 at 21:31:06
should i download Microsoft Windows Recovery Console now?

Report •

#79
January 10, 2015 at 21:35:37
"if it wasn't, you would have seen a message"
Did you see a message?

Report •

#80
January 10, 2015 at 21:39:45
i don't think so. things just seemed to 'get on with it' ??

Report •

#81
January 10, 2015 at 21:41:58
That means all is well.

Shall wait for the Malwarebytes results as per my Post #76

message edited by Johnw


Report •

#82
January 10, 2015 at 21:42:30
it seems like i got up to this.. or this far?? (after combofix went through the 50 stages)

"You should now post this log as a reply to the topic where you were asked to run combofix. Your helper will now analyze this log and let you know what they would like you to do next. If you having problems connecting to the Internet after running Combofix, then please read the Manually restoring the Internet connection section."


Report •

#83
January 10, 2015 at 21:43:33
ok great :) that's good i was freaking out a little bit

Report •

#84
January 10, 2015 at 21:45:29
"Update Malwarebytes & run again. Post the new log please."

do i just click on it and run it? or is there something else i have to do to 'update' it?


Report •

#85
January 10, 2015 at 21:47:00
Open Malwarebytes, click on Update & then scan.

Report •

#86
January 10, 2015 at 22:00:31
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/01/2015
Scan Time: 4:50:16 PM
Logfile: Malwarebytes Anti-Malware.lnk LOG.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.11.02
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353806
Time Elapsed: 6 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#87
January 10, 2015 at 22:03:20
You are clean, what issues do you have now?

Run DelFix
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Remove disinfection tools
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

"EmptyTemp: => Removed 48.5 GB temporary data"
Open all your browsers, go into their cache & set to 50mb max temporary files.
Google on how to find if you don't know how.


Report •

#88
January 10, 2015 at 22:04:14
what issues? i'm not sure. i haven't rebooted or tested the windows updates etc?

p.s. YAAYY to being clean!!

message edited by SammiJ


Report •

#89
January 10, 2015 at 22:17:00
just runnin DelFix now.

i usually do uncheck install toolbars.. and other stuff when i see it. i do have a habit of speeding around the net.. (will stop doing that!) i always get pop up windows asking me if i want to allow the program to change or alter windows functions (or something like that) it always scares me ... i have that thing set to warn me or ask me first i'm never sure what to click. with most things i click Yes because when i click No it obviously won't work or install at all.

CNet rings a bell

message edited by SammiJ


Report •

#90
January 10, 2015 at 22:24:09
do you want me to post the DelFix log here?

Report •

#91
January 10, 2015 at 22:27:34
" do you want me to post the DelFix log here?"
Yes please.

Report •

#92
January 10, 2015 at 22:28:53
i never use the dvd or cd burner things. i have chemical injury and i find the smells of new products espec discs makes me sick

Report •

#93
January 10, 2015 at 22:33:31
"i never use the dvd or cd burner things"
Me either, do everything on a thumb drive now, whenever I go out, it's in my pocket.

Report •

#94
January 10, 2015 at 22:40:42
# DelFix v10.8 - Logfile created 11/01/2015 at 17:11:33
# Updated 29/07/2014 by Xplode
# Username : Sam - SAM-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Sam\Desktop\Addition.txt
Deleted : C:\Users\Sam\Desktop\ComboFix.exe
Deleted : C:\Users\Sam\Desktop\Fixlog.txt
Deleted : C:\Users\Sam\Desktop\FRST.txt
Deleted : C:\Users\Sam\Desktop\FRST64.exe
Deleted : C:\Users\Sam\Desktop\JRT.exe
Deleted : C:\Users\Sam\Desktop\JRT.txt
Deleted : C:\Users\Sam\Desktop\rkill.com
Deleted : C:\Users\Sam\Desktop\Rkill.txt
Deleted : C:\Users\Sam\Desktop\RogueKiller.exe
Deleted : C:\Users\Sam\Downloads\AdwCleaner.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

Deleted : RP #311 [Windows Update | 12/28/2014 16:00:19]
Deleted : RP #312 [Windows Update | 12/28/2014 16:45:33]
Deleted : RP #313 [Windows Update | 12/29/2014 06:30:11]
Deleted : RP #314 [Windows Update | 12/29/2014 11:20:04]
Deleted : RP #315 [Windows Update | 12/29/2014 21:24:04]
Deleted : RP #316 [Windows Update | 12/30/2014 07:52:29]
Deleted : RP #317 [Windows Update | 12/30/2014 14:21:10]
Deleted : RP #318 [Windows Update | 12/30/2014 16:00:21]
Deleted : RP #319 [Windows Update | 12/30/2014 17:33:05]
Deleted : RP #320 [Windows Update | 12/31/2014 04:10:14]
Deleted : RP #321 [Installed Microsoft Fix it 50123 | 12/31/2014 04:18:17]
Deleted : RP #322 [Windows Update | 12/31/2014 05:14:05]
Deleted : RP #323 [Windows Update | 12/31/2014 09:34:14]
Deleted : RP #324 [Windows Update | 12/31/2014 10:07:25]
Deleted : RP #325 [Windows Update | 12/31/2014 16:00:18]
Deleted : RP #326 [Windows Update | 01/01/2015 14:18:24]
Deleted : RP #327 [Windows Update | 01/02/2015 04:08:32]
Deleted : RP #328 [Windows Update | 01/02/2015 11:54:42]
Deleted : RP #329 [Windows Update | 01/02/2015 17:18:23]
Deleted : RP #330 [Windows Update | 01/03/2015 05:02:14]
Deleted : RP #331 [Windows Update | 01/03/2015 15:29:46]
Deleted : RP #332 [Windows Update | 01/04/2015 01:29:14]
Deleted : RP #333 [Removed Acrobat.com | 01/04/2015 11:41:09]
Deleted : RP #334 [Removed Acrobat.com | 01/04/2015 11:43:00]
Deleted : RP #335 [Removed Apple Mobile Device Support | 01/04/2015 11:52:26]
Deleted : RP #336 [Windows Update | 01/04/2015 18:09:26]
Deleted : RP #337 [Windows Update | 01/05/2015 02:45:13]
Deleted : RP #338 [Windows Update | 01/05/2015 07:36:56]
Deleted : RP #339 [Windows Update | 01/05/2015 08:22:49]
Deleted : RP #340 [Windows Update | 01/05/2015 09:39:53]
Deleted : RP #341 [Windows Update | 01/05/2015 16:15:09]
Deleted : RP #342 [Windows Update | 01/07/2015 08:48:36]
Deleted : RP #343 [Installed Microsoft Fix it 50123 | 01/07/2015 08:58:20]
Deleted : RP #344 [Windows Update | 01/07/2015 09:00:59]
Deleted : RP #345 [Installed Microsoft Fix it 50123 | 01/07/2015 09:11:29]
Deleted : RP #346 [Installed Microsoft Fix it 50123 | 01/07/2015 09:17:55]
Deleted : RP #347 [Installed Microsoft Fix it 50123 | 01/07/2015 09:47:38]
Deleted : RP #348 [Windows Update | 01/07/2015 10:01:10]
Deleted : RP #349 [Windows Update | 01/07/2015 17:25:08]
Deleted : RP #350 [Windows Update | 01/08/2015 11:12:42]
Deleted : RP #351 [Windows Update | 01/08/2015 11:28:42]
Deleted : RP #352 [Windows Update | 01/08/2015 12:39:50]
Deleted : RP #353 [Windows Update | 01/08/2015 12:56:19]
Deleted : RP #354 [Windows Update | 01/08/2015 13:02:59]
Deleted : RP #355 [Windows Update | 01/08/2015 13:08:10]
Deleted : RP #356 [Windows Update | 01/08/2015 13:38:04]
Deleted : RP #357 [Windows Update | 01/08/2015 13:50:15]
Deleted : RP #358 [Windows Update | 01/08/2015 14:53:57]
Deleted : RP #359 [Installed AVG PC TuneUp 2015 | 01/08/2015 15:16:02]
Deleted : RP #360 [Windows Update | 01/08/2015 19:20:03]
Deleted : RP #361 [Windows Update | 01/09/2015 03:14:43]
Deleted : RP #362 [Removed AVG PC TuneUp 2015 | 01/09/2015 03:40:29]
Deleted : RP #363 [Removed AVG PC TuneUp 2015 (en-US) | 01/09/2015 03:41:49]
Deleted : RP #364 [Removed Bonjour | 01/09/2015 03:44:10]
Deleted : RP #365 [Removed Bonjour | 01/09/2015 03:44:56]
Deleted : RP #366 [Windows Update | 01/09/2015 05:22:08]
Deleted : RP #367 [Installed Microsoft Fix it 50123 | 01/09/2015 05:34:04]
Deleted : RP #368 [Restore Operation | 01/09/2015 05:40:59]
Deleted : RP #369 [Windows Update | 01/09/2015 05:48:57]
Deleted : RP #370 [Windows Update | 01/09/2015 08:46:26]
Deleted : RP #371 [Windows Update | 01/09/2015 16:56:52]
Deleted : RP #372 [Windows Update | 01/10/2015 13:21:39]
Deleted : RP #373 [Windows Update | 01/10/2015 14:17:24]
Deleted : RP #374 [Windows Update | 01/11/2015 02:33:58]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#95
January 10, 2015 at 22:42:28
DelFix LOG did not auto save to the desktop. is that alright?

Report •

#96
January 10, 2015 at 22:47:32
Just like to see what it found, good result. All the programs we have used, you need to keep a record of, just in case you need them again.

All the old system restore points that were housing nasties have been removed, that way you can't be reinfected.


Report •

#97
January 10, 2015 at 22:50:33
"DelFix LOG did not auto save to the desktop. is that alright?"
Yep.

Report •

#98
January 10, 2015 at 22:54:54
ok that's good! umm ok .. but DelFix .. performed: delete all removal tools
and lots of icons that were placed on the desktop disappeared ?

i have tried to copy and save this whole thread.. but it was incredible hard to do! (so many posts.. it kept stopping the copying and i kept losing track of where i was up to.. and it kept duplicating pastes.


Report •

#99
January 10, 2015 at 22:57:34
"lots of icons that were placed on the desktop disappeared ?"
Reboot.

Report •

#100
January 10, 2015 at 23:03:56
also i have been reading up about how to know if what you're installing is safe? there's a lot to learn there.. it's a bit confusing. seems there's a few ways of seeing it. i guess one way would be when the pop up windows box thing asks if you want to allow the program to access or change things on your computer and it says this is from an unknown or untrusted site? derrr Sam. i even looked hard at the unchecky download/install thing. (sorry i call things 'thing' when my brain fog kicks in).

there's lots of info about how to recongise and check the source of the site.. but it's also confusing. and hard to verify. i try never to click on 'free stuff' scams. i have started doing a fair bit of online shopping research and buyin things from online as i have lots of trouble going into shops (i have to wear a surgical face mask due to chemical sensitivities and it is very hard to deal with, i get a lot of odd reactions/shock responses from people and often rush out with the wrong products, gasping for air).

i have never liked doing online banking or giving out credit card details anywhere online.. i resisted for a very long time.. then finally caved!


Report •

#101
January 10, 2015 at 23:13:35
Q: there's a setting in Chrome which has ticked 'Allow all sites to run Java Script' should i uncheck that?

also is it a good idea to Clear Browsing history by hour, day, week, or beginning of time ?

message edited by SammiJ


Report •

#102
January 10, 2015 at 23:29:11
Johnw

i have just searched google and read lots of diff threads on how to set chrome cache to 50mb max temporary files.

it seems like everyone's confused and those who say they know what to do are offering links to solutions.. which i am now very wary of clicking on!

haven't done the other browsers yet.

re: the virus on my comp... it occurs to me now that i may have picked up some nasties via you tube?.. is that common?

has my comp been infected for a while? a long time? or recently?

message edited by SammiJ


Report •

#103
January 10, 2015 at 23:46:56
ok i have changed cache setting in fireF and IE.
chrome pending a solution/setting...

so many things i notice now in the settings in all the browsers. like the whole cookies thing is really confusing. and saving or deleting browser history and stuff like Do Not Tell Sites anything about my tracking preferences.. sounds like a good idea? FireF gives you the option to Never remember browsing history ?

Use a background service to install updates? all of this could be normal .. i don't know!

sorry all of this a bit off-topic.. just trying to make sure i don't leave doors open to any more viruses!!


Report •

#104
January 11, 2015 at 00:04:31
Having a break SammiJ , trying to catch up on my jobs.

Report •

#105
January 11, 2015 at 00:05:44
that's cool .. me too!

p.s. not good news.. the same windows updates FAILED .. i'm over it! need food.


Report •

#106
January 11, 2015 at 01:57:47
Now to clean up everything damaged by the nasties. Skip the Malwarebytes scan.
Run Tweaking.com - Windows Repair

Disable your antivirus program before running Windows Repair.
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...

Start at Step 1 & when you get to the final step ( Repairs ) check/tick all the boxes. Reboot when finished.

http://www.softpedia.com/get/Tweak/...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Copy and Paste the contents ( or upload ) of the following log in your reply:
32-bit
C:\Program Files > Tweaking.com > Windows Repair (All in One) > Tweaking.com_Windows_Repair > Logs
64-bit
C:\Program Files (x86) > Tweaking.com > Windows Repair (All in One) > Tweaking.com_Windows_Repair > Logs
Refer SS ( screenshots )
http://i.imgur.com/6zQBU9H.gif
http://i.imgur.com/e63WNzy.gif


Report •

#107
January 11, 2015 at 21:17:16
hi Johnw

ok next stage.. i may have to wait a little bit, not very well today. will get a second wind soon i hope.

in the meantime... i just want to acknowledge you guys...

John thanks so much for still being here! and for ALL the amazing work you've already done and helped me get through what could otherwise have been an ongoing worst nightmare!! ...and thanks to Derek and Fingers for getting me as far as John!!

back later
cheers
Sammi


Report •

#108
January 13, 2015 at 00:00:34
i'm back. ..about to start on #107 !!

Report •

#109
January 13, 2015 at 00:46:08
ok maybe my brain isn't quite focused ... i'm lost at this bit:
(maybe i missed step?)

C:\Program Files (x86) > Tweaking.com > Windows Repair (All in One) > Tweaking.com_Windows_Repair > Logs

can't find it in my comp :( can't find Logs! maybe the Repair thing didn;t create report because i missed a step? it said it found a virus, but i think i was distracted by the next step and didn't 'press something to get rid of it'? should i do the scan again?


message edited by SammiJ


Report •

#110
January 13, 2015 at 01:40:49
"i press enter right? and it keeps asking me to check the spelling"
Don't know what that means.

"think i'll come back a bit later.. see if i can get it right"
Ok.


Report •

#111
January 13, 2015 at 03:53:48
neither do i.. i think i was confused !! see edited post #109

message edited by SammiJ


Report •

#112
January 13, 2015 at 03:55:00
can't believe i got this far.. through all the other steps over last few days and stalled now!

must be more tired than i thought.


Report •

#113
January 13, 2015 at 04:10:40
" should i do the scan again?"
Yep.

Report •

#114
January 13, 2015 at 04:13:13
also there were no boxes to check/tick.. on the left.. they seem to be already ticked?

i hope it's the right thing to do but i'm running the scan reimage repair again?


Report •

#115
January 13, 2015 at 04:18:32
ah huh! after the scan finished (and it found a harmful virus) ..

: Top Harmful Virus: a variant of Bundled.Toolbar.G.

it said "click Start Repair to resolve these issues" but it takes me to a page that asks me to purchase .. something? ..the tool to do it?

http://www.reimageplus.com/pricing/...


Report •

#116
January 13, 2015 at 04:26:42
i can see Program Files (x86) under Programs which i think i created.. but i couldn't get the Tweaking.com ?? or Windows Repair (all in one) ?? there's nothing in any files to do with programs or windows that says repair ??

Report •

#117
January 13, 2015 at 04:30:00
"after the scan finished"
What scan, it does Malwarebytes, SFC, Disk Check & others?

"purchase .. something? ..the tool to do it?"
Don't even think about it.


Report •

#118
January 13, 2015 at 04:30:19
there is Reimage Repair.exe on the desktop. but it seems to do the same thing.. over again?

Report •

#119
January 13, 2015 at 04:34:56
hi John, no, i'm not thinking about buying anything. yeah it checked a LOT of things!

the PC Scan and Repair Reimage (which is the thing i downloaded first right?)

and the Reimage Repair.exe which appeared on my desktop (i dont' recall savin it) seems to do the same thing/scan? shall i try it again?

message edited by SammiJ


Report •

#120
January 13, 2015 at 04:41:19
"the PC Scan and Repair Reimage (which is the thing i downloaded first right?)"
No.

I have no idea what you have downloaded, I asked you to download Tweaking.com


Report •

#121
January 13, 2015 at 04:43:30
This is what you should have.

http://i1-win.softpedia-static.com/...


Report •

#122
January 13, 2015 at 04:46:44
i went here: http://www.tweaking.com/

Report •

#123
January 13, 2015 at 04:49:52
i misunderstood about power reset. i thought the links were just variations of the same program .sorry. i should have checked :(

message edited by SammiJ


Report •

#124
January 13, 2015 at 04:54:31
"i went here: http://www.tweaking.com/"
There is more than one program on that page.

This is the one to download.

http://www.tweaking.com/content/pag...


Report •

#125
January 13, 2015 at 04:56:09
as far as i can tell the thing i downloaded scanned but didn't clean or delete or quaranteen anything. so does that mean it's safe to do the other thing now?


http://i1-win.softpedia-static.com/...


Report •

#126
January 13, 2015 at 04:58:37
yes, that is the one i downloaded

http://www.tweaking.com/content/pag...


and it did a big scan and detected a virus.. i'm just not sure what happened after that. i thought they were the 'steps' that you meant?


Report •

#127
January 13, 2015 at 05:03:22
ohhh i see.. i didn't realise, there's a LOT on that page.. i hit the big green download button at the top. (bit computer fatigued/blind at present) sorry!

Report •

#128
January 13, 2015 at 05:06:00
"so does that mean it's safe to do the other thing now?"
No idea without the log. I have to memorize everything you are doing & my head is spinning.

Did you run the program again?

Do all steps except the Malwarebytes scan.


Report •

#129
January 13, 2015 at 05:11:13
sorry..!! i can't find the log! which program? i ran 2.. the ones i mentioned before:

"the PC Scan and Repair Reimage" which came from hitting the big green download button on this page:

http://www.tweaking.com/content/pag...

and the Reimage Repair.exe which appeared on my desktop


Report •

#130
January 13, 2015 at 05:15:46
something i can say for sure is that the system didn't do a reset after the scan i mentioned.. does that help?

Report •

#131
January 13, 2015 at 05:21:23
""the PC Scan and Repair Reimage" which came from hitting the big green download button on this page:"
I use Adblock Plus so it is not on my page & should not be downloaded.

Report •

#132
January 13, 2015 at 05:21:48
John i'm not sure but i didn't see any option to by pass : Malwarebytes scan.

i must not be doing the right scan.. i'm so confused. exactly which one should i be running again? i haven't done anything on this page at all:

http://i1-win.softpedia-static.com/...


Report •

#133
January 13, 2015 at 05:24:01
"something i can say for sure is that the system didn't do a reset after the scan i mentioned.. does that help?"
We are going around in circles.

Run Tweaking.com as per my original instructions & give me the log.


Report •

#134
January 13, 2015 at 05:24:07
'I use Adblock Plus so it is not on my page & should not be downloaded.'

ok well i guess it's too late, coz i did dowload it. not sure what or where adblock is , didn't know i was supposed to do that bit. gawd what a mess. so sorry.


Report •

#135
January 13, 2015 at 05:27:59
do you mean when you say run Tweaking.com... is this it?

Tweaking.com - Simple System Tweaker v2.1.0
http://www.tweaking.com/content/pag...

there's a lot on that page.. i am not sure which link ??


Report •

#136
January 13, 2015 at 05:29:49
John there's this stuff:

Simple System Tweaker
Tweaking.com - Simple System Tweaker is designed to bring only the safest tweaks to your system to increase speed and stability.

Windows is setup in a default configuration. By fine tuning your Windows configuration you can increase the speed and snappiness of the operating system. These tweaks are the ones that are safe and shown to cause no side effects with any programs. Each tweak only gives a small performance boost. But they all add up, so the more tweaks you do the more performance you get.

For Windows XP, 2003, Vista, 7, 8, 2008

v2.1.0 (Supports 32 & 64 bit)

Installer (3.28 MB)

then all this stuff about Mirrors.. i am just not getting it :(

message edited by SammiJ


Report •

#137
January 13, 2015 at 05:34:08
ohhh i think i see.. it's the page with Windows Repair v2 10.0 ?? and

the stuff about power Reset?? sorry there are steps on other pages.. the tweaking logos are on each page.. my bad!


do you mean this link with the steps?

http://i1-win.softpedia-static.com/...

message edited by SammiJ


Report •

#138
January 13, 2015 at 05:36:49
should i uninstall the thing i wasn't meant to download?

Report •

#139
January 13, 2015 at 05:44:59
OMG .. !!!

IGNORE POST #136... obviously i didn't read it properly.. we're not trying to boost performance .. we're trying to repair!! .. i am really stuffing up aren't i?

just let me know one more time pls.. if it's the one about RESET/powering down, unplugging the power chord??

message edited by SammiJ


Report •

#140
Report •

#141
January 13, 2015 at 05:56:16
sorry, do i just use the first link? they are all wise program uninstall links. the first one is about Java App and External Mirror

can i choose which one ..to use.. i mean which link/page?


Report •

#142
January 13, 2015 at 05:59:52
"can i choose which one ..to use.. i mean which link/page?"
Yes of course, most people just say use Wise Program Uninstaller, in other words, find your own links.

Use this one.
http://www.softpedia.com/dyn-postdo...


Report •

#143
January 13, 2015 at 06:02:57
oh i see.. sorry i'm just nervous now about getting anything else wrong! not wanting to waste any more of your time.

Report •

#144
January 13, 2015 at 06:09:03
that link is the most confusing.. it's got the mirror thing and is now asking me to sign up. so i'm going to try one of the others ok?

Report •

#145
January 13, 2015 at 06:14:40
" it's got the mirror thing and is now asking me to sign up"
Not for me, it's not normal either.

http://www.wisecleaner.com/soft/WPU...


Report •

#146
January 13, 2015 at 06:51:29
ok i did the wisecleaner thing and got rid of Reimage prog.

i'm now trying to figure out what shut down PLUS power off is.. in the instructions on the Tweak page it says it's diffefrent to just shutting down. is it supposed to be in sleep mode?


Report •

#147
January 13, 2015 at 06:53:58
also the instructions for step three about hitting the on/off switch a few times .. text runs out... 'as if you were...'

i assume.. 'as if you were --- turning your computer on'???


Report •

#148
January 13, 2015 at 07:08:11
does shut down + power off mean shutting down and then turning off at the power points (which i always do anyway)

and then after that i have to do the unplug the power chord.

sorry for all the stupid Q's .. i tried googling and searching in windows for the answer/instructions... but google keeps 'not opening' and firefox is not so good either.


message edited by SammiJ


Report •

#149
January 13, 2015 at 07:37:41
John ...it's very late, i def wouldn't expect you to keep going with me tonite.. it's been laborious and taxing i'm sure! i will come back tomorrow if you're not sick of me.. we've gotten so far.. i'm just not hitting the mark today. i will be up for a while yet though.

i'm not going to do the tweaking repair steps until i know that i'm going to do it right.

cheers
Sam

message edited by SammiJ


Report •

#150
January 13, 2015 at 13:43:49
"John ...it's very late"
Where are you Sam?
Derek already mentioned where I am.
http://www.timeanddate.com/worldclo...

"Tweaking.com instructions.
(Step 1) Shutdown and power off the computer.

(Step 2) Once the computer is powered off, unplug the power cord. If it is a laptop also remove the battery. It is important that any way for the system to keep getting power is unplugged or unhooked.

(Step 3) With the power cord unplugged and the battery removed (if you have one), hit the power button a few times as if you are trying to turn on the computer. When you do this and the computer tries to turn on, all the electricity is drained out of the system.

(Step 4) Plug the power cord back in and reinsert the battery (if you have one) and turn the computer on.

All done!

Once Windows is loaded you can continue on with the other steps and repairs.

This trick is used on all forms of electronics. Computers, cell phones, routers, modems, TVs, DVD/Blue-Ray players and so on.

Have you ever heard someone say their computer wasn't working right, so they unhooked it, took it to a computer repair shop and when they got there the system was working fine?
This is because the power had drained out of the system!"

Your questions.
"does shut down + power off mean shutting down and then turning off at the power points (which i always do anyway)"
Yes.

"and then after that i have to do the unplug the power chord"
Yes.


Report •

#151
January 13, 2015 at 17:48:05
hi John,

yes i knew you were in WA, my last message was past 2:30am at my end , though the times listed at each message don't reflect that... not sure why... anyway i hadn't heard back from you in a while so assumed that was the end of the session for the night.. as it was very late?

anyway it's all good. i'm going to try the steps now.

cheers
Sammi


Report •

#152
January 13, 2015 at 18:32:38
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Sam\Desktop>CD /D C:\

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (213581 of 237312 file records processed)
237312 file records processed.

File verification completed.
687 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
47 percent complete. (267357 of 297620 index entries processed)
297620 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
63 percent complete. (230553 of 237312 file SDs/SIDs processed)
237312 file SDs/SIDs processed.

Security descriptor verification completed.
30155 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (37691392 of 37695080 USN bytes processed)
37695080 USN bytes processed.

Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.


Report •

#153
January 13, 2015 at 18:42:49
"Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these."

Make sure you do this, I'm going out for about 5 hours soon.


Report •

#154
January 13, 2015 at 19:18:03

File verification completed.
687 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
47 percent complete. (267357 of 297620 index entries processed)
297620 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
63 percent complete. (230553 of 237312 file SDs/SIDs processed)
237312 file SDs/SIDs processed.

Security descriptor verification completed.
30155 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (37691392 of 37695080 USN bytes processed)
37695080 USN bytes processed.

Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

976657407 KB total disk space.
89943688 KB in 171386 files.
112020 KB in 30156 indexes.
0 KB in bad sectors.
371203 KB in use by the system.
65536 KB occupied by the log file.
886230496 KB available on disk.

4096 bytes in each allocation unit.
244164351 total allocation units on disk.
221557624 allocation units available on disk.

C:\>


Report •

#155
January 13, 2015 at 19:20:14
hi John,

the computer restarted twice after restore point and registry backup.. i didn't physically get to do steps 5 or antyhing after that. but the folders and logs are seem to be in the right place?


Report •

#156
January 13, 2015 at 19:24:39
the tweaking. com installer seems to have been deleted after restart??? i can't find it to run it again and finish the steps

after restore point/backup stuff.. did things revert to..? i don't know where i'm up to now

message edited by SammiJ


Report •

#157
January 13, 2015 at 19:30:53
with the steps i think i got confused at and/or backup or restore after check registry (check files was listed as optional, i started it then cancelled it), and went on to the next step.. which was ... to ...Repairs (step 5?)

message edited by SammiJ


Report •

#158
January 13, 2015 at 20:01:03
John, i'll try to get a friend to come over later and help with the windows repair stuff.. i think i'm just on overload.. honestly i can't believe i managed to do all those other steps over the last few days. i usually have trouble concentrating /being online for more than about an hour.

cheers
Sammi



Report •

#159
January 13, 2015 at 20:07:14
. not sure where: 'Run CHKDSK with the /F (fix) option to correct these' ..is?

i have no idea if this is relevant .. just looking for clues as to progress

Tweaking.com - Registry Backup Change Log.

v1.10.1
Fixed a bug where the registry wouldn't restore if the user had changed the temp folders to another drive. The program will now always use C:\Windows\Temp to restore the registry. This is because of Windows security, Windows will not allow registry files from another drive to be loaded. The registry must be on the same drive as Windows in order to restore it.

Fixed a bug where if the settings.ini file was deleted or a user updated the program from from a older version and the settings.ini file didn't have the color information set that the colors wouldn't be set correctly, such as black text over the dark grey background. The program has now been updated to apply the proper default colors when this happens.

Multiple code improvements and changes.

Changed and updated multiple icons and graphics in the program.

v1.10.0
Fixed but where backup couldn't happen when a user had Unicode chars in their date and time on the system.

Added code to detect what drive letters are in use on the system and if the vss drive letter in the program is set to one that is in use then the program will auto change the vss drive letter to use. If vss mapped a drive letter that as already in use then Windows would freak out until rebooted and the backup would fail. This will no longer happen with this new function.

Updated the controls in the program to use less sub classing. When the program was ran in hidden mode and the controls tried to draw themselves and the program went to close itself after a backup the program would crash. The new changes to the controls make the program more stable and will hopefully fix this problem.

Updated graphics to the interface of the program.

Moved the image controls used in the program into a ocx file. This has reduced the size of the main exe by 460 KB. Also making the program more stable and require less memory.

Multiple interface code tweaks and enhancements.

v1.9.0
Fixed bug where a log file would be created on the root of the drive when doing a restore instead of the proper backup folder.

Fixed bug where if the program had trouble pulling the computer name for the backup path it would fail to make the path.

Redid the backup process when using the fall back method. Before it would only backup registry files that where loaded because the Windows API only allowed that. The program will now try to do a straight file copy of registry files that are not loaded instead of skipping them.
Also changed it to where if the API call fails on a loaded registry file it will try a file copy after. This is helpful when a registry file was loaded at the startup of the program but unloaded before the backup started.

Added new option to the restore section where you can have the computer auto reboot or shutdown after restoring the registry. If the options are not chosen the program will now ask you if you would like to reboot after doing a restore.

v1.8.0
Added a new option to change all the program colors (under the settings tab). The user can now control the colors of the program and even save their color layout as a preset. This is very helpful for colorblind, or hard of seeing users or just users who don't like my default colors :-)

Changed the default colors of the program. Replaced the green text with a easier to read color. Also change the button colors to stand out more and multiple other changes.

A large amount of interface and layout changes.

The tree views now show the current size of each registry file.

When using the fallback backup method the program now logs the size of the registry files that have been backed up.

6 variables are now supported in the backup location path.

Program now supports 2 more command line options (Use only one at a time) -DeleteSchedule and -CreateSchedule. You can now have the program auto create the schedule to do a backup at startup and also remove it.

The program now leaves a message window open if the backup fails or has errors when run from a schedule or a command line.

Multiple code changes and improvements.

V1.7.0
Added a new setting to allow the user to set what drive letter the program will use to access the volume shadow copy snapshot to grab the registry files. Before it always used B: as hardly anyone uses that drive letter. But some users do and so the backup by volume shadow copy wouldn't work. They can now change what drive letter to use.

v1.6.9
Fix a bug where if a user had changed the short date format on the system and it had characters that couldn't be in a folder name then the backup would fail since the folder couldn't be created. I fixed this by making a new command to replace any and all characters from the short date format and this should cover anyone who has a custom format.

v1.6.8
Added support for Windows 8.1.
Small code changes and improvements.

v1.6.7
Fixed bug where DEP on a system would cause the program to crash. This was because of a custom Unicode label control I was using. I removed that custom control and the program no longer crashes on DEP enabled systems.
Code changes, in the last version 1.6.5 I had moved the task scheduler code from the pcwintech_tasksch.dll to the exe instead. With the goal of having one less file. But when I did that 11 antivirus programs on virustotal.com flagged the exe as a "GEN" or generic virus. While I could have simply submitted the exe to each of them and had them fix their definitions I instead moved the code back to the dll. The exe is no longer being flagged by those programs.

v1.6.5
Tree view can now show Unicode characters.
The program now pulls the Windows version number from the API instead of WMI. If WMI was corrupt on the system it couldn't pull the version of Windows, with the API call instead this is no longer a problem. The version number is used so the program knows which of its vss tools to run.
Fixed bug where if you choose to backup using the fallback method, and then turned it off right after, the program would still use the fall back method until you restarted the program. This has now been fixed.
Multiple UI changes.
A lot of code updates and tweaks.
Fix a bug where you couldn't create a schedule in the task scheduler on Windows XP & 2003 64 Bit.

v1.6.1
Bug Fix: Some users reported the program would crash when it was closing itself down after a good backup. This new versions seems to have that fixed as I made some changes to the code.
Small bug fix. The backup now button was always enabled at startup, so if a person clicked backup now before the treeview was done listing the hive files the backup would just get stuck in a loop. This has been fixed by disabling the button by default and then enabling it once the hives have all been loaded in the treeview.
Program is now half the size. I redid some code, removed a few things and compiled the program different cutting the size down from 1.6mb to 824KB.

v1.6.0
Windows vista, 7 and newer added a new registry hive to the system called Components. The program now supports this new registry hive.

v1.5.3
Fixed bug where if you had the program set to do only 1 backup per day, and had it run from the task scheduler and no backups had been created yet the program wouldn't run the backup. This was because it couldn't find the backup path since none was created yet and it caused an error to make the program think a backup was already done. This has now been fixed.

Added new feature where the program will show the elapsed time during the backup. If using the volume shadow copy service instead of the fallback method, there is a now a button on the backup progess window to use the fall back method. If VSS isn't working correctly on a system the program can end up waiting forever for VSS if it doesn't report an error but never makes the snapshot. With this button a person can tell it to use the fallback method instead if VSS appears to be taking far to long. This way a user doesn't have to stop the backup, go to setting, set the fallback and start over, thus saving the user time.

v1.5.2
Couple of GUI changes.

Per user request I added an option to show a system tray icon when running a scheduled backup that is set for hidden.

v1.5.1
Improved the auto delete old backups feature in the program.

v1.5.0
Per user request I added a new option to the auto delete old backups. You can now set it to always keep a minimum amount of backups. Example: A user has their system off and is gone for a while, when they come back and run the reg backup it would remove all the old backups, since the user was gone for a while all old backups were removed. With this new option it wont remove all the backups.
Fix bug where if the program had trouble pulling the system info it would load the tree view incorrectly and thus not backup those files. This is now fixed.
Changed the way the program closes itself. On a few systems after the backup was complete and the program closes itself it would randomly crash. Hopefully this new close down process will fix that.
Multiple code changes and improvements.

v1.4.3
Code change to how the program detects and waits for the VSS before using the fallback method.

v1.4.2
Small bug fix.

v1.4.1
Right click menu from the task bar now works.
Fixed a bug where the program wasn't telling when VSS would fail and thus it would never close or move forward.
Restore list now shows computer name with each backup that can be restored. This is helpful for techs that run the program from a thumb drive or server and have multiple machines they keep in the backup. By seeing the computer name they can tell which backup belongs to which machine without having to load and check each one.
Restore list is now better sorted.
Code tweaks.

v1.4.0
The program now detects if it didn't close right, if so ask if they want to use the fallback backup method instead (This is for people who get a blue screen of death when trying to use the volume shadow copy)
You can now have the program always use the fallback backup method instead of the volume shadow copy service. The goal of this is for the people who have a messed up VSS on their system. Instead of making them wait for the VSS to fail it will now run right away.
Per user request you can now have the program only make 1 auto backup per day. (This is for the people who have it set to backup at system startup but reboot their machines multiple times per day)
Change the -silent command to run the backup minimized.
Add some new command line options. -supersilent (Backups but shows no GUI at all) -auto (Runs the program, does a backup and then closes, the user can see it as it works, this was the original way the -silent command use to work)
Now that the program has 3 different command lines it can use, the user can now tell the program which command to use for the scheduled backups.

v1.3.0
Per user request you can now name each registry backup.
You can set the default backup name and default auto backup name for the backups under the advanced settings.
Major change to the restore process in the program. Before the user profile registry files didn't always get restored because the move file operation was written to the old system registry file. This only happened if you restored the user profiles and the system registry at the same time and only when restoring from the program. This has now been fixed :-)

v1.2.1
Added a message box when restoring the registry asking if you want to restore. This is for the users who clicked restore that didn't mean to, this gives them the option to keep it from restoring :-)
Added a open backup location button to the restore section.
Added a delete this backup button to the restore section.
Increased the combo box drop down list size in the restore section. It will now show the whole list without needing to scroll, but only to the max height of the program. If the restore list is bigger than that then it will scroll. This keeps it from being to big and going off screen.

v1.2.0
Program now has an advanced settings section.
Program now has a fallback backup method if the volume shadow copy service fails on a system. It will use the Windows API to backup the core registry files and only the current user registry file. Volume shadow copy is the best way to get all registry files on the system, but now with the fallback method, people who don't have a working volume shadow copy are not left out.
Added new setting to control what VSS exe the program uses. The program uses WMI to pull the OS information. but if WMI isn't working correctly the information isn't pulled and the program doesn't know which vss exe to use. With this new setting you can control it if you have any trouble.
Program can now backup locked profile registry files without having to be ran under the system account.
Improved the scheduler code.
Edit schedule now opens the Windows Task Scheduler.
Code and log improvements.

v1.1.0
The program is now Terminal Server Aware. When you ran the program on a Windows server that had Terminal Services installed the Windows API returned the wrong path to the windows dir. This is now fixed.
Added more info to the log files showing what system variables the program pulled from the system.
Changed the way the program is complied, the program exe is now smaller.

v1.0.0
Program is no longer beta and ready to use by all.
Multiple code tweaks and fine tuning for new release.
Online help and videos done.

v0.9.8
Added Help & Support section.
More code improvements.

v0.9.7
Installed version of the program will default the backup location to C:\RegBackup\. The portable version will stay the same of the current folder the program is being ran from as the default location.
The program now makes a restore batch file with the backups to use from the Windows recovery console. This will make it easier for normal users to do a restore if the system isn't bootable.
Program will now change the font color in the list if a backup fails for a that reg file.
Added a "View Logs" button to the backup window after a backup is ran.
Program now adds the reg keys needed for the recovery console to allow access to now Windows folders. This is needed for a restore from the recovery console.
The program now sets the schedule for system logon instead of at midnight for the default. The user can of course change this to what ever they like.
Various code tweaks.

v0.9.6
Log_Vss.txt now gets stored with the backup like the other log files.
Improved Vss logs to find out why a snap shot doesn't get created or mapped.
More code tweaks to the main program.

v0.9.5
Added extra checks during the backup process.
Spelling changes to a few sections in the program to make them better understandable.
Multiple code improvements.

v0.9.4
Change the way the program logs the backup and restore. It will now store a log file with each backup.
Logs now record the date and time for each entry.
Better error handling for the file copy progress.

v0.9.3
Added new options to the schedule settings. You can now choose to have the schedule run under the current user account or the system account.
Small code changes.

v0.9.2
Small bug fix where the program would sometimes get stuck in a loop when loading the treeview.
The backup location setting can now be typed in instead of just using the browse button.
The backup location browse button will now default to what ever backup location is currently set.
Spelling changes.

v0.9.1
Fix bug where when running from the task scheduler it wouldn't grab the user profile locations. This is because the program use to pull the current user profile to get the profile directory. When running from the task scheduler it is ran as the system account which is stored in a different location. This is now fixed.

v0.9.0


Report •

#160
January 13, 2015 at 20:07:31
or this?

#List for "Register System Files" repair.
#any file name listed here will be registered by the program.
#only the filename is needed, not the path and the regsvr32.exe option such as /s. Example: mydll.dll or myocx.ocx. This is for files in the system32 dir and SysWOW64 dir.

#just for sorting
#######################
#ocx section
#######################
asctrls.ocx /s
ccrpprg6.ocx /s
certmap.ocx /s
certwiz.ocx /s
cnfgprts.ocx /s
ComCt232.ocx /s
ComCt332.ocx /s
comctl32.ocx /s
ComDlg32.ocx /s
CS ToolBar.ocx /s
CSControlBlend.ocx /s
CSMDITaskBar.ocx /s
daxctle.ocx /s
dbgrid32.ocx /s
dblist32.ocx /s
dhtmled.ocx /s
dmview.ocx /s
Flash10t.ocx /s
hhctrl.ocx /s
logui.ocx /s
mci32.ocx /s
MSAdoDc.ocx /s
MSCAL.ocx /s
MSChrt20.ocx /s
mscomct2.ocx /s
mscomctl.ocx /s
MSComm32.ocx /s
MSDatGrd.ocx /s
MSDatLst.ocx /s
MSDatRep.ocx /s
msdxm.ocx /s
MSFlxGrd.ocx /s
MShflxgd.ocx /s
MSINET.ocx /s
msmapi32.ocx /s
msmask32.ocx /s
msrdc20.ocx /s
msscript.ocx /s
MSWINSCK.ocx /s
pcwintech_tabs.ocx /s
PicClp32.ocx /s
proctexe.ocx /s
PropPages.ocx /s
richtx32.ocx /s
SPR32X30.ocx /s
sysinfo.ocx /s
sysmon.ocx /s
TabCtl32.ocx /s
tdc.ocx /s
THREED32.ocx /s
wmp.ocx /s
wshom.ocx /s
#######################
#DLL section
#######################
actxprxy.dll /s
Asycfilt.dll /s
atl.dll /s
browseui.dll /s
catsrv.dll /s
catsrvut.dll /s
comsvcs.dll /s
cca.dll /s
comcat.dll /s
cryptdlg.dll /s
dispex.dll /s
DShowRdpFilter.dll /s
dssenh.dll /s
evr.dll /s
filemgmt.dll /s
gpkcsp.dll /s
hnetcfg.dll /s
initpki.dll /s
iuengine.dll /s
itvdata.dll /s
iyuv_32.dll /s
jscript.dll /s
mmcndmgr.dll /s
mmcshext.dll /s
MMDevAPI.dll /s
msac3enc.dll /s
mshtml.dll /s
msi.dll /s
msihnd.dll /s
msjava.dll /s
msmpeg2adec.dll /s
msmpeg2enc.dll /s
msmpeg2vdec.dll /s
msrle32.dll /s
msscript.dll /s
mssip32.dll /s
msvbvm60.dll /s
msvcrt.dll /s
msvidc32.dll /s
msxml.dll /s
msxml2.dll /s
msxml3.dll /s
msxml6.dll /s
msyuv.dll /s
muweb.dll /s
netcfgx.dll /s
netman.dll /s
netshell.dll /s
ole32.dll /s
oleaut32.dll /s
Olepro32.dll /s
oledlg.dll /s
qasf.dll /s
qcap.dll /s
qdv.dll /s
qdvd.dll /s
qedit.dll /s
qmgr.dll /s
qmgrprxy.dll /s
quartz.dll /s
rsaenh.dll /s
sbe.dll /s
sccbase.dll /s
scrobj.dll /s
scrrun.dll /s
shdocvw.dll /s
shell32.dll /s
slbcsp.dll /s
softpub.dll /s
srclient.dll /s
umpnpmgr.dll /s
urlmon.dll /s
vbscript.dll /s
WavDest.dll /s
wintrust.dll /s
wmnetmgr.dll /s
wmp.dll /s
wmpsrcwp.dll /s
wshext.dll /s
wuapi.dll /s
wuaueng.dll /s
wuaueng1.dll /s
wucltui.dll /s
wucltux.dll /s
wups.dll /s
wups2.dll /s
wuweb.dll /s
wuwebv.dll /s
#######################
#ax section
#######################
vbisurf.ax /s
WSTPager.ax /s
VBICodec.ax /s
psisrndr.ax /s
mpg2splt.ax /s
######################


Report •

#161
January 14, 2015 at 00:32:46
"not sure where: 'Run CHKDSK with the /F (fix) option to correct these' ..is?"
No need ever for this type of question. You have the built in > Help and Support &
Google.

1. Open the Start Menu and click on the Computer button on the right dark side.

2. Right click the hard disk drive that you want to check, and click on Properties.

3. Click on the Tools tab, and click on the Check now button under Error-checking.

4. In the window that opens, check the top box. ( Automatically fix file system errors )


Report •

#162
January 14, 2015 at 00:34:30
"i have no idea if this is relevant .. just looking for clues as to progress"
None at all, it is just a listing of the improvements made to each new version.

Report •

#163
January 14, 2015 at 00:36:01
"John, i'll try to get a friend to come over later and help with the windows repair stuff"
Best way Sam.

Report •

#164
January 20, 2015 at 21:05:47
hi John,

well after talking to a couple of mates and looking at my options .. one of which is to reinstall windows and make a clean start. but basically everyone is telling me that its' easy to do ..which means i still have to do it all myself.. and i'm still overwhelmed. trying to focus is ridiculously hard.. and i'm concerned about stuffing it up and particularly saving my outook mail stuff and my favourites lists in browsers because i have 2 years worth of medical/health related researched links there that i don't want to lose!

anyway i'm at the point of calling around to see if i acn aford any computer services will fix things for me.. because i'm sick of all the diff opinions.. and after doin so much with your help here. and going well.. but then.. obviously i came to a screaming halt with following your directions.

i just tried your last one:
' Click on the Tools tab, and click on the Check now button under Error-checking.'

there is NO Check button in Tools.

this is what i'm talking about. now i'd have to come back and ask you another question about something that should be simple right? i have gone mental trying to get things from help menus and googling etc. that's why i came here.. i really appreciate this service..

meanwhile since i was here last, Today the comp failed to start up/open. then i opened in safe mode where almost nothing worked. then started over and it booted up ok. Chrome doesn't work and AVG found a malicious something or other on the desktop something to do with PUP (see i can't even remember that now.. been sick which takes over everything! :( even this page is playing up... keeps scrolling back up to the top.. slowly! and won't allow me to stop it. i think it happens whenever i hit enter? sooo... my comp status is?? i'm not sure. partly fixed, cleaned, or.. repaired? i don't know anymore. my tech savvy friends are full on busy with working their own jobs. ok without hitting enter again, in case the scrolling starts off. . though i do not know what to do next, thanks for all the help anyway. cheers Sam

message edited by SammiJ


Report •

#165
January 20, 2015 at 23:05:17
"and i'm still overwhelmed. trying to focus is ridiculously hard"
It does get that way, even trying to get my head around everything you are saying.

" i'm concerned about stuffing it up and particularly saving my outook mail stuff and my favourites lists in browsers because i have 2 years worth of medical/health related researched links there that i don't want to lose!"
You should never be in that position Sam, backing up is an absolute basic. All hard drives fail.
Do you have a second Comp/PC or laptop?

"my comp status is?? i'm not sure. partly fixed, cleaned, or.. repaired?"
"partly fixed"
Yes.
"cleaned"
Partly
" repaired?"
No, you are still having problems.

I have kept this brief until I hear back from you.

I'm here, where are you.
http://www.timeanddate.com/worldclo...


Report •

#166
January 21, 2015 at 15:46:45
Hi again

Now that things are settling down it might be worth trying this in terms of your original updates issue - very easy to try:
http://windows.microsoft.com/en-US/...

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

Ask Question