Internet Problem, wifes profile

Microsoft Windows vista ultimate w/ sp1...
February 21, 2014 at 02:48:09
Specs: Vista, amd athlon duel core/3 gb ram
Hello all, my Wife and i share the same computer.
Different Profiles.

My Windows internet etc work perfectly, Hers cannot load up certain websites, like Ideal world shopping channel etc. I can get into my bank account using hers.
She has a problem with Google, cannot have google as her homepage.

I have run Malwarebytes twice, done two system restores. Unininstalled I.E.9, gone to version 8, no joy. Re-installed I.E.9 the same problems.

Installed Firefox work perfectly on my Wifes profile.

Any ideas how to solve this would be appreiciated.

Windows Vista, I.E.9

Thanks, Gep


See More: Internet Problem, wifes profile

Report •


#1
February 21, 2014 at 03:17:58
Log in to your wifes account on your computer and check the addons, installed in IE.
Maybe there are on or more suspicous addons installed, that you may have to disable.

Report •

#2
February 21, 2014 at 04:08:37
Run both of these, in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#3
February 21, 2014 at 06:19:14
"Windows Vista, I.E.9"

IE11 is the latest version supported by Vista. You might wanna consider updating rather than using an outdated (& less secure) version of IE. When's the last time you ran Windows Update?


Report •

Related Solutions

#4
February 21, 2014 at 16:11:38
Err... As far as I am aware IE9 IS the latest supported version for Vista and it will not accept IE10 or 11.

Always pop back and let us know the outcome - thanks


Report •

#5
February 22, 2014 at 08:37:47
Hello all, have windows update, all is upto date and windows update does not offer me an update internet explorer 10 or 11.
I have already removed any add-ons from both profiles, me and my wife have the same add-ons. Also removed any toolbars, from Programs/features etc.

I will look into your suggestions soon, JohnW.

Thanks for all your Replies, GEP


Report •

#6
February 22, 2014 at 11:29:09
Hello JOHNW & All, downloaded Adaware, ran it, Cleaned it, forgot to save the log, silly me, lol.

Tried to download Junkware Removal Tool, I.E. & Firefox both came back they could not open the webpage by any link, your links given, or by doing a google search.

Internet explorer still not working.

Would totally uninstalling I.E.9 and Re-Installing it fix the problem????

If so, whats the best way to do this???

Thanks, GEP


Report •

#7
February 22, 2014 at 12:39:19
downloaded Adaware
If you mean ADWCleaner, you should find the log in the ADWCleaner folder right off the root of your main drive (which is usually C).

As regards IE I don't want to interfere with Johnw's flow on this. It might take quite a few more step to get there so don't worry until Johnw has finished. He is in Perth Australia so he won't be around for a few hours.

EDIT:
Wow, you are up early John.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#8
February 22, 2014 at 12:39:44
"Would totally uninstalling I.E.9 and Re-Installing it fix the problem????"
Not if you are infected, which it looks like you are.

"forgot to save the log, silly me, lol."
As per my post #2.

You can find the logfile at C:\AdwCleaner[S1].txt as well.


Report •

#9
February 23, 2014 at 01:41:13
Hello JohnW and Derek and all, hope this is what you asked for.

# AdwCleaner v3.019 - Report created 22/02/2014 at 18:59:51
# Updated 17/02/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : gep - GEP-POLLYS-PC
# Running from : C:\Users\Mayi\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\gep\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\gep\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\gep\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\gep\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\gep\AppData\LocalLow\somotomoviestoolbar1
Folder Deleted : C:\Users\gep\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\gep\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Mayi\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\iac
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Mayi\AppData\LocalLow\somotomoviestoolbar1
Folder Deleted : C:\Users\Mayi\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\Mayi\AppData\Roaming\NCH Software
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92B1011D-D23D-4E1A-8EE7-8EF5C78DCCD5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4084D718-3644-4504-B828-BB054729E39C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\SafetyNut
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\TelevisionFanaticEI
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


*************************

AdwCleaner[R0].txt - [12988 octets] - [22/02/2014 18:53:39]
AdwCleaner[R1].txt - [12256 octets] - [22/02/2014 18:57:42]
AdwCleaner[S0].txt - [1287 octets] - [22/02/2014 18:56:32]
AdwCleaner[S1].txt - [12318 octets] - [22/02/2014 18:59:51]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [12379 octets] ##########

Thanks, GEP


Report •

#10
February 23, 2014 at 01:43:15
Hello all, also this one for further information.


Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\boost_interprocess
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\TelevisionFanaticEI
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\gep\AppData\Local\Conduit
Folder Deleted : C:\Users\gep\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\gep\AppData\Local\PackageAware
Folder Deleted : C:\Users\gep\AppData\Local\webplayer

Thanks, Gep


Report •

#11
February 23, 2014 at 01:57:19
Hello all, these are from Quarantine (Part One of 4)

C:\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z->\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir C:\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll->\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir
C:\ProgramData\apn\APN-Stub\W3IV6-G\Setup.ini->\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\Setup.ini.vir C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat->\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat.vir
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe->\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe.vir
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico->\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico.vir
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll->\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll.vir
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll->\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir
C:\ProgramData\w3i\InstallIQUpdater\data.xml->\AdwCleaner\Quarantine\C\ProgramData\w3i\InstallIQUpdater\data.xml.vir C:\ProgramData\w3i\InstallIQUpdater\iqu.ini->\AdwCleaner\Quarantine\C\ProgramData\w3i\InstallIQUpdater\iqu.ini.vir
C:\ProgramData\w3i\InstallIQUpdater\IQUMessageDlg.xsl->\AdwCleaner\Quarantine\C\ProgramData\w3i\InstallIQUpdater\IQUMessageDlg.xsl.vir C:\ProgramData\w3i\InstallIQUpdater\updater.log->\AdwCleaner\Quarantine\C\ProgramData\w3i\InstallIQUpdater\updater.log.vir
C:\ProgramData\w3i\InstallIQUpdater\import\freezewrap.xml->\AdwCleaner\Quarantine\C\ProgramData\w3i\InstallIQUpdater\import\freezewrap.xml.vir C:\Program Files\myfree codec\1.0b beta\avcodec-52.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\avcodec-52.dll.vir
C:\Program Files\myfree codec\1.0b beta\avdevice-52.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\avdevice-52.dll.vir C:\Program Files\myfree codec\1.0b beta\avformat-52.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\avformat-52.dll.vir
C:\Program Files\myfree codec\1.0b beta\avutil-50.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\avutil-50.dll.vir C:\Program Files\myfree codec\1.0b beta\FF_MPEG.DLL->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\FF_MPEG.DLL.vir
C:\Program Files\myfree codec\1.0b beta\FF_MPEG.INI->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\FF_MPEG.INI.vir
C:\Program Files\myfree codec\1.0b beta\libgsm.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\libgsm.dll.vir
C:\Program Files\myfree codec\1.0b beta\MyFree.ax->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\MyFree.ax.vir
C:\Program Files\myfree codec\1.0b beta\pthread.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\pthread.dll.vir
C:\Program Files\myfree codec\1.0b beta\pthreadGC2.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\pthreadGC2.dll.vir
C:\Program Files\myfree codec\1.0b beta\TG_EVRC.DLL->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\TG_EVRC.DLL.vir
C:\Program Files\myfree codec\1.0b beta\TG_MMX.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\TG_MMX.dll.vir
C:\Program Files\myfree codec\1.0b beta\TG_QCELP.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\TG_QCELP.dll.vir
C:\Program Files\myfree codec\1.0b beta\TG_VRESIZE.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\TG_VRESIZE.dll.vir
C:\Program Files\myfree codec\1.0b beta\uninstall.exe->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\uninstall.exe.vir
C:\Program Files\myfree codec\1.0b beta\XVID-CORE\xvid.ax->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\XVID-CORE\xvid.ax.vir
C:\Program Files\myfree codec\1.0b beta\XVID-CORE\xvidcore.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\XVID-CORE\xvidcore.dll.vir
C:\Program Files\myfree codec\1.0b beta\AC-3\ac3dx.ax->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\AC-3\ac3dx.ax.vir
C:\Program Files\myfree codec\1.0b beta\AC-3\liba52.dll->\AdwCleaner\Quarantine\C\Program Files\myfree codec\1.0b beta\AC-3\liba52.dll.vir
C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll->\AdwCleaner\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll.vir
C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll->\AdwCleaner\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll.vir
C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll->\AdwCleaner\Quarantine\C\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll.vir
C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx->\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\GC\coupons_2.3.crx.vir
C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx->\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\GC\coupons_2.4.crx.vir
C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx->\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx.vir
C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx->\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx.vir
C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx->\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\GC\saebay_1.0.crx.vir
C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx->\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\GC\saebay_1.1.crx.vir


Report •

#12
February 23, 2014 at 01:58:19
Part Two of 4>

C:\Users\gep\AppData\Local\webplayer\common.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\common.js.vir
C:\Users\gep\AppData\Local\webplayer\installer.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\installer.js.vir
C:\Users\gep\AppData\Local\webplayer\Uninstall.exe->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\Uninstall.exe.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\WebPlayer.exe->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\WebPlayer.exe.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\config.xml->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\config.xml.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\default_config.json->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\default_config.json.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\main.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\main.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\stub.html->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\stub.html.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\web_player\initialize.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\web_player\initialize.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\web_player\web_player.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\web_player\web_player.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\event_listener.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\event_listener.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\initialize.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\initialize.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\io.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\io.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\json.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\json.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\jsonstorage.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\jsonstorage.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\storage.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\storage.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\utils.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\utils.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\xhr.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\scripts\kango\xhr.js.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\icons\main.ico->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\icons\main.ico.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\icons\shortcut.ico->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\icons\shortcut.ico.vir
C:\Users\gep\AppData\Local\webplayer\FLV Player\icons\tray.ico->\AdwCleaner\Quarantine\C\Users\gep\AppData\Local\webplayer\FLV Player\icons\tray.ico.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\DynamicDialogs.zip->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\DynamicDialogs.zip.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1782918_1773459_GB.xml->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1782918_1773459_GB.xml.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png.vir
C:\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png->\AdwCleaner\Quarantine\C\Users\gep\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png.vir


Report •

#13
February 23, 2014 at 02:00:32
Part Three of 4.

C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\1.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\1.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\a.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\a.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\b.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\b.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\c.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\c.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\d.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\d.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\e.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\e.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\f.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\f.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\g.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\g.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\h.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\h.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\i.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\i.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\j.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\j.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\k.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\k.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\l.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\l.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\m.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\m.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\n.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\n.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\o.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\o.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\p.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\p.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\q.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\q.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\r.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\r.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\s.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\s.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\t.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\t.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\u.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\u.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\v.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\v.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\w.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\w.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\wlu.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\wlu.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\x.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\x.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\y.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\y.txt.vir
C:\Users\Mayi\AppData\LocalLow\PriceGong\Data\z.txt->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\LocalLow\PriceGong\Data\z.txt.vir


Report •

#14
February 23, 2014 at 02:01:36
Part Four of Four.

C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\expressrip.exe->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\expressrip.exe.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\expressripsetup_v1.92.exe->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\expressripsetup_v1.92.exe.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\aac_m4a_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\aac_m4a_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\arrowlist.gif->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\arrowlist.gif.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\commandline.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\commandline.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\encoder_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\encoder_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\expressburn.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\expressburn.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\flac_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\flac_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\help.js->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\help.js.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\hlp.css->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\hlp.css.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\index.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\index.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\licenceterms.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\licenceterms.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\mp3_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\mp3_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\ogg_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\ogg_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\overview.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\overview.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\program_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\program_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\register.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\register.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\shortcut.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\shortcut.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\switch.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\switch.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\usage.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\usage.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\volumechange.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\volumechange.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\vox_raw_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\vox_raw_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\wav_settings.html->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Program Files\ExpressRip\Help\wav_settings.html.vir
C:\Users\Mayi\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe->\AdwCleaner\Quarantine\C\Users\Mayi\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe.vir
C:\Windows\System32\Tasks\NCH Software->\AdwCleaner\Quarantine\C\Windows\System32\Tasks\NCH Software.vir

Thanks for your patience and replies, GEP


Report •

#15
February 23, 2014 at 02:03:35
"EDIT:
Wow, you are up early John"

Went back to bed Derek.


Report •

#16
February 23, 2014 at 02:12:19
" hope this is what you asked for"
Yep, that's what I wanted & it shows I am on the right track.

"Tried to download Junkware Removal Tool, I.E. & Firefox both came back they could not open the webpage by any link, your links given, or by doing a google search"
That is the infection/malware doing it's job.

We now have to find a way to outsmart the nasties, have included many ways to do so for the next step. Just a matter of finding one that works,

Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please. Note how to avoid the trial period.
If you can't find the log, do a search for malwarebytes or look in here.
C:\Users\Pete\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Replace Pete with the User's name.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
Make sure you Uncheck > Enable free trial at the End of the install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...
Use Chameleon to run Malwarebytes Anti-Malware on infected systems
https://helpdesk.malwarebytes.org/e...
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
http://www.spywareinfoforum.com/ind...
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your Desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.



Report •

#17
February 23, 2014 at 10:31:35
Hello JohnW and all, I downloaded and ran Malwarebytes around a week or so, did not know about (Uncheck > Enable free trial at the End of the install)

Can i still get it free???

The information you gave me in your last post is a bit much for my brain, or lack ot it.

I will download a new log, but, not sure like I wrote above if I can do all the above to solve this problem???

Chameleon??

Thanks Gepuk2001


Report •

#18
February 23, 2014 at 10:48:49
Hello JohnW and all, did another scan, came back clean, nothing in quarantine.

I will try that uninstall Malwarebytes and rename the exe.

gep


Report •

#19
February 23, 2014 at 11:07:11
Hello JohnW, uninstalled Malwarebytes Chameleon, did not open.

Used the twelve tries, none worked, so sent a request for help to Malwarebytes.

Also, tried to re-install malwarebytes (Normal one) came up saying it could not, Message, create file Failed, error code 5. There is already a folder there, so tried to instal it to that folder, would not allow it. Tried to instal it elsewhere, failed. Tried to delete, would not delete existing folder.

Thanks, gep

message edited by gep


Report •

#20
February 23, 2014 at 11:09:05
"Can i still get it free???"
All tools that I will get you to use are FREE.

"Hello JohnW and all, did another scan, came back clean, nothing in quarantine"
With what gep?


Report •

#21
February 23, 2014 at 11:13:13
Lets move on gep, when programs will not work, that is due to the infections, we have to find a program that will beat them.


Report •

#22
February 23, 2014 at 11:17:41
1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
Unhide.exe is a program that will revert many of the changes on your computer caused by the FakeHDD family of rogue anti-spyware programs. This family of rogues pretends to be a system optimization program that will solve errors with your computer’s hard disks, memory, and performance. It will also display fake alerts stating that your computer has numerous computer issues and prompt you to purchase the program in order to resolve these issues.
As part of the infection process, this family of rogues will change the attributes of all the files on your computer's fixed hard disks so that they are hidden (+H). It will then change your Windows configuration to make it so that you do not see hidden files or hidden system files. By doing this, the rogue attempts to make you think that all of your files have been deleted in the hopes that this will trick you into purchasing the program in order to recover your files.
This infection will also delete shortcuts in various folders on your computer so that you can no longer find them pinned to the taskbar, in the quick launch, or in your Start Menu. When the infection deletes the shortcuts it will store a backup copy of them in the folder %Temp%\smtmp. Using this backup, we can then restore the files to their proper location so you can find them once again under your Start Menu and in other locations. It is very important, though, that if you are infected with this family of infections that you do not delete any of the files in your %Temp% folder and that you do not run any temp file cleaners as they will delete this backup folder. With this folder removed, we will not be able to restore the shortcuts back to their proper location.
Unhide.exe is used to automatically revert these changes on your computer. When run, it will unhide (-H) all +H files on the fixed disks of your computer. It will not, though, unhide any files that also have the +S attribute. Unhide will also automatically detect if the %Temp%\smtmp folder exists, and if it does, it will copy them back to their proper locations for you. If your shortcuts are missing due to this infection and you have already cleaned out your Temp folder, then you can use the scripts at the bottom of this post to restore your default Start Menu.
Unhide will also reset certain Registry settings that this infection changes to hide your shortcuts and start menu items. When Unhide is running, if it detects any changes in these Registry settings it will reset them to the Windows default and display a messaging that it has done so.

2: Reboot

3: Run Defogger & then Combofix.
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
Please download DeFogger and save it to your Desktop
Once downloaded, double-click on the DeFogger icon to start the tool.
Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
Download ComboFix to your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#23
February 23, 2014 at 11:55:46
Have zipped up Junkware Removal Tool & named it gep.

Make sure you always right click on all files & click on > Run as Administrator.

Download from here if you can.
http://wikisend.com/download/233260...

message edited by Johnw


Report •

#24
February 23, 2014 at 12:11:45
Hello JohnW, heres the Log File from Unhide.

Will try the next attempt to fix as soon as my computer reboots,

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 02/23/2014 07:56:04 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 249632 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 352 files processed.

The C:\Users\gep\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!

Program finished at: 02/23/2014 08:09:01 PM
Execution time: 0 hours(s), 12 minute(s), and 56 seconds(s)

Thanks, Gep


Report •

#25
February 23, 2014 at 12:18:58
Hello JohnW, with Malwarebytes before i uninstalled it.

Gep


Report •

#26
February 23, 2014 at 12:27:12
"with Malwarebytes before i uninstalled it"
Ok, we will run again later, we are in the process of breaking down the nasties bit by bit, that then allows repeat use of programs, which then may have access to files that it could not get to before.

Report •

#27
February 23, 2014 at 12:33:36
Hello JohnW,

Question: Do you want me to Run these or not?????
3: Run Defogger & then Combofix.
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
Please download DeFogger and save it to your Desktop etc


here is the log file

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by gep on 23/02/2014 at 20:22:45.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{94CAAEC0-3F2F-4F10-8516-29EB03CB99A2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6971DB4-5711-4836-91A5-E5AD2811C9E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7E2DFBE0-EC3B-4342-8506-3568311F02F0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8de1ac3a-6466-4e02-ba60-6a2aa94ab270}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D5F6D078-BA81-4003-BB6D-FF09001D2780}

~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\driver robot.job"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\gep\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\gep\appdata\local\{1EBE02FD-659A-4AC0-9B44-411185B29489}
Successfully deleted: [Empty Folder] C:\Users\gep\appdata\local\{52F07526-9718-47FB-AB2B-58179FF28C23}
Successfully deleted: [Empty Folder] C:\Users\gep\appdata\local\{5AC9417B-C867-4E01-B29F-CA3B31082FF5}
Successfully deleted: [Empty Folder] C:\Users\gep\appdata\local\{69BE1A76-78FB-4E86-A58A-300FE0187828}

~~~ Event Viewer Logs were cleared

GEP


Report •

#28
February 23, 2014 at 12:36:31
"Question: Do you want me to Run these or not?????"
Yep.

Refer my post #26.


Report •

#29
February 23, 2014 at 13:03:31
Hello JohnW, Ran ReImage, defogger, it found one worm, will not go any further without a KEY.Also, Click the Disable button to disable your CD Emulation drivers did not appear.

C:\Programfiles\hosts\_anti_adawares_pups\hosts_anti_adaware_main.exe---
Worm?autoit.AZCI a.k.a Artemis! C1DB9BDF885C a.k.a. Trojan_Downloader.Autoit_gen

Do you still want me to Run ComboFix

Also says my computer is running slow, has been for around two years, but, not that bothered at present, just want my Wifes I.E. back working properly.

Thanks, Gep

message edited by gep


Report •

#30
February 23, 2014 at 13:10:03
"Do you still want me to Run ComboFix"
Yep, when one thing doesn't work, we move on.

message edited by Johnw


Report •

#31
February 23, 2014 at 13:29:31
"Hello JohnW, Ran ReImage, defogger, it found one worm, will not go any further without a KEY.Also, Click the Disable button to disable your CD Emulation drivers did not appear"

"Ran ReImage"?????????


Report •

#32
February 23, 2014 at 13:43:02
"just want my Wifes I.E. back working properly"
That is my goal as well, cannot achieve that until you are clean.

Report •

#33
February 23, 2014 at 14:12:17
Hello JohnW, Ran ComboFix, 1 of 3

ComboFix 14-02-23.01 - gep 23/02/2014 21:25:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1558 [GMT 0:00]
Running from: c:\users\gep\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\F7FB4D59FA.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-01-23 to 2014-02-23 )))))))))))))))))))))))))))))))
.
.
2014-02-23 21:37 . 2014-02-23 21:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-23 21:37 . 2014-02-23 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-23 20:39 . 2014-02-23 20:39 -------- d-----w- c:\programdata\CDB
2014-02-23 20:38 . 2014-02-23 20:38 -------- d-----w- c:\users\gep\AppData\Local\AVG SafeGuard toolbar
2014-02-23 20:38 . 2014-02-23 20:38 -------- d-----w- c:\program files\Reimage
2014-02-23 20:38 . 2014-02-23 20:40 -------- d-----w- C:\rei
2014-02-23 20:37 . 2014-02-23 20:36 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-23 20:36 . 2014-02-23 20:37 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2014-02-23 20:36 . 2014-02-23 20:37 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2014-02-23 20:36 . 2014-02-23 20:36 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2014-02-23 20:36 . 2014-02-23 20:36 -------- d--h--w- c:\programdata\Common Files
2014-02-23 20:22 . 2014-02-23 20:22 -------- d-----w- c:\windows\ERUNT
2014-02-23 19:26 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-23 19:15 . 2014-02-23 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-23 19:10 . 2014-02-23 19:10 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-22 19:08 . 2014-02-22 19:09 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2014-02-19 11:14 . 2014-02-19 11:14 -------- d-----w- c:\users\Mayi\AppData\Roaming\Malwarebytes
2014-02-17 10:16 . 2014-02-17 10:16 -------- d-----w- c:\users\gep\AppData\Roaming\KODAK AiO Home Center978700790
2014-02-17 09:41 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2014-02-16 16:19 . 2014-02-16 16:19 -------- d-----w- c:\users\Mayi\AppData\Local\Macromedia
2014-02-16 16:14 . 2014-02-16 16:14 -------- d-----w- c:\users\Mayi\AppData\Local\Mozilla
2014-02-16 16:13 . 2014-02-16 16:13 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-02-13 19:29 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-02 15:34 . 2013-01-18 10:48 60928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKAiO2PPR.dll
2014-01-30 09:54 . 2013-11-19 16:52 31520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-01-30 09:54 . 2014-01-08 15:54 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-01-30 09:54 . 2013-12-24 10:40 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
.


Report •

#34
February 23, 2014 at 14:13:21
2 of 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-22 15:55 . 2012-04-09 15:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-22 15:55 . 2011-07-23 20:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-02 21:04 . 2011-09-04 14:21 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-02-23 20:36 3401752 ----a-w- c:\program files\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll" [2014-02-23 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-02 325728]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"HOSTS Anti-Adware_PUPs"="c:\program files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-02-22 302961]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2014-02-23 2534936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\users\gep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Quick ShutDown.lnk - c:\program files\Quick ShutDown\qsd.exe [2003-2-18 294400]
.
c:\users\Mayi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2048741177-4184414092-1500873600-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGTP
*NewlyCreated* - CPUZ134
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 15:55]
.
2014-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 16:26]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 19:28]
.
2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 19:28]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.halifax-online.co.uk/pe...
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
Toolbar-10 - (no file)
HKU-Default-Run-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.


Report •

#35
February 23, 2014 at 14:14:31
Hello JohnW, 3 of 3

**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-23 21:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360\1501000.012\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton 360\Engine\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1d,3a,29,fe,f0,bc,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-02-23 21:41:47
ComboFix-quarantined-files.txt 2014-02-23 21:41
.
Pre-Run: 126,097,149,952 bytes free
Post-Run: 126,287,040,512 bytes free
.
- - End Of File - - 8A184E0F1F460AF5A8757AFEB890C362
588AE8F0C685C02BA11F30D9CD7E61A0


Report •

#36
February 23, 2014 at 14:19:17
Hello JohnW, I have Norton AV 360 14 months left. CCleaner Spywareblaster WinPatrol on my computer, besides the ones I have just downloaded.

The ones above, are they OK?

If not, anymore to Beef up my computer???


Do you live in Australia, my brother lives in Adelaide.

Thanks for your help, Gep


Report •

#37
February 23, 2014 at 14:29:28
Hello JohnW, just tried to run I.E. on my Wifes profile, still no change, still not opening certain websites etc.

I have managed to Re-Install Malwarebytes, got 5 days free trial left.

Going to bed now, its 22:30 here in the UK, going to work in 8 hours, so will come back around 19:00 Monday. 20 and a half hours from now.

Thanks for all you help so far, good-night, or good morning in Australia, GEP


Report •

#38
February 23, 2014 at 19:14:29
"Hello JohnW, I have Norton AV 360 14 months left. CCleaner Spywareblaster WinPatrol on my computer, besides the ones I have just downloaded"
I shall address these at the end of the cleaning & repair process.

"Do you live in Australia, my brother lives in Adelaide"
I'm here, I also have a younger brother in Adelaide.
http://www.timeanddate.com/worldclo...

"I have managed to Re-Install Malwarebytes, got 5 days free trial left"
When Malwarebytes expires, uninstall it with this & reinstall as per my post #16. Keep it as part of your armory.
Use IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerfull Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif


Report •

#39
February 24, 2014 at 08:14:13
Hello JohnW, is there a program a free one, that will get quicken up my computer.
Or how do i find out whats slowing it down.
I.E. Windows Mail and some others are slow to open. Also, one of the programs i think Combofix said it was slow.

Is there any more i can do to find out my Wifes problem??

Have downloaded IOBIT, and will use it to delete Malwarebytes.

Thanks, Gep

message edited by gep


Report •

#40
February 24, 2014 at 14:24:20
Please download Rkill from any one of these links and save it to your Desktop. Copy & Paste the contents of the log in your reply.
http://www.technibble.com/rkill-rep...
Rkill.com
http://download.bleepingcomputer.co...
Rkill.scr
http://download.bleepingcomputer.co...
Rkill.pif
http://download.bleepingcomputer.co...
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Run TDSSKiller. Copy & Paste the contents of the log in your next post please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://usa.kaspersky.com/downloads/...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS doesn't run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your Desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button
If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.


Report •

#41
February 24, 2014 at 14:58:38
Hello JohnW, downloaded and installed RKILL, ran it, nothing coming up, how do i get it to work.

Thanks, Gep


Report •

#42
February 24, 2014 at 15:09:04
No idea why Gep.

Lets move on & run TDSSKiller.


Report •

#43
February 24, 2014 at 15:30:44
Hello JohnW, ran TDSSkiller, NO Threats found.

That Sparktrust PC Cleaner Plus has started working, finding loads of problems, not on Malware yet, hope it finishes soon, or will have to wait till tomorrow, got work in 7 hours.

GEP


Report •

#44
February 24, 2014 at 15:37:53
Hello JohnW, That Sparktrust PC Cleaner Plus WAS working, finding loads of problems, got to Malware, then Dissappeared??? Confused.

What next??

I have to sign off now, need sleep before worki in the morning.

Back arond 19:00 uk time.

Thanks again, GEP


Report •

#45
February 24, 2014 at 15:50:15
"Sparktrust PC Cleaner Plus WAS working"
You have clicked on something you shouldn't have Ian, that is a con job.

I haven't mentioned that program.

See if it is listed in IObit Uninstaller, if so use the the uninstaller as per my previous instructions.

If not, wait for further instructions.

message edited by Johnw


Report •

#46
February 25, 2014 at 08:16:06
Hello JohnW, will be back on Computer at 19:00 UK time.

THAT Sparktrust PC Cleaner Plus, must have been on the webpage for me to get confused.

JOHNW, what was the program you asked me to download and Run .

Thanks Gep


Report •

#47
February 25, 2014 at 13:57:43
"JOHNW, what was the program you asked me to download and Run"
You have run everything I have asked you to download Gep.


Report •

#48
February 25, 2014 at 13:58:32
Download Security Check by screen317 from one of the following links and save it to your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#49
February 25, 2014 at 14:32:06
Hello JohnW, here is the repot.

Results of screen317's Security Check version 0.99.79
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Windows Firewall Disabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
WinPatrol
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java(TM) 6 Update 31
Java(TM) 6 Update 7
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 12.0.0.70
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Adobe Reader 10.1.9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (27.0.1)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
IObit IObit Malware Fighter IMFsrv.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
BillP Studios WinPatrol WinPatrol.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 1 %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

GEP


Report •

#50
February 25, 2014 at 14:54:42
"Java(TM) 6 Update 31
Java(TM) 6 Update 7
[color=red][b]Java version out of Date![/b][/color] "

If you don't need Java, remove it, any program you have installed will squawk & ask for Java.
Use IOBit Uninstaller.
You then get a FREE non Java program to replace it, post here if you need help.

If you decide to keep, clean it up with this.

To remove old and redundant versions of the Java Runtime Environment:
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://singularlabs.com/software/ja...



Report •

#51
February 25, 2014 at 14:58:16
Hello JohnW, got rid of IOBit Uninstaller, as it did not work properly.

Will have to remove it through windows

JAVA, Removed

Gep

message edited by gep


Report •

#52
February 25, 2014 at 14:59:49
"Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Adobe Reader 10.1.9 [color=red][b]Adobe Reader out of Date![/b][/color] "

To improve your security, remove the old versions.


Report •

#53
February 25, 2014 at 15:05:15
"Will have to remove it through windows"
Ok.

Next after steps #51 & #52.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif


Report •

#54
February 25, 2014 at 15:15:16
Hello JohnW, got rid of Adobe 9, tried to get rid of 10, cannot find Adobe 10.1.9??

GEP


Report •

#55
February 25, 2014 at 15:18:18
"cannot find Adobe 10.1.9?
Ok, move on to Run Wise Disk Cleaner

Report •

#56
February 25, 2014 at 15:31:47
Hello JohnW, did that disk clean, got rid of a lot.

I am off to bed, work in the morning, please leave what to do next and will get to it Wed around 19:00.

Thanks, Gep


Report •

#57
February 25, 2014 at 15:33:45
RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

message edited by Johnw


Report •

#58
February 25, 2014 at 15:41:05
After doing #57, we shall address the Wife's problems.
How to Check Hosts Files, DNS and Proxy Settings for Normal Internet Access after Malware Infection
http://www.dotfab.com/resources/how...


Report •

#59
February 26, 2014 at 11:20:57
Hello JohnW, did all you asked, still the problem persists.

Gep


Report •

#60
February 26, 2014 at 12:50:55
"Hello JohnW, did all you asked, still the problem persists"
Yep, that's because I haven't started to address that problem, preparation is everything.

Correct me if I am wrong, you share Norton?

If so I will go down the path of her profile is corrupt.

Fix a corrupted user profile
http://windows.microsoft.com/en-us/...


Report •

#61
February 26, 2014 at 13:06:55
I would suggest to simply create a new profile for your wife, copy the folders, where your wife stored her dokuments, music, pictures a.s.o., to the new profile folder, copy her folder, where the emails are stored and try, whether it works or not.

If everything works, and she don't miss any files, delete the old profile.


Report •

#62
February 26, 2014 at 14:05:52
Hello JohnW, Paulsep, tried the microsoft fix, did what it suggested. One of the file names was not their, two entries, 1, 2, so left both out of the copy.
I created a new account, re-started my computer, and tried for a second time in Users, and elsewhere in C: to find the new Profile to copy files to, but, NEW Profile was missing. Only mine and my Wifes current where their.
(Not to sure of doing the above again, as my Wife would go ballistic if I made a mess of it, lol.

QUESTION: I can now get onto the WEBSITES on HER Profile, but when I try to Open A Page inside the Website (Even this website) it says it needs to RECOVER the webpage, and will not go any further.

Is the Problem something else??

Thanks, GEP


Report •

#63
February 26, 2014 at 14:17:07
You have to logon minimum one time with the newly create user, so that the profile folder will be created.

When logged in with that new user, simply try to surf some websites and check, whether it works.


Report •

#64
February 26, 2014 at 15:11:26
Hello JohnW and all, greatly appreiciate your help, set and have found new profile.

Problem one, not too happy to copy all over to her new profile.

Problem one:Cannot find her email Password?? Tried her email account, shes forgot.

Two:Cannot import her contacts, emails, saved emails etc, cannot find them.
Find my own ok though, lol.

I think I will have to either pay someone, or do it the old way, save to a hard drive, and copy over.

Thanks again for all your help, just above my Brain capacity.

Internet Explorer does work properly in a new Profile
Gep

message edited by gep


Report •

#65
February 26, 2014 at 15:29:20
You don't have to copy, you can move the folders, which is quite fast.

Forgotten email password?
Ok, that's a peronal problem we can't help on.

Without password, you can't access the emails, even if you'll find them, for copying or moving.

Maybe a professional can help on that.

We're not sitting infront of your computer, which makes it nearly impossible, to help you find your files.

So a professional might do the trick.


Report •

#66
February 26, 2014 at 15:55:51
"Problem one:Cannot find her email Password??"
This may pick her passwords up.

SIW Portable
http://portableapps.com/apps/utilit...


Report •


Ask Question