Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Root Kit/G drive not showing/thumb drive not showing [Solved]

Started by btbenoit , Nov 21 2013 02:01 PM

  • This topic is locked This topic is locked
28 replies to this topic

#16 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 27 November 2013 - 01:16 PM

C:\Documents and Settings\Beaub\My Documents\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Beaub\My Documents\Downloads\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Elf_1\tbElf_.dll a variant of Win32/Toolbar.Conduit.B application
C:\Program Files\vShare\imedix-silent.exe Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A application
C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\IE\8.2\dealioToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2876\A0285358.rbf a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2876\A0285360.rbf a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2876\A0285362.rbf a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2876\A0285373.rbf a variant of Win64/Toolbar.Widgi.A application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2909\A0291710.rbf a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2909\A0291712.rbf a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2909\A0291714.rbf a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2909\A0291725.rbf a variant of Win64/Toolbar.Widgi.A application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2934\A0296992.dll a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2934\A0296994.dll a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2937\A0297521.exe a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{BB460A02-7DF6-41C7-9732-D857BB79EA6C}\RP2937\A0297522.exe a variant of Win64/Toolbar.Widgi.A application
 


    Advertisements

Register to Remove

#17 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 28 November 2013 - 02:11 PM

 

C:\Documents and Settings\Beaub\My Documents\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Beaub\My Documents\Downloads\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Elf_1\tbElf_.dll a variant of Win32/Toolbar.Conduit.B application
C:\Program Files\vShare\imedix-silent.exe Win32/Toolbar.Zugo application

 

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

#18 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 28 November 2013 - 02:21 PM

Should I have seen my G: drive by now, or will it show up after these other steps?

#19 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 28 November 2013 - 09:03 PM

# AdwCleaner v3.013 - Report created 28/11/2013 at 20:51:19
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Beaub - BEAU
# Running from : C:\Documents and Settings\Beaub\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\vShare
Folder Deleted : C:\Documents and Settings\Beaub\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Beaub\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\vShare
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Conduit
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Smartbar
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\CT2786678
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\wecarereminder@bryan
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[!] Folder Deleted : C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
[!] Folder Deleted : C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
[!] Folder Deleted : C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\dealio@mybrowserbar.com
File Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\mywebsearch.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856415
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2857572
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Dealio
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Dealio
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Dealio
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DA64E459-FBF3-4A9C-A3E8-FD0240C4E611}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "20-4-2011");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Jun 21 2011 06:07:25 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 134);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Tue Jun 21 2011 06:07:27 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "20-4-2011");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstalledDate", "Tue Apr 19 2011 17:01:49 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.3.3.2");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Jun 21 2011 06:07:25 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Jun 21 2011 06:07:25 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Jun 21 2011 06:07:24 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1297856274");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Jun 17 2011 19:16:40 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978");
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.UserID", "UN01202223756340692");
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "F");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Tue Apr 19 2011 17:01:49 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.FirstTime", "true");
Line Deleted : user_pref("CT3072253.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3072253.UserID", "UN23859565388773334");
Line Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Line Deleted : user_pref("CT3072253.defaultSearch", "FALSE");
Line Deleted : user_pref("CT3072253.embeddedsData", "[]");
Line Deleted : user_pref("CT3072253.enableSearchFromAddressBar", "FALSE");
Line Deleted : user_pref("CT3072253.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3072253.fixUrls", true);
Line Deleted : user_pref("CT3072253.installId", "fft1C1.tmp.exe");
Line Deleted : user_pref("CT3072253.installType", "XPE");
Line Deleted : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3072253.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fyahoo.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Problem%20loading%20page\"}");
Line Deleted : user_pref("CT3072253.openThankYouPage", "true");
Line Deleted : user_pref("CT3072253.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1358292036391");
Line Deleted : user_pref("CT3072253.settingsINI", true);
Line Deleted : user_pref("CT3072253.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3072253.smartbar.CTID", "CT3072253");
Line Deleted : user_pref("CT3072253.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");
Line Deleted : user_pref("CT3072253.toolbarBornServerTime", "15-01-2013");
Line Deleted : user_pref("CT3072253.toolbarCurrentServerTime", "15-01-2013");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285978514\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "poKjTfHs0NrVUIalKI8jyg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "QmycQXJXVyFVAzIiNllWhQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634386539058500000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1297856274\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634351849102130000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 06:07:23 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 06:07:23 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "e84f3675-0fbd-49a1-a192-5b684f580b77");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 21 2011 06:07:26 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1,jqs@sun.com:1.0,dealio@mybrowserbar.com:6.6,wtxpcom@mybrowserbar.com:6.6,v[...]
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZUxdm934ALus&ptnrS=ZUxdm934ALus&si=70732&ptb=s.adlW1MmoWcuuWPZc3IFw&ind=2012011320&n=77[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=");
Line Deleted : user_pref("extensions.vshareus@toolbar.update.enabled", false);
Line Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]
Line Deleted : user_pref("vshareus.install.date", "1302912000000");
Line Deleted : user_pref("vshareus.install.finished", "1.0.0");
Line Deleted : user_pref("vshareus.install.guid", "{4ab6d963-42a7-4f4b-aafb-8e09bf311479}");
Line Deleted : user_pref("vshareus.install.isHidden", true);
Line Deleted : user_pref("vshareus.install.laststatreq", "1358208000000");
Line Deleted : user_pref("vshareus.install.overlayVersion", 1);

-\\ Google Chrome v

[ File : C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [29678 octets] - [28/11/2013 20:44:51]
AdwCleaner[S0].txt - [29581 octets] - [28/11/2013 20:51:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29642 octets] ##########


#20 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 28 November 2013 - 09:05 PM

 Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Spy Sweeper   
 Windows Defender   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 HijackThis 2.0.2   
 CCleaner    
 Java™ 6 Update 21 
 Java version out of Date!
 Adobe Flash Player  11.9.900.117 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox 21.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 


#21 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 29 November 2013 - 01:48 AM

If your drive isn´t shwoing up, do the following:

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 

#22 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 29 November 2013 - 05:42 AM

a window keeps opening. Windows File Protection,needs to copy files to the DLL cache,and asking to insert XP Home Edition.

Another problem that I noticed last night, when Windows reboots, it takes about 5-10 minutes longer than it used to. Instead of having the windows logo appear bright on the monitor, it is very dim.

#23 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 29 November 2013 - 07:01 AM

Filter SFC log file

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt


  • Hit enter. The tool will create a textfile named sfcdetails.txt within the folder where you ran the command, for example C:\windows\system32\.
    Attach this file to your next reply.

Proud Member of UNITE & TB
 

#24 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 29 November 2013 - 07:16 AM

FINDSTR: cannot open C:\windows\logs\cbs\cbs.log

#25 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 30 November 2013 - 06:55 AM

I found the problem. Bad hard drive.

    Advertisements

Register to Remove

#26 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 02 December 2013 - 02:45 AM

OK - then your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 

#27 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 04 December 2013 - 06:16 AM

Thank you for your help.

#28 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 06 December 2013 - 03:02 AM

You´re welcome! :)


Proud Member of UNITE & TB
 

#29 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 06 December 2013 - 03:03 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Proud Member of UNITE & TB
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·