Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: josmoe on June 30, 2013, 12:56:37 PM
-
The Tech diagnosed having issues with my registry. I don't have any Anti-Virus protection on my laptop. I haven't been able to download any updates for quite a while. I started having Printer issues two months ago. I would like to have help figuring out how to clean up my registry.
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
I got logfile from yesterday using the AdwCleaner, SuperDave recommended. I downloaded the CCleaner and ran that, However I still can't download the Maleware program, I still keep getting a popup stating an error messege, I didn't write it down so I can't remember exactly what is says. I didn't want to jump to the next step until I can get the maleware to load.
# AdwCleaner v2.303 - Logfile created 06/29/2013 at 13:44:53
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# User : doc - LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBWRASQN\2-adwcleaner[1].exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Users\doc\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\doc\AppData\Local\APN
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKU\S-1-5-21-779627122-4090618831-1756547786-501\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKU\S-1-5-21-779627122-4090618831-1756547786-501\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19088
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [6202 octets] - [29/06/2013 13:44:53]
########## EOF - \AdwCleaner[S1].txt - [6262 octets] ##########
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Before we continue download and install a free antivirus.
I recommend MicroSoft Security Essentials for a lite-weight, hassle-free AV. Install it and forget about it.
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) MicroSoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-all-versions) All versions and all languages.
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
****************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Hey,
I still can't download the Maleware program, when I try I get these pop up warnings. Internal error: Failed to expand shell folder contact " userappdata" and also a second warning Setup was not completed. Please correct the problem and run Setup again.
I tried downloading the Junkware removal tool and can't as well.
Before I tried these downloads I tried to install my HP printer driver and got this warning pop up, location %APPDATA% hp.com support info about "Fatal Error" and "MSI.BPD_Scan" The tech from HP said the laptop was the issue not the Printer.
I just got a new black cartridge and I got the same warning as the color cartridge, thats when I got the brite idea to remove and reinstall the driver. What a mistake A!
-
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
-
I am able to access the internet, I'm having trouble with downloading the Maleware program. I didn't think I shoud skip to another program. However I did and had the same issue. I need advice on how to get the Maleware program as well as the others downloaded too.
-
Try booting in Safe Mode with NetWorking and try to download the programs like that.
-
Hey SuperDave,
I thought I knew how to boot up in safe mode but I don't remember. I will need a step by step instructions to do this. Why can't I download any updates of any kind? For some reason after I ran the AdwCleaner I was able to download the lavasoft AVG Free. I really need to fix this issue so I can use my printer again. Can I try to install the other programs you suggested after the Maleware?
-
nevermind I figured it out and now trying to download malware program
-
Why can't I download any updates of any kind?
We'll get to that once we start running some scans.
-
Hey SuperDave,
Like I said I figured out running is safemode Networking but I still couldn't complete the download. I didn't write down the failure popup. I'm going to try it again and I can copy down that if you think it will help. Thanks for your help so far. Let me know if you need that message and I will try it again.
-
If you still can't download the program, try downloading it on another computer and transfer it to your computer.
-
Hey SuperDave,
I haven't gotten to saving the Malaware program yet. Is there another option?
-
I haven't gotten to saving the Malaware program yet. Is there another option?
Did you try downloading on another computer? That's the only way we'll be able to run some scans.
-
Hey SuperDave,
I haven't done that yet I will do that and get back to you
-
Hey SuperDave,
I haven't done that yet I will do that and get back to you
Great, Thank you.
-
Hey SuperDave,
I save the malaware program on a flash drive and tried downloading it on my laptop running in safe mode and it still won't install. now what?
-
Hey SuperDave,
I save the malaware program on a flash drive and tried downloading it on my laptop running in safe mode and it still won't install. now what?
Transfer it to your computer and install it. It should run then.
-
you lost me transfer to my computer and then install it. what do you mean by transfer it?
-
you lost me transfer to my computer and then install it. what do you mean by transfer it?
Download the program on another computer and save it to your USB memory stick. Plug the stick in the disfunctional computer and copy the program to your desktop. Double-click on the program to install it and then run the scan.
-
Hey SuperDave,
I burnt a CD with the Malaware program and it still won't install on the laptop in question. Thanks!!! Now what?
-
Hey SuperDave,
I burnt a CD with the Malaware program and it still won't install on the laptop in question. Thanks!!! Now what?
If you burnt it as a data disk, there shouldn't be a problem copying it to your computer.
-
Hey SuperDave,
I did save the malaware program on another computer and it installed now problem. Now what?
-
Hey SuperDave,
I did save the malaware program on another computer and it installed now problem. Now what?
Can you run the program?