Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus help


  • Please log in to reply
40 replies to this topic

#16 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 07 February 2014 - 12:00 PM

Ok, we still have options.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

BC AdBot (Login to Remove)

 


#17 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 07 February 2014 - 07:51 PM

OK, I'm home and just ran the junkware scan and will PM now and then go run the eset online scan.

 

Long Day in the rain but California needs it bad so no complaints.



#18 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 07 February 2014 - 10:06 PM

Yes it does,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8.1 x64
Ran by Asus8 on Fri 02/07/2014 at 16:28:55.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Asus8\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
NextLive REG_SZ C:\Windows\SysWOW64\rundll32.exe "C:\Users\Asus8\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l




~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322122255}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322122255}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{98892742-F99D-4A87-98F6-9BE44459CAC7}



~~~ Files

Successfully deleted: [File] "C:\Users\Asus8\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus8\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Asus8\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus8\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Asus8\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Asus8\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Asus8\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Asus8\appdata\local\cre"



~~~ FireFox

Successfully deleted the following from C:\Users\Asus8\AppData\Roaming\mozilla\firefox\profiles\0ks0ocqk.default\prefs.js

user_pref("extensions.S1C8GEiJQqeb.url", "hxxp://foreveryboxzip.ru/sync2/?q=hfZ9oeV9CGhEAen0rihTB6lKDzt4olljtNtVh7n0rjrFrTsGrTrGrja8tMFHhd9FqdaFrdkGrTaFqdkMDMlGojUMAe4Uojw7rdw



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/07/2014 at 16:31:56.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ESET
C:\Users\All Users\alfdcopinldgohbcijanhhjiikdmlplb\BIMO4SqnFn4I.js Win32/Adware.MultiPlug.H application
C:\Users\All Users\ddeala4me\T_xVtN5R5.dll a variant of Win32/AdWare.MultiPlug.N application
C:\Users\All Users\ddeala4me\T_xVtN5R5.exe a variant of Win32/AdWare.MultiPlug.K.gen application
C:\Users\All Users\ddeala4me\T_xVtN5R5.x64.dll a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IMVU_Inc\hk64tbIMVU.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IMVU_Inc\hktbIMVU.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IMVU_Inc\IMVU_IncToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IMVU_Inc\ldrtbIMVU.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\IMVU_Inc\tbIMVU.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll.vir a variant of Win32/AdWare.Vitruvian.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linksicle\Service\lssvc.exe.vir Win32/AdWare.Vitruvian.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProCrash.dll.vir probably a variant of Win32/SProtector.E potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir a variant of Win32/AdWare.SpeedingUpMyPC.D application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bg.exe.vir probably a variant of Win32/Toolbar.CrossRider.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho.dll.vir Win32/Toolbar.CrossRider.R potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-chromeinstaller.exe.vir Win32/Toolbar.CrossRider.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-codedownloader.exe.vir Win32/Toolbar.CrossRider.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-enabler.exe.vir probably a variant of Win32/Toolbar.CrossRider.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-firefoxinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.2\Plus-HD-1.2-updater.exe.vir probably a variant of Win32/Toolbar.CrossRider.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1389226449871.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390871682009.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390871682040.vir Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391015424046.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391015424861.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391486599244.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391486599268.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win64/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\Local\Conduit\CT2612669\IMVU_IncAutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\hk64tbIMV0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\hk64tbIMVU.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\hktbIMV0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\hktbIMVU.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\ldrtbIMV0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\ldrtbIMVU.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\tbIMV0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\tbIMV1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\tbIMVU.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Asus8\AppData\LocalLow\IMVU_Inc\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Program Files\Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
C:\ProgramData\alfdcopinldgohbcijanhhjiikdmlplb\BIMO4SqnFn4I.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\ProgramData\ddeala4me\T_xVtN5R5.dll a variant of Win32/AdWare.MultiPlug.N application cleaned by deleting - quarantined
C:\ProgramData\ddeala4me\T_xVtN5R5.exe a variant of Win32/AdWare.MultiPlug.K.gen application cleaned by deleting - quarantined
C:\ProgramData\ddeala4me\T_xVtN5R5.x64.dll a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\Users\Asus8\AppData\Local\GCC\Controller.exe a variant of Win32/GigaClicks.AC potentially unwanted application deleted - quarantined
C:\Users\Asus8\AppData\Local\genienext\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Asus8\AppData\Local\Temp\SPSetup.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\Users\Asus8\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe a variant of MSIL/Adware.StrongVault.A application cleaned by deleting - quarantined
C:\Users\Asus8\AppData\Roaming\Mozilla\Firefox\Profiles\0ks0ocqk.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Asus8\AppData\Roaming\Mozilla\Firefox\Profiles\0ks0ocqk.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Asus8\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\DownloadManagerSetup (1).exe a variant of Win32/InstallCore.IJ potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\DownloadManagerSetup (2).exe a variant of Win32/InstallCore.IJ potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.IJ potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\FlvPlayerSetup.exe a variant of Win32/InstallCore.IJ potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\installer_mixxx_English (1).exe a variant of Win32/InstallCore.CX potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\installer_mixxx_English (2).exe a variant of Win32/InstallCore.CX potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\installer_mixxx_English.exe a variant of Win32/InstallCore.CX potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\Unconfirmed 191145.crdownload Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\Unconfirmed 401762.crdownload a variant of Win32/InstallCore.IJ potentially unwanted application deleted - quarantined
C:\Users\Asus8\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Windows\Installer\a7c75e.msi Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#19 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 07 February 2014 - 10:08 PM

Please re run JRT as it failed to remove 2 things..

Use Safe Mode this time


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#20 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 08 February 2014 - 10:11 PM

junkware remover produced errors saying file could not be copied during registry backup but then it rescanned and I just PM you the report



#21 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 09 February 2014 - 06:14 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8.1 x64
Ran by Asus8 on Sat 02/08/2014 at 18:54:06.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Asus8\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322122255}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322122255}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/08/2014 at 18:56:39.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



OK it got them the second time and that is probably what cussed the glitches.


Do you still have redirects?

Edited by boopme, 09 February 2014 - 06:15 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#22 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 09 February 2014 - 06:41 PM

Mostly been on my own clean machine but I have not seen any the last 2 days. She does seem to have some stuff running and her reboot time takes awhile so maybe that needs cleaning too.



#23 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 10 February 2014 - 07:56 PM

Looks clean you can do this to check your files and disk.
 
Download Windows Repair (All in One) from this site Install the program then run it. NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator". NOTE 2. Disable your antivirus program before running Windows Repair. Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed. If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk. In that case make sure you restart computer. p22004342.gif Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button: p22004343.gif Go to Step 4 and under "System Restore" click on Create button: p22004346.gif Go to Start Repairs tab and click Start button. Leave all checkmarks as they're. NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design. Click on Start button. p22004347.gifPost Windows Repair log which is located in the following folder: 64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#24 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 20 February 2014 - 12:28 PM

Finally got some time to work on this again and when I powered up there was a DLL not found message showing and her password login is not working and the machine seems to be logged in automatically now. Sorry for being a little green with Win 8.1 but learning slowly. Anyway how do I disable her antivirus as I can't even find one to disable but she says there are more than 1 installed. Also why does the machine now login automatically? I will download and run the repair program you mentioned in the last post after work today. BIG Thanks!!



#25 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 20 February 2014 - 01:50 PM

Lets see how it is after the Repair toll. If you still get the DLL message write the whole thing down.


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#26 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 20 February 2014 - 02:03 PM

How do I find which antivirus programs are running?



#27 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 20 February 2014 - 02:26 PM

I don't see any in the Minitoolbox log..


Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#28 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 20 February 2014 - 02:38 PM

 Results of screen317's Security Check version 0.99.79 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox 25.0.1 Firefox out of Date! 
 Google Chrome 31.0.1650.57 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 



#29 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,348 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:43 AM

Posted 20 February 2014 - 02:39 PM

The only thing running or installed is Windows Defender.

How to Turn On or Off Windows Defender in Windows 8 and 8.1


Edited by boopme, 20 February 2014 - 02:44 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#30 SacSurge

SacSurge
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 20 February 2014 - 02:42 PM

OK, Do I need to do something to that program before downloading and running the Windows Repair program?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users