Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freaking WinRAR - now only showing about a third of my programs installed


  • Please log in to reply
5 replies to this topic

#1 bigmankoolaid

bigmankoolaid

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 06 March 2014 - 11:12 PM

So my pc was running perfectly fine until i went to winrar.com and downloaded what i thought to be Winrar. I did the express download without thinking and discovered after the fact that the file that I thought was Winrar was just a defunct trojan/scareware program. It downloaded either 5 or 6 other peripheral programs to my pc, including a popup generator that forced a popup in one way or another every time a new web page was visited, or anything on the page clicked the first time. Not realizing that winrar was not even functional yet, I decided to uninstall all of the peripheral programs that it had forced on. however, after uninstalling the final peripheral program and deleting the registry keys for them so they wouldn't give me any more surprises, i go back into my control panel to take a final look at my program list to find that only about a third of my installed programs (these being CCleaner, CPUID CPU-Z 1.68, Curse Client (addons for World of Warcraft), Microsoft.net Framework 4 Client Profile, Microsoft Visual C++ 2008 Redistributable x-64 0.0.30729.17, NVIDIA Drivers, Steel Series Engine (Headset drivers), SuperAntiSpyware, Visual Studio 2012 Redistributables, and UTorrent) are present in the list of the install programs on the pc. 

 

The programs themselves are still there, they seem to still be there in their file directories on the hard drive, and function correctly, but even programs that I'm seeing on the desktop are not showing up anymore. I only about a week ago did a reformat on my harddrive, and either have not had it up long enough to have a system restore point to be present, or one of the programs has deleted the existing restore points, so i cannot revert to a previous point to undo this. I would really rather not have to do a complete reinstall of my windows a second time in a month, especially after how many issues i was having with the windows updates installing correctly (currently installed all of them, but the BITS system process was blocking them for some reason until i manually turned it off before their install. I find it doubtful that they are related because this was already taken care of before winrar was put on). So if possible, I would like to find a way to simply fix the problem, so I can find out what to avoid next time. Please let me know if you have any questions about the present circumstances....



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 09 March 2014 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 bigmankoolaid

bigmankoolaid
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 13 March 2014 - 12:12 AM

Those programs have been run. the results are as follows:

 

# AdwCleaner v3.021 - Report created 13/03/2014 at 00:12:03
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Bigman - BIGMAN-PC
# Running from : C:\Users\Bigman\Downloads\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\Program Files (x86)\SNT
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Bigman\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Bigman\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Bigman\Documents\Mobogenie
Folder Deleted : C:\Users\Bigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\CompeteInc
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
 
*************************
 
AdwCleaner[R0].txt - [2836 octets] - [13/03/2014 00:09:05]
AdwCleaner[S0].txt - [2564 octets] - [13/03/2014 00:12:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2624 octets] ##########
 
_________________________________________________________________________
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by Bigman on Wed 03/12/2014 at 23:47:16.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Bigman\appdata\local\torch"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\Bigman\documents\optimizer pro"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/12/2014 at 23:52:59.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
_____________________________________________________________________

 

Farbar scan is still having trouble scanning. In this case, it is probably a hardware issue since my motherboard is sorely needing replaced. As soon as I can get results form it I will post the results in here. Please let me know if you are needing anything more than what has been posted here. : )



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 13 March 2014 - 10:08 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Post the log if you can.

#5 bigmankoolaid

bigmankoolaid
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 18 March 2014 - 08:42 PM

OK, so we are having an issue with roguekillerx64. it is downloaded and saved to the computer, but even with all other programs shut down, and processes shut down in task manager to guarantee no non essential programs, and even hitting run as administrator, the program does not bring up an interface. it comes up with the confirmation screen for windows asking me to authorize changes, but after that is accepted, nothing happens. a process in the task manager called RogueKillerx64 is also running so i know it's running, but nothing is showing up. any ideas as to why it could be doing this?

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 19 March 2014 - 07:31 AM

Try this tool. Post the log if you can.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users