Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Program blocked by Admin, but I am Admin


  • Please log in to reply
16 replies to this topic

#1 Qrush007

Qrush007

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 07 February 2015 - 03:33 PM

I am trying to open AVG Free edition or Malwarebytes but I keep getting a message that tells me the program has been blocked by the System Administrator. I am the system administrator. I can't delete the program and download a newer version for the same reason. I ran Kaspersky disk and cleaned up the PC, but this problem still occurs. Any suggestions from here?


Edited by hamluis, 07 February 2015 - 04:59 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 jh1234l

jh1234l

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 February 2015 - 08:04 PM

Hello, Qrush007! Let's start with some important instructions:

Last, but not least, be patient. I know it is very stressful to have a computer with a potential malware infection, but unfortunately it will take some time to get to your topic. We will, though, get to you and attempt to resolve your issues to the utmost of our ability.

  • Avoid installing or uninstalling programs during the malware removal process, because doing so can cause discrepancies between the information in different log files created by different programs at different times.
  • Do NOT run tools such as Combofix unless instructed by a BleepingComputer staff member. These tools can break your computer if used improperly, so you should only run them if you know what you are doing or if the person who told you to use Combofix knows what they're doing.
  • If you want to, you should back up all important documents and files to an external storage device or online file backup service. Malware infections--and attempts to fix them--can prevent your computer from booting up, making your files unaccessable; this means that backing up your files to an USB flash drive or to an online service like Dropbox before attempting to remove malware is a good idea.

Step 1: Rkill

 

  1. Please download Rkill by Grinler. Save it to your desktop.
  2. Run the program. If you are using Windows Vista, you should right click the program and select "Run as administrator".
  3. A Black DOS box should appear; this indicates that the program is functioning.
  4. The program will generate a log file on your desktop. Post the contents of that file in your next reply.
  5. Do not restart your computer until the other steps are finished.

 

Step 2: Please download MiniToolBox by Farbar, and save it to your desktop.

 

Run the program. Please select the following options:

 

  1. Flush DNS
  2. Report IE proxy settings
  3. Reset IE proxy settings
  4. Report FF proxy settings
  5. Reset FF proxy settings
  6. List content of Hosts
  7. List installed programs
  8. List restore points

After the program finishes its job, it will create a log file called "Result.txt" on your desktop. Post the contents of that file in your next reply.

 

Step 3: Run ESET online scanner

 

  1. Using Internet Explorer, navigate to http://www.eset.com/us/online-scanner-popup/ (If you used another web browser, such as Firefox, you will have to download an installer file)
  2. Read through the program's terms of use. If you agree with it, check the checkbox which confirms that you accepted the program's terms of use. If you do not agree with its terms of use, then notify me and I can find another virus cleaning solution for you.
  3. Accept any security warnings which may appear.
  4. Click on the advanced settings part, and select "Scan for potentially unsafe applications","remove found threats", and "Scan archives".
  5. Check "scan for potentially unwanted applications".
  6. Click "start".
  7. Eset will download updates and scan your computer; this may take a few minutes to a few hours.
  8. When the scan completes, click "list threats".
  9. Click "Export", and save the log file to your desktop.
  10. Post the contents of the log file to your next forum post. Please note that if ESET does not detect anything, it may not necessarily generate a log file.

Step 3: Please download AdwCleaner by Xplode, and save it to your desktop.

 

  1. Click on the "scan" button.
  2. The tool will scan your computer for adware; this may take a few minutes.
  3. After the scan has finished, click on the "Report" button. A logfile, AdwCleaner[R0].txt, will show.
  4. After viewing the log, close the log file window. View the list of adware detections, and uncheck ones that you do not want to remove(i.e. the ones which you're sure to be benign).
  5. Press the "Clean" button. You will be requested to restart your computer.
  6. After restarting your computer, a log file called AdwCleaner[S0].txt will show. Post the contents of that log file in your next reply.

Edited by jh1234l, 07 February 2015 - 08:16 PM.


#3 Qrush007

Qrush007
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 07 February 2015 - 10:32 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/07/2015 09:30:56 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/07/2015 09:32:12 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)
 



#4 Qrush007

Qrush007
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 07 February 2015 - 10:35 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Eva (administrator) on 07-02-2015 at 21:34:24
Running from "C:\Users\Eva\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================





=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Among Ripples (HKLM-x32\...\Steam App 341720) (Version:  - Eat Create Sleep)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4281 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies)
AVG PC TuneUp (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4000.108 - AVG Technologies) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blockscape (HKLM-x32\...\Steam App 223490) (Version:  - ioneo)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.6 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.59.26 - Dell Inc.)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Online Assessment (HKLM-x32\...\Online Assessment) (Version: 9.1.0.0 - CTB/McGraw-Hill)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
ROBLOX Player for Eva (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Eva (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Old Tree (HKLM-x32\...\Steam App 346250) (Version:  - Red Dwarf Games)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 12.0.0.1600 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
========================= Restore Points ==================================

15-01-2015 22:03:34 Scheduled Checkpoint
26-01-2015 04:17:57 Scheduled Checkpoint
31-01-2015 04:47:31 Removed Visual Studio 2010 x64 Redistributables
07-02-2015 21:14:43 Scheduled Checkpoint

**** End of log ****
 



#5 Qrush007

Qrush007
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 08 February 2015 - 07:18 PM

# AdwCleaner v4.110 - Logfile created 08/02/2015 at 18:14:28
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 8  (x64)
# Username : Eva - ISABELLEMARIE
# Running from : C:\Users\Eva\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Users\Eva\AppData\Local\Conduit
Folder Deleted : C:\Users\Eva\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Eva\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Eva\AppData\Roaming\PerformerSoft
File Deleted : C:\END
File Deleted : C:\Users\Eva\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227981
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6EF633FF-2323-4A14-A3C5-8CFB4823DF83}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E21CB371-145C-45C0-9319-797678E344F8}
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonicdownloads.com

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [6627 bytes] - [08/02/2015 18:11:10]
AdwCleaner[S0].txt - [6213 bytes] - [08/02/2015 18:14:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6272  bytes] ##########
 



#6 Qrush007

Qrush007
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 08 February 2015 - 07:20 PM

These were the threats from adwcleaner:

 

C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll    Win32/Toolbar.Conduit.Y potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application    deleted - quarantined
C:\Users\Eva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KQ392AGN\SPSetup[1].exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted - quarantined
C:\Users\Eva\AppData\Local\Temp\is1242154493\64301789_stp\wajam_validate.exe    Win32/Wajam.F potentially unwanted application    deleted - quarantined
C:\Users\Eva\AppData\Local\Temp\nsl2C47.tmp\TroviOff.dll    Win32/Conduit.SearchProtect.U potentially unwanted application    deleted - quarantined
C:\Users\Eva\AppData\Local\Temp\nsl2C47.tmp\WMDetect.dll    a variant of Win32/Packed.VMDetector.J potentially unwanted application    deleted - quarantined
C:\Users\Eva\AppData\Local\Temp\nsn87EF.tmp\StubUtils.dll    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\Users\Eva\AppData\Local\Temp\nsr475B.tmp\MiniStubUtils.dll    Win32/Conduit.SearchProtect.N potentially unwanted application    deleted - quarantined
C:\Users\Eva\AppData\Local\Temp\nsa9B49.tmp    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application    deleted - quarantined
 



#7 jh1234l

jh1234l

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 08 February 2015 - 08:51 PM

Can you post the ESET online scanner logs? Thanks!



#8 Qrush007

Qrush007
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 08 February 2015 - 09:57 PM

The threats that I posted above is all I saw, as far as logs, for the ESET scanner. Should I scan again?



#9 jh1234l

jh1234l

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 08 February 2015 - 11:34 PM

I don't think you should scan again, because ESET sometimes will not produce a log if no threats were found.

 

Can you open AVG or Malwarebytes now?



#10 Qrush007

Qrush007
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 09 February 2015 - 12:17 AM

Nothing has changed as far as AVG and Malwarebytes. It did get some Malware off the PC, but other than that, same problem.

#11 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:25 AM

Posted 09 February 2015 - 12:42 AM

Did you by any chance run any kind of swiss army knife versions of: computer fixer, computer speeder-uper, etc. before coming into this forum?  I ask because much earlier I had the same problem, couldn't access certain security programs.   Some of those fixers tinker with the registry and other innards.  Only an image rollback to an earlier Windows 7 OS partition backup got me all my security programs back online and working.  Like you, I couldn't really access and make changes, couldn't correct the miss-behavior by uninstalling/reinstalling.  I'll be watching this thread to learn from the best - the BC tech team.


Edited by RolandJS, 09 February 2015 - 12:42 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#12 jh1234l

jh1234l

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 09 February 2015 - 12:21 PM

Please download and run GrantPerms by Farbar.

  1. Open My Computer, and navigate to the location that AVG was installed in.
  2. Copy the file location of the folder that AVG was installed in, which is usually something like "C:\Program_Files\AVG" or something similar
  3. Paste the file location into the textbox in the GrantPerms window.
  4. Press the "Unlock" button.

Please download and run Junkware Removal Tool by thisisu.

 

  1. Turn off your antivirus software now, to avoid potential conflicts.
  2. Right click the Junkware Removal Tool icon, and select "run as an Administrator".
  3. The tool will open and start scanning your system for infections.
  4. After the program finishes scanning your computer for infections, a log file will pop up.
  5. Post the contents of the log file in your next reply.
  6. If you can do so, re-enable your antivirus program after running J.R.T.

Edited by jh1234l, 09 February 2015 - 12:29 PM.


#13 Qrush007

Qrush007
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 10 February 2015 - 08:48 PM

I tried the GrantPerms to no avail. I tried it several times and it still won't open AVG or Malwarebytes. I can't turn off the antivirus software as it tells me I must be an Administrator to make any changes to this program



#14 fredmerv12

fredmerv12

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 PM

Posted 10 February 2015 - 09:31 PM

This could probably be a policy issue on the system created malware to stop installing AV programs.

 

Browse to the below key in registry. To open registry type regedit in run box

 

hkey_local machine/software/policies/microsoft/windows/safer/codeidentifiers/o. Delete any key you find under the 0 key. 

 

Ensure that you first backup your registry.



#15 jh1234l

jh1234l

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 11 February 2015 - 06:45 PM

Please download Windows Repair by Tweaking.com

 

  1. Do a power reset by turning off our computer, unplugging your power cord--and battery if you have a laptop--plugging your power cord back in, and then turning on your computer.
  2. Back up your important files, if necessary.
  3. Navigate to "Start repairs"
  4. Select "reset file permissions", "reset service permissions", "unhide non-system files", and "restore important windows services" only. Do not select any other fixes, especially the fixes intended to "repair" your registry.
  5. Start the repair. After the repair is complete, post the contents of the log file created by the program--which can be accessed by pressing the "view logs button--in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users