Hello. At one time I thought this problem was resolved; however, after one week it recurred. It seems Windows 7 Defender keeps dodging my attempts to remove it.
Please help. Thank you.
~Bob
Please help. Thank you.
~Bob
Windows 7 Defender Plus 2013 -- can't remove it!
- Thread starter WhatAboutBob
- Start date
- Oct 5, 2012
- 2,697
Hi and welcome to the malwaretips.com forums!
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Hi Bob,
It seems the log files are almost good only.... Do you try any other Tools?
STEP 1: Repair your Windows Registry from this infection malicious changes.
This infection has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will instead launch the infection rather than the desired program.
STEP 2: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Hi Bob,
It seems the log files are almost good only.... Do you try any other Tools?
STEP 1: Repair your Windows Registry from this infection malicious changes.
This infection has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will instead launch the infection rather than the desired program.
- Download the registryfix.reg file to fix the malicious registry changes from this infection.
REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called registryfix.reg) - Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
STEP 2: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPDTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPDTDF
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPDTDF
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client...archTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2...archTerms}
CHR - Extension: Sammsoft Toolbar = C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76069EF9-3DD5-44B2-9FD5-4A3687E853E2}: DhcpNameServer = 12.127.16.68 216.57.128.2 12.127.17.77 216.57.130.1 12.127.16.77
:commands
[emptytemp]
[reboot]<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
Last edited by a moderator:
kuttus said:
Hi Kuttus,
In response to your question:
"It seems the log files are almost good only.... Do you try any other Tools?"
We did a search for Windows Defender, and it led to links for many different tools, all promising to fix this problem (for a fee). I didn't know which ones (if any) were trustworthy. So I thought if Malwarebyes couldn't resolve the problem, then I would rely on this site for answers. So I didn't try anything else so far.
When I linked to the site for registryfix, it gave me the option of "save, then run", so I chose that. It didn't give me the prompts you mentioned, so I hope that was ok.
Here was the problem I had. I attempted to attach the file you mentioned, but I got a message "The type of file that you attached is not allowed. Please remove the attachment or choose a different type."
When I opened the folder "C:\_OTL", all that was included was another folder "Moved files". When I opened that, there was another folder "03152013_194129" and a txt document also named "03152013_194129". This is what I tried to attach, and got the error.
I assume this is what you wanted. So I will copy & paste the contents of that txt document below:
***
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\tb_ux folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\lib folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\content_script\hack folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\content_script folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\config\skin\js folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\config\skin\images folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\config\skin\css folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\config\skin folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\config\locales\en folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\config\locales folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\config folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\background folder moved successfully.
C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76069EF9-3DD5-44B2-9FD5-4A3687E853E2}\\DhcpNameServer| /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Robert
->Temp folder emptied: 5145248 bytes
->Temporary Internet Files folder emptied: 1997669 bytes
->Flash cache emptied: 57339 bytes
User: Theresa
->Temp folder emptied: 128954695 bytes
->Temporary Internet Files folder emptied: 75769572 bytes
->Google Chrome cache emptied: 385840250 bytes
->Flash cache emptied: 57111 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193793750 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 56106622 bytes
Total Files Cleaned = 809.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03152013_194129
Files\Folders moved on Reboot...
C:\Users\Theresa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PTU39ANP\tweet_button.1363148939[1].htm moved successfully.
C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FPECBWFH\Thread-Windows-7-Defender-Plus-2013-can-t-remove-it[1].htm moved successfully.
File\Folder C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\644GIU7W\fastbutton[2].htm not found!
C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Theresa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
***
I hope that is what you are looking for.
I will look forward to your response.
Thank you!
~Bob
Last edited by a moderator:
- Oct 5, 2012
- 2,697
Okay. Now please save the regfix file on your computer and open it... If you are getting any prompts press on Continue or Ok...
STEP 1: Run a scan with AdwCleaner
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 2: Run a scan with Junkware Removal Tool
Please download Junkware Removal Tool to your desktop from here
STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 1: Run a scan with AdwCleaner
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 2: Run a scan with Junkware Removal Tool
Please download Junkware Removal Tool to your desktop from here
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
Last edited by a moderator:
kuttus said:
Hello.
The RegistryFix program was saved in the "Downloads" folder (instead of the desktop where I normally like to save it). When I ran it, message was "The keys and values contained in (...)registryfix.reg have been successfully added to the registry" <OK>
Then downloaded & ran AdwCleaner. The text file received is as follows:
***
# AdwCleaner v2.114 - Logfile created 03/16/2013 at 18:00:43
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Theresa - THERESA-HP
# Boot Mode : Normal
# Running from : C:\Users\Theresa\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Robert\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Theresa\AppData\Local\APN
Folder Deleted : C:\Users\Theresa\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Google Chrome v25.0.1364.172
File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.23] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.26] : keyword = "ask.com",
Deleted [l.29] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=X-SD&o=13959&locale=en_US[...]
Deleted [l.30] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
*************************
AdwCleaner[S1].txt - [6011 octets] - [16/03/2013 18:00:43]
########## EOF - C:\AdwCleaner[S1].txt - [6071 octets] ##########
***
Next couple of steps to follow soon.
~Bob
Last edited by a moderator:
WhatAboutBob said:
Here are results from JRT.txt
***
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Theresa on Sat 03/16/2013 at 18:17:46.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\aol toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\aol toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/16/2013 at 18:26:05.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
***
Last edited by a moderator:
STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
[/quote]
Hello Kuttus,
When I performed the above step, the scanning stopped at 40% on the progress bar (41157 files scanned; step 3 out of 4). After 4 hours, it did not continue any further. So I manually stopped the scan. Received message: "current scan threat: not threats found". Then I closed the program. Apparently no file was generated.
What do you recommend? Running it again? Or letting it go?
FYI, my Mom has reported to me the problem is even worse than before. All kinds of pictures (strung together like a strip of movie tape) appear on the screen when she navigates the Web, and they keep multiplying more & more.
Also wondering if you have a preference for attachments or copying/pasting the results here.
Looking forward to your next reply. Thanks for your help so far.
~Bob
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
[/quote]
Hello Kuttus,
When I performed the above step, the scanning stopped at 40% on the progress bar (41157 files scanned; step 3 out of 4). After 4 hours, it did not continue any further. So I manually stopped the scan. Received message: "current scan threat: not threats found". Then I closed the program. Apparently no file was generated.
What do you recommend? Running it again? Or letting it go?
FYI, my Mom has reported to me the problem is even worse than before. All kinds of pictures (strung together like a strip of movie tape) appear on the screen when she navigates the Web, and they keep multiplying more & more.
Also wondering if you have a preference for attachments or copying/pasting the results here.
Looking forward to your next reply. Thanks for your help so far.
~Bob
Last edited by a moderator:
- Oct 5, 2012
- 2,697
Bob is it possible for you to send me a screenshots of the problem your mom getting on the screen?
To Take Screen Of Your Screen.
To Take Screen Of Your Screen.
- Press PRINT SCREEN (Print Scr) key on Your Keyboard.
- Now Open MS Paint
- Open Paint by clicking the Start button
, clicking All Programs, clicking Accessories, and then clicking Paint.
- In MS Paint Click Edit, and then click Paste.
- After this Save the File on your computer by Clicking on File --> Save
kuttus said:Bob is it possible for you to send me a screenshots of the problem your mom getting on the screen?
To Take Screen Of Your Screen.
Add this Saved File in your next Replay
- Press PRINT SCREEN (Print Scr) key on Your Keyboard.
- Now Open MS Paint
- Open Paint by clicking the Start button
, clicking All Programs, clicking Accessories, and then clicking Paint.- In MS Paint Click Edit, and then click Paste.
- After this Save the File on your computer by Clicking on File --> Save
Hello Kuttus,
Attached is a screenshot that gives an idea of what happens. It's that thin strip of pictures on the left side of the screen (not the ones on the right, which are part of the Web site). Apparently these strips of pictures can multiply all over the screen at times.
I'm going to try running that last fix you referred me to (e set smart installer) once again today to see if it finishes this time, and what happens, ok? I'll let you know what happens.
Thanks,
~Bob
Attachments
Hi,
I decided to try running the ESET online scanner again...it really slowed down at times (especially when reaching a folder called "Wild Tangent", if that means anything to you). But finally, after almost 5 hours, the scan completed! And..."No Threats Found".
I will ask Mom this question tomorrow & see what she says. I will also post more screenshots if possible
I decided to try running the ESET online scanner again...it really slowed down at times (especially when reaching a folder called "Wild Tangent", if that means anything to you). But finally, after almost 5 hours, the scan completed! And..."No Threats Found".
kuttus said:
I will ask Mom this question tomorrow & see what she says. I will also post more screenshots if possible
kuttus said:
Hi, sorry for the delay in responding. I went to her computer myself & attempted things to try to get some answers.
Accessed Internet via IE, hopped around various Websites, and didn't seem to have much difficulty getting around.
Then logged onto AOL (my account, not hers) and things were noticably slower. Videos did not run on sites in AOL that ran on IE.
But went back on IE after this and things didn't run as well.
Got Mom to log into her AOL account & it locked up completely. Got "beeps" when clicking on things, and nothing happened. Had to reboot computer.
After rebooting, had her access Internet via IE. It appeared to her that Websites were iniitally accessed faster, but she said there were delays when clicking links on the Websites in attempts to go elsewhere.
Back on AOL, she had trouble accessing "pre-set" Websites (saved in a toolbar across the top of the page). Also when attempting to access other sites, we would often see those infamous "wait" symbols spinning round & round, but the site failed to load. It seems the performance of the entire computer got worse after we hit AOL the first time.
Those strips of photos apparently surfaced at times last week, but I didn't notice any occurances today.
This is madness. What to do now? Please advise. Thanks.
~Bob
kuttus said:
Hi,
We tried installing Google Chrome this weekend. It seems Web sites we've never saved on Chrome appeared as saved sites in a menu across the top. Rather strange. I just browsed; mixed results. I got some messages that "Google Chrome could not load the Webpage because -------- took too long to respond". Other sites loaded no problem; others loaded very slowly. When I tried to open malwaretips.com, I initially got the message "Google Chrome could not connect to malwaretips.com". And it took a couple of reloads to access this very page.
RAM is 8.00 GB.
Mom now wants to bring it in to a shop for repair. I've tried to convince her to wait, but she's not very patient. What are your impressions? Should we do this? Any last-second things we can attempt right now?
- Oct 5, 2012
- 2,697
Bob all of our process is a time consuming one. We need time and we have to be patient...
Steps-1
Press on Windows Key and R key together on your keyboard and now you will get a run window. Inside that one type MSCONFIG and press on okay.. Now you will get a system configuration Utility Window. Go to the Tools Tab. There you can see an option called User Account Control Settings. Select that one and Press on Launch. Now Tun the User Account Control full Off....
If you are not able to see the User Account Control Settings option you can see another one called Disable User Account Control. Select it and press on Launch and restart the computer...
After the restart check how everything is working........
Steps-2
Try to access Google Chrome and Other browses in Safe Mode with Networking... Check how it is working in Safe mode with Networking and let me know both status.....
Looking Forward to hear from you Bob.
Steps-1
Press on Windows Key and R key together on your keyboard and now you will get a run window. Inside that one type MSCONFIG and press on okay.. Now you will get a system configuration Utility Window. Go to the Tools Tab. There you can see an option called User Account Control Settings. Select that one and Press on Launch. Now Tun the User Account Control full Off....
If you are not able to see the User Account Control Settings option you can see another one called Disable User Account Control. Select it and press on Launch and restart the computer...
After the restart check how everything is working........
Steps-2
Try to access Google Chrome and Other browses in Safe Mode with Networking... Check how it is working in Safe mode with Networking and let me know both status.....
Looking Forward to hear from you Bob.
Similar threads
- Locked
