Windows 10 T-Preview: PUP infection.KMSpico+YetAnotherCleaner+SoftwareEngine

December 10, 2014, 6:04 pm

≪ Previous: complicated problem dealing with malware and registry issues/ Windows 7

Hi everybody.

First of all,I am here for two reasons: need help (obviously) but also because i am starting learning english .(so any occasion is good to practice).

History:

1/ Fresh installed a W10 Tech Preview.

2/ (stupidly) used a kms to activate a Microsoft Office. => get PUP.KMSpico

3/ tried to remove with Malwarebyte + AdwCleaner =>fail

4/ second mistake: I used for the first time "YetAnotherCleaner" => get PUP.YetAnotherCleaner + PUP.SoftwareEngine

5/ Tried then Junk Removal tool + RKill +TdssKiller =>fail (again).And it seems that TdssK is not yet compatible with W10 TP.

RKill: http://cjoint.com/?0Lldf2pZ1iY

JRT: http://cjoint.com/?DLldi2stWPg

ZHPDiag: http://cjoint.com/?0LldjMvfqlG

Thanxs.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft, 64 bit
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 16337 Mb
Graphics Card: NVIDIA GeForce GTX 670MX, -1024 Mb
Hard Drives: C: Total - 244195 MB, Free - 162014 MB; D: Total - 715402 MB, Free - 408967 MB; F: Total - 99 MB, Free - 28 MB; G: Total - 488282 MB, Free - 356435 MB;
Motherboard: ASUSTeK COMPUTER INC., G75VX
Antivirus: Bitdefender Antivirus, Updated: Yes, On-Demand Scanner: Enabled

↧

.phszfud encrypted files

December 10, 2014, 6:19 pm

≫ Next: Trojans - Alureon.GB Alureon.gen!AD Alureon.gen! F Alureon.gen! L and more

≪ Previous: Windows 10 T-Preview: PUP infection.KMSpico+YetAnotherCleaner+SoftwareEngine

i'm not sure we're going to have time to do this, as we need to get the customer up and running asap. this is a raid array with the os mirrored and the data striped. it is not my job, i am consulting on this one, so was just looking for experience and advice on this one. i am going to look for that file and we are keeping the encrypted files, or some of them, for future reference, but i don't have time to pull an image to reverse engineer anything. on server 2012, what folders would i grab if i had to take a guess where it may be? i have about 15 - 20 minutes to copy some things if i knew what to get. thanx for the help.

↧

Trojans - Alureon.GB Alureon.gen!AD Alureon.gen! F Alureon.gen! L and more

December 10, 2014, 6:44 pm

≫ Next: Internet is not working properly

≪ Previous: .phszfud encrypted files

I think it most likely that MSRT is finding a dead remnant of the Alureon infection but to be sure let's have another look.

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

↧

Internet is not working properly

December 11, 2014, 1:31 am

≫ Next: Unwanted Pop Ups

≪ Previous: Trojans - Alureon.GB Alureon.gen!AD Alureon.gen! F Alureon.gen! L and more

I use direct Lan connection in my PC, but for last few days Im noticing that my internet is not opening when Im clicking on the browser(Google Chrome), its showing an error. I talked to the helpline and they suggested me to to open my default browser(Internet Explorer) and go to Tools>Connection>Lan Setting>Disable Proxy option. I did it as per his direction and then I got internet access.

But now when Im opening my browser, I have to follow the same above process(i.e. Tools>Connection>Lan Setting>Disable Proxy option) to get internet access. Can anyone suggest me how to get rid of this problem to get my internet access normally by opening any browser?

↧

Unwanted Pop Ups

December 11, 2014, 2:17 pm

≫ Next: pc malware problem

≪ Previous: Internet is not working properly

I am receiving an annoying Winzip Driver Update Alert telling me there are 15 drivers need updating. It looks like a costly operation if I do update them so how can I get rid of it please.

↧

pc malware problem

December 11, 2014, 3:38 pm

≫ Next: General Question about a Virus

≪ Previous: Unwanted Pop Ups

Hi guys I'm having problems with my pc. There are audio ads that play out of nowhere. I used some clean up tools i found on the net including malwarebytes and hitman pro as well a s adwcleaner and junkware removal tool and they still play. what should i do Thanks in advance

↧

General Question about a Virus

December 11, 2014, 5:37 pm

≫ Next: Malware problems

≪ Previous: pc malware problem

My question is if you have a virus on your computer can you tell if it is streaming in the background and can you tell which websites the virus or viruses are trying to open. My computer has a virus on it at work and it is being reported (allegedly) to my boss that I am opening up websites that I shouldn't be opening at work and the IT department cannot tell if it is me opening the sites or the virus on my computer. The IT department cleaned my computer last week and removed over 500 viruses so they claim off of my computer, I got it back Tuesday of this week, and someone from the IT department had to come and get it again this morning because they claimed it has more viruses. The head of the IT department has reported to my supervisor that my computer has accessed websites that shouldn't be accessed and he cannot tell if it is the virus or me doing the accessing, he is also reporting that I am either the #1 person streaming in my county or in the top 5 people steaming each month. I am not in my office a majority of the month due to traveling for my job. So my question is "Can you tell what sites a virus on a computer accesses from websites that the actual user is accessing.

↧

Malware problems

December 11, 2014, 8:15 pm

≫ Next: help homework computer

≪ Previous: General Question about a Virus

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack

1, 64 bit
Processor: AMD Phenom(tm) II X6 1055T Processor, AMD64

Family 16 Model 10 Stepping 0
Processor Count: 6
RAM: 8191 Mb
Graphics Card: NVIDIA GeForce GTS 250, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 401280 MB; E: Total -

1430796 MB, Free - 407245 MB;
Motherboard: ASUSTeK Computer INC., M4N98TD EVO
Antivirus: ZoneAlarm Extreme Security Antivirus, Updated and

Enabled

Thanks for any help you can give. I misspelled a site and ended up with something running on my computer without my permission. It installed something called keepmysettings.exe, Yahoo toolbar and slowpcfighter.exe. I started scanning right away, I have a log from malwarebytes, hijackthis which was able to run and give a log file but was denied access to hosts, I've run Spywarehunter but didn't have the funds to register it at this time so it didn't help but to verify that there is some malware in my computer, I ran super antispyware, found I think it said about 75 infections, cleaned them, but the yahoo page is still there. My browser will open to the right start page, but as soon as I hit the + for a new tab it opens at the yahoo page. I checked IE as well and it is saying that an unknown program is trying to change my startpage, so both IE and Firefox are effected. I've had to reinstall Adobe flash 3 times, I've tried to go to the adobe settings page to remove flash cookies, only to find that it couldn't find the flash. If you can help I would appreciate it, I've done all I know how and I'm trying not to have to do a clean install if I can help it. Also Zonealarm didn't find anything at all, but I did locate those programs in application control settings and set kill on each one, but nothing is working.

Attached Files

	hijackthis.log (8.5 KB)
	Rkill.txt (3.8 KB)
	Malware scan 12-3-14.txt (1.3 KB)

↧

help homework computer

December 12, 2014, 1:00 am

≫ Next: Suspected Virus or Malware

≪ Previous: Malware problems

still got more to do

Delete any existing cfscript.txt on desktop or downloads folder

Download the attached CFScript.txt and save it to your desktop or the same folder that you downloaded combofix to originally ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

Attached Files

CFScript.txt (704 Bytes)

↧

Suspected Virus or Malware

December 12, 2014, 7:23 am

≫ Next: ALTBills.com

≪ Previous: help homework computer

Computer is running extremely slow. We were prompted to enter Admin password after waking computer in the morning, shut down the computer after we noticed how slow it was running and suspected someone had gotten in. At shutdown, message received that "other users were logged in and may lose work if we continue shutdown."

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4008 Mb
Graphics Card: Intel(R) HD Graphics Family, 1812 Mb
Hard Drives: C: Total - 465027 MB, Free - 319438 MB; I: Total - 476929 MB, Free - 326981 MB;
Motherboard: Dell Inc., 0GDG8Y
Antivirus: Bitdefender Antivirus, Updated and Enabled

↧

ALTBills.com

December 12, 2014, 10:31 am

≫ Next: My Browsers are Badly Infected with Unwanted Ads

≪ Previous: Suspected Virus or Malware

I am having problems with an ALTBills.com. Do you know what they are? I have concluded that they must be related to malware/spyware. Any advise on how to remove would be appreciated.

↧

My Browsers are Badly Infected with Unwanted Ads

December 12, 2014, 2:21 pm

≫ Next: Unwanted links in mmy webpage

≪ Previous: ALTBills.com

Hi,

My Windows 8 Dell Laptop is badly infected with popups,unwanted ads and malware.

When I try to browse with Google Chrome, I get bombardment of ads which keep on opening.

Those nasty ads appear on all big sites and don't allow me to work.

Can anyone tell me please how to get red of those ads?

How to secure my laptop from all online threats.

I am using Norton Security and its scan shows no virus.

But its unable to combat with the popups and ads.

Any help will be highly appreciated.

Regards
bushib

↧

Unwanted links in mmy webpage

December 12, 2014, 2:48 pm

≫ Next: Hijacked browser Yahoo opens, not google.com

≪ Previous: My Browsers are Badly Infected with Unwanted Ads

I originally posted this problem in the Web development formen. They believed this may be a "Browser Hijacking" problem and suggested I re-post here.

I just completed my annual Christmas web page and uploaded it to my site. After reviewing it in Firefox I discovered several text items (key words like "Answer" and NFL team names) were converted to links the result in pop-up ads.where I did not so specify. Aside from my just not wanting that done, the color change with the unspecified link causes the text to be somewhat unreadable, given the background color I use for the page.

Do you have any suggestions how I work around or fix this problem

↧

Hijacked browser Yahoo opens, not google.com

December 12, 2014, 5:22 pm

≫ Next: help!

≪ Previous: Unwanted links in mmy webpage

ANSWER TO PHANTOM010:

Using Google Chrome

Can't seem to find how to answer PHANTOM010. Hope this works
35jeep

↧

help!

December 13, 2014, 6:15 am

≫ Next: HP P7-1225 No Audio Output Device Is Installed Error

≪ Previous: Hijacked browser Yahoo opens, not google.com

I accidentally downloaded something yesterday which i believe cause a virus because when I use google search bar (middle of screen) it redirects to the top of the address bar of the window. also it use to redirect to yahoo. I had notice Looksafe, searchnprotect and some others so I downloaded adwcleaner and Im not sure which I should delete , I dont want to ruin my computer...here is the log....if anyone can advise me on what I should delete I would really appreciate it!

# AdwCleaner v4.105 - Report created 13/12/2014 at 09:03:01
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.3 [Live]
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Liz - LIZ-PC
# Running from : C:\Users\Liz\Downloads\adwcleaner_4.105 (1).exe
# Option : Scan

***** [ Services ] *****

Service Found : pcregservice

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Liz\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Liz\Desktop\Continue Live Installation.lnk
Folder Found : C:\Program Files\Bench
Folder Found : C:\Program Files\Common Files\Spigot
Folder Found : C:\Program Files\cosstminn
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\Maxiget
Folder Found : C:\Program Files\Optimizer Pro
Folder Found : C:\Program Files\PC Speed Maximizer
Folder Found : C:\Program Files\pcreg
Folder Found : C:\Program Files\predm
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\Program Files\supporter
Folder Found : C:\Program Files\SupTab
Folder Found : C:\ProgramData\55edff0e577d807a
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\cosstminn
Folder Found : C:\ProgramData\ValueApps
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgfjdhodepcdmclodkgfbllobhppbhi
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgfjdhodepcdmclodkgfbllobhppbhi
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgfjdhodepcdmclodkgfbllobhppbhi
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgfjdhodepcdmclodkgfbllobhppbhi
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\Liz\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Liz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgfjdhodepcdmclodkgfbllobhppbhi
Folder Found : C:\Users\Liz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm
Folder Found : C:\Users\Liz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
Folder Found : C:\Users\Liz\AppData\Local\globalUpdate
Folder Found : C:\Users\Liz\AppData\Local\Maxiget
Folder Found : C:\Users\Liz\AppData\Local\Slick Savings
Folder Found : C:\Users\Liz\AppData\Local\Temp\Spigot
Folder Found : C:\Users\Liz\AppData\Local\torch
Folder Found : C:\Users\Liz\AppData\Roaming\VOPackage
Folder Found : C:\Users\Liz\Documents\Optimizer Pro
Folder Found : C:\Users\Liz\Documents\PC Speed Maximizer
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Roaming\ValueApps

***** [ Scheduled Tasks ] *****

Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : LaunchSignup
Task Found : pcreg

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.4
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Speed Maximizer_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ValueApps
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Bench
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1. 0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps
Key Found : HKLM\SOFTWARE\Tutorials

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639

-\\ Google Chrome v39.0.2171.71

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [9815 octets] - [13/12/2014 08:03:55]
AdwCleaner[R1].txt - [9362 octets] - [13/12/2014 09:03:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [9422 octets] ##########

↧

HP P7-1225 No Audio Output Device Is Installed Error

December 13, 2014, 6:35 am

≫ Next: click.cpvrdr problem

≪ Previous: help!

So I installed - once again - the Realtek update. Attached is the info when I do troubleshooting. What is wrong here? Can anyone help me please?

Attached Images

	Troubleshooting Report #1.PNG (14.1 KB)
	Troubleshooting Report #2.PNG (20.5 KB)

↧

click.cpvrdr problem

December 13, 2014, 12:50 pm

≫ Next: CryptoWall reinstall Win7 ?

≪ Previous: HP P7-1225 No Audio Output Device Is Installed Error

Good day!
I somehow downloaded the click.cpvrdr virus and can't seem to get rid of it. I've followed instructions I found online and just ran Adwarecleaner. However, I'm not comfortable just uninstalling the long list of items I found.

My system:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8174 Mb
Graphics Card: NVIDIA GeForce GT 530, 1024 Mb
Hard Drives: C: Total - 698824 MB, Free - 361523 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: Trend Micro Security Agent, Updated and Enabled

My problem seems to be just IE, although I can't be sure. I would click on a link in my email or in another browser and IE would open with a blank screen and a "loading" icon. I just keep closing the browser. Although it hasn't happened in the last couple of hours, I'm not convinced it's gone. I want to be sure. Can someone help me with this? I can post the AdwCleaner information or any other information you need to help me.

Thanks so much.

↧

CryptoWall reinstall Win7 ?

December 13, 2014, 7:34 pm

≫ Next: Poweliks Removal.

≪ Previous: click.cpvrdr problem

laptop is Win7 with current updates

ok, trying to make this quick. One of my cousin's laptop got infected with the CryptoWall virus, seems got infected last week of Oct 2014.

At first laptop would boot but desktop picture would only show and kept getting pop ups of none responding windows for Google chrome, Explore and few others, forgot what they were. Kept closing them, but wouldn't stop coming back. Rebooted PC in Safe Mode. Then was able to go back to a restore point in August 2014.
Desktop loaded fine but then got popups of Text and Explorer about CryptoWall. Looked that up, then got a stomach ache about how bad that virus was, really scared the hell out of me and didnt know something like that existed.
So, all files were encrypted. pictures, music, documents, etc.

Then installed Avast, malwarebytes, trendmicro housecall, and kapersky tdss rootkit

Ran Avast first, got rid of some infected files. Then ran Avast in bootmode, got rid of more infected files.
Ran Malwarebytes. Got rid of many malware and viruses.
Ran Avast again in regular mode, now a full scan, nothing infected Ran Avast in safe mode now with full scan, nothing infected
Ran Malwarebytes in safe mode,nothing infected. Ran Malwarebytes in regular mode, nothing infected
Ran housecall, nothing infected
ran kapersky tdss rootkit, nothing infected

I only ran those four, and laptop seems clean of the Cryptowall virus, and no more startup pops of text and explore. But files are still encrypted. And there is no restore point for these files. (tried right click, cant get them back). But the browser shortcuts and text files are still in folders.

But my cousin told me the pictures are still saved in a SD card used months before the laptop got infected. And doesn't care about the music, documents, etc.

So, here is the question I have. I want to reinstall Win7, but does this virus also infect the partition where the OS is saved? And there is no backup of Win7 OS on a Disc.
Or is the laptop fully clean and just delet eeach shortcut browser file and text file in each folder throughout the laptop

And is there yet a cure for the Cryptowall encrypted files, or still basically impossible to fix and just pay the ransom?

also want to say one more thing. I been coming here for about 10years and learned alot from you guys. So, hopefully I did well.
thx :)

↧

Poweliks Removal.

December 13, 2014, 8:32 pm

≫ Next: Help Needed - CPU always greater than 50%, Can't Access MSConfig

≪ Previous: CryptoWall reinstall Win7 ?

I was wandering what would be the best guide to follow?

Or do you people have a way to help me?

http://www.ihelpforum.com/index.php?...val-guide.124/
http://malwaretips.com/blogs/remove-poweliks-virus/

↧

Help Needed - CPU always greater than 50%, Can't Access MSConfig

December 14, 2014, 12:51 am

≫ Next: zbinmoea.exe Google Chrome

≪ Previous: Poweliks Removal.

first reset hosts to default use the Microsoft fixit tool on http://support.microsoft.com/kb/972034 to reset hosts to default
reboot & tell us if the problem still happens

↧

Latest Images