Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

Cannot remove Lucksearches.com Malware

0
0
Hi.

I recently noticed my browser has been hijacked by Luckysearches.com. I've tried everything I can think of. I removed it from Internet Explorer Add-ons. I've run Malwarebytes which did not even pick it up. I downloaded and ran Spyhunter 4 which all the sites I looked at recommended, waste of money that was. It found it but did not or could not remove it properly. I've run Spybot which did not pick it up and also ran AVG twice still to no avail. I've run Spyhunter and Malwerbytes in both normal mode and safety mode. It's got to the point where I'm ready to do a clean install of Win7. I tried doing a system restore but cannot go back further than the 22nd March and I got the malware on the 20th so that didn't work either. Windows malicious software removal tool did not pickup anything. Can you please assist. Thanks.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8109 Mb
Graphics Card: Intel(R) HD Graphics 3000, -1988 Mb

I actually run A sapphire 6970 Graphics card, not Intel.

I've run AdwCleaner. Still no fix.

# AdwCleaner v4.113 - Logfile created 24/03/2015 at 17:31:22
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : SiKPupE - STORM
# Running from : C:\Users\SiKPupE\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : WinRing0_1_2_0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Users\SiKPupE\AppData\Local\PackageAware

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iijmpjamifmplbakhgikofogdfackici
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v40.0.2214.115

[C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\SiKPupE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2431 bytes] - [24/03/2015 17:26:09]
AdwCleaner[S0].txt - [2676 bytes] - [24/03/2015 17:31:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2735 bytes] ##########

Just ran Junkware Removal Tool. No change yet

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x64
Ran by SiKPupE on Tue 24/03/2015 at 17:37:51.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-5D621FC1.pf

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 24/03/2015 at 17:42:49.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Just run Rogue killer. No change.

RogueKiller V10.5.7.0 (x64) [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SiKPupE [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 03/24/2015 18:04:05

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Cl assicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Cl assicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Ne wStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3499644531-161774626-1265142298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Ne wStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Origin -- C:\Users\SiKPupE\AppData\Roaming\Origin\update.vbe -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x69d82c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x69d82c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x69d82c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x69d82c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x69d82c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x69d82c0
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x69d82c0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 7db7e93b416bcddb1eebb96619c3dd37
[BSP] d389141ab2c5c7ad10472084c3d4880d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1953615872 | Size: 953813 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03242015_180216.log

To convert PDF forms online consider a paid website

0
0
To convert PDF forms online consider a paid website. Site that is paid won't merely be safe, you are able to expect technical assistance and premium quality proofreading too. Get Converter for Pdf to JPG In this manner several dollars a typical page might come out to become a bargain.

It'd be a suitable and direct way to conserve PDF as Term using PDF to Word for Mac. Android Pdf to JPG Converter You simply should follow the measures of just how to Doc Converter on Mac (Snow Leopard, Lion incorporated) and also the function could be accomplished in seconds. The appliance allows you to change pages documents along with of a file at the same time. Whilst the software is especially created for Mac users, it is really welcoming and meets the users' practice.

Prodigy Redirect Hijaking IE homepage

0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version:
Processor:
Processor Count:
RAM:
Graphics Card:
Hard Drives:
Motherboard:
Antivirus: None


My home page is:http://go.microsoft.com/fwlink/?LinkId=69157
I click on home page and I get:http://prodigy.msn.com/es-mx/?ocid=iehp
I get redirected to prodigy.msn
I have tried several Virus, Malware, and Microsoft Malicious Software scans, and nothing
fixes the problem. I went on a cruise stopping at Jamica, Grand Camen, and Cozumel.
When I got off the ship in Cozumel, the redirect to: I click on home page and I get:http://prodigy.msn.com/es-mx/?ocid=iehp. I assume this redirect is a virus.

Virus shot down my on line connection

0
0
Not my main computer but I do use it. I can not get on line at all, non of my browesers will conect to the internet.
Windows 7 Professional, Service Pack 1, Dell
Model: Optiplex 390
Processor: Intel, Pentium, CPU G840 @ 2.80 GHz
System Type: 32 - bit OperatHello, need some help on an old Dell
I have the product ID if you need that.

I'm using IE, Fire Fox, and Chrome as my browsers.

It was running slugish on Thursdya so I tried Melwarebites, it cleand a bunch of nasty stuff off but thats when I was no longer able to get on line. Tried Malwarebytes again but didnt find anything, tried SpywareBlaster and it also did not find anything. It is now compltly off line. Any time I try to start Walwarebytes I get a pop up listing C:\WINDOWS\System32\MyOSProtect.dll is not able to contect on line. I'm thinking MyOSProtect might be the problem.

I have a a zip drive with 114MB of free space. Would that be enoph sace to get an up dated HJT on save a log to send in?
I would much Apprecate any suggestions you may give me.

Thank you guys so much
Ted Cole.

possible keylogger

0
0
SystemLook 30.07.11 by jpshortstuff
Log created at 08:54 on 24/03/2015 by Debbie
Administrator - Elevation successful
========== filefind ==========
Searching for "*mywebsearch*.*"
C:\Users\Debbie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8BZ3JQTT\couponalert.dl.mywebsearch[1].xml --a---- 453 bytes [17:12 24/02/2015] [17:12 24/02/2015] D10DE17035A09635646C4967726AE777
Searching for "*couponalert*.*"
C:\AdwCleaner\Quarantine\C\Users\Debbie\AppData\LocalLow\CouponAlert_2p\Cou ponAlert_2p\Cache\CouponAlertBtn.html.vir --a---- 5424 bytes [16:14 26/07/2011] [15:54 10/03/2012] A969BA073A66FD247E0CD6151D517FE1
C:\AdwCleaner\Quarantine\C\Users\Debbie\AppData\LocalLow\CouponAlert_2p\Cou ponAlert_2p\Cache\CouponAlertNewDealsBtn.html.vir --a---- 5424 bytes [16:14 26/07/2011] [15:54 10/03/2012] A969BA073A66FD247E0CD6151D517FE1
C:\Users\Debbie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8BZ3JQTT\couponalert.dl.mywebsearch[1].xml --a---- 453 bytes [17:12 24/02/2015] [17:12 24/02/2015] D10DE17035A09635646C4967726AE777
Searching for "*macro-recorder*.*"
No files found.
Searching for "*No-IP*.*"
No files found.
Searching for "*NoIPDUC*.*"
No files found.
Searching for "*macro recorder*.*"
No files found.
Searching for "*PriceBlink*.*"
C:\Users\Debbie\AppData\Roaming\PriceBlink.dat --a---- 41 bytes [16:03 06/01/2012] [16:03 06/01/2012] 5B8310E69526AC298DAA59862128F989
========== folderfind ==========
Searching for "*mywebsearch*"
No folders found.
Searching for "*couponalert*"
C:\AdwCleaner\Quarantine\C\Users\Debbie\AppData\LocalLow\CouponAlert_2p d------ [14:16 09/06/2014]
C:\AdwCleaner\Quarantine\C\Users\Debbie\AppData\LocalLow\CouponAlert_2p\Cou ponAlert_2p d------ [14:16 09/06/2014]
Searching for "*macro-recorder*"
No folders found.
Searching for "*No-IP*"
No folders found.
Searching for "*NoIPDUC*"
No folders found.
Searching for "*macro recorder*"
No folders found.
Searching for "*PriceBlink*"
C:\Program Files (x86)\PriceBlink d------ [16:03 06/01/2012]
========== regfind ==========
Searching for "mywebsearch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File0"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache\048CF16 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File1"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache\048CF3C 8"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File2"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache\048CF5AB.bi n"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File3"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache\048CF628.bi n"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File4"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache\048CF6B4.bm p"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File5"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache\048CF741.bi n"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File6"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache\files.i ni"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File7"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\History\searc h3"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File8"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\bt marrow.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File9"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\ca ncel.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File10"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\c onfig.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File11"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\c ontinue.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File12"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\d ispatch.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File13"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\d ivider.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File14"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\g cancel.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File15"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\i ndex.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File16"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\i nfobar.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File17"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\j query.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File18"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l a.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File19"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l bcs.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File20"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l bms.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File21"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ca.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File22"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l cfc.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File23"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l cm.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File24"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l cs.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File25"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l cso.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File26"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ctn.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File27"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l db.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File28"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l dbg.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File29"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ddg.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File30"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ff.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File31"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ffb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File32"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l g.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File33"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l gs.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File34"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l gw.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File35"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ha.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File36"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l hp.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File37"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ia.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File38"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l iwon.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File39"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l kazulah.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File40"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l md.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File41"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l mfc.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File42"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l mh.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File43"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l mma.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File44"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l mosh.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File45"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l mwf.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File46"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l mws.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File47"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l obm.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File48"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l oryte.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File49"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l pss.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File50"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l qc.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File51"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l rb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File52"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l rg.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File53"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l rr.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File54"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l sc.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File55"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l scr.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File56"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l si.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File57"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l ssd.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File58"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l trs.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File59"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l tvf.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File60"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l vs.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File61"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l wb.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File62"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l wf.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File63"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\l zwinky.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File64"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\m gaddons.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File65"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\o k.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File66"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\o verlay.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File67"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\p id.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File68"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\q string.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File69"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\s hield.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File70"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\s pacer.swf"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File71"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\t oolbar.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File72"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\y elgrey.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File73"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\y ellowbg.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File74"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\z Enable.css"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File75"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\z Enable.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File76"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COMMON\z Enable.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File77"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\8 _step1.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File78"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\a utoup.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File79"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\a utoup.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File80"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kez.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File81"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kgr.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File82"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kgs.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File83"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b klf.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File84"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b krg.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File85"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kwebfet.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File86"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzc.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File87"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzl.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File88"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzn.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File89"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzq.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File90"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzr.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File91"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzu.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File92"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzv.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File93"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzw.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File94"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b kzwinky.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File95"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b lubtn2d.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File96"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b lubtn2r.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File97"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b lubtn3d.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File98"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\b lubtn3r.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File99"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\c enter.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File100"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ index.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File101"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ mid_dots.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File102"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ protect.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File103"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ rebut4.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File104"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ rebut4b.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File105"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ rebut4c.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File106"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ shield.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File107"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ shocked.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File108"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ stop.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File109"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ systray.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File110"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ systrayp.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File111"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ tp_grad.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File112"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COMMON\ warn.gif"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFile s]
"File113"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Settings\prevcf g2.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder3"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Cache"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder4"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\History"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder5"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg\COM MON"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder6"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\ie9mesg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder7"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message\COM MON"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder8"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Message"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder9"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar\Settings"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder10"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH\bar"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFold ers]
"Folder11"="C:\Users\Debbie\AppData\LocalLOW\MYWEBSEARCH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}]
@="IMyWebSearchSkinRect"
Searching for "couponalert"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CouponAlert_2pEI]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CouponAlert_2pEI\Installer]
"CacheDir"="C:\Users\Debbie\AppData\LocalLow\CouponAlert_2pEI\Installr\Cach e\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"TCP Query User{750A6CEE-CE20-4B66-9A55-765D55BD224B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe"="v2.10|Action=Block|Active=TRU E|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe|Name=Run a MindSpark DLL as an App|Desc=Run a MindSpark DLL as an App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"UDP Query User{4D9926C3-A422-4264-87B3-205BB8C50B9B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe"="v2.10|Action=Block|Active=TRU E|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe|Name=Run a MindSpark DLL as an App|Desc=Run a MindSpark DLL as an App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"TCP Query User{750A6CEE-CE20-4B66-9A55-765D55BD224B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe"="v2.10|Action=Block|Active=TRU E|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe|Name=Run a MindSpark DLL as an App|Desc=Run a MindSpark DLL as an App|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"UDP Query User{4D9926C3-A422-4264-87B3-205BB8C50B9B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe"="v2.10|Action=Block|Active=TRU E|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe|Name=Run a MindSpark DLL as an App|Desc=Run a MindSpark DLL as an App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"TCP Query User{750A6CEE-CE20-4B66-9A55-765D55BD224B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe"="v2.10|Action=Block|Active=TRU E|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe|Name=Run a MindSpark DLL as an App|Desc=Run a MindSpark DLL as an App|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"UDP Query User{4D9926C3-A422-4264-87B3-205BB8C50B9B}C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe"="v2.10|Action=Block|Active=TRU E|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\couponalert_2p\bar\1.bin\2pmedint.exe|Name=Run a MindSpark DLL as an App|Desc=Run a MindSpark DLL as an App|"
[HKEY_USERS\S-1-5-21-2402950803-3680726036-3035458503-1000\Software\AppDataLow\Software\CouponAlert_2pEI]
[HKEY_USERS\S-1-5-21-2402950803-3680726036-3035458503-1000\Software\AppDataLow\Software\CouponAlert_2pEI\Installer]
"CacheDir"="C:\Users\Debbie\AppData\LocalLow\CouponAlert_2pEI\Installr\Cach e\"
Searching for "macro-recorder"
No data found.
Searching for "No-IP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-2402950803-3680726036-3035458503-1009\App Restrictions\{55222894-74AA-49BE-BDB5-A60A7BC8C247}]
"Path"="C:\Program Files (x86)\No-IP\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-2402950803-3680726036-3035458503-1009\App Restrictions\{67E7E586-3996-4A02-A153-78DBA9D8F68E}]
"Path"="C:\Program Files (x86)\No-IP\DUC40.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-2402950803-3680726036-3035458503-1009\App Restrictions\{F287818F-BF58-4AE7-A59E-2E02F91DF0E4}]
"Path"="C:\Program Files (x86)\No-IP\ducservice.exe"
Searching for "NoIPDUC"
No data found.
Searching for "macro recorder"
No data found.
Searching for "PriceBlink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-2402950803-3680726036-3035458503-1009\App Restrictions\{8054C99B-A8FD-43F0-B851-1E743DD07476}]
"Path"="C:\Program Files (x86)\PriceBlink\uninstall.exe"
-= EOF =-

Suspecting Spyware on Laptop

0
0
Hi,
I am writing today to ask for help on what could be a threat on my laptop.

I own a Windows 7 Laptop computer and I encountered an issue that lead me to believe that my computer may contain a variant of spyware on it. A little background of what I do with my online use is that I am a YouTube content creator that makes music. Last night, I was on YouTube replying to a comment that discussed the use of my tag. In music, a tag is used to prevent the theft of a song.

Back to the story, I replied to the comment stating that I was changing my tag to make it more professional. Here's where the issue begins. Suddenly, minutes later, I get a strange text on my phone from a number I do not recognize. The first text read "BALLS", which at first lead me to believe that the person had the wrong number, but the second text is what raises my concern to full alert. The second text read "Super excited about the future of this tag".

I have never given my number to anyone on the internet, nor to a stranger. My number is connected to my Youtube account, but I do not know how this person was able to claim my number, and I really don't know how the person was able to know I was talking about my tag. I was then lead to believe that some form of spyware was involved (I am not 100% sure or not). I panicked and did a full scan with AVG and Malwarebytes, but neither found anything, so I decided to do more research on spyware on my own. From that moment, I decided to stop using my laptop in fear that the potential spyware is a keylogger.

This morning, I received an email from Twitch stating that someone attempted to hack my account, but Twitch stopped them and reset my password automatically. This rose my concern even further, thinking that my accounts were in danger, but fortunately, a few friends and reliable people told me that several people got that email from Twitch because they had issues with their servers. I took the precaution of resetting the passwords of all of my accounts on a different computer.

All of my passwords are reset and all of my accounts are safe and functional, and my anti virus says my laptop is clean, but the question still remains on how I got that suspicious text that "coincidentally" knew I was talking about my tag with another person. Could there be spyware on my laptop that allowed the person to know what I was talking about? Maybe its a glitch with Google accounts. Hopefully I know for sure.

Virus and pop-up issues

0
0
I'm having problems with pop-ups and virus issues. My anti-virus protection lapsed and I've been having troubles. Reinstating the virus program (ESET) can't seem to fix the issues. Have tried MBAM, etc., but I think I need a careful analysis and cleaning.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-4702HQ CPU @ 2.20GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 8115 Mb
Graphics Card: NVIDIA GeForce GTX 765M, -2048 Mb
Hard Drives: C: Total - 231369 MB, Free - 157320 MB;
Motherboard: RAZER, RAZER
Antivirus: ESET Smart Security 8.0, Updated and Enabled

many ads when im on internet


poss full of spyware etc cos pages loading slow and coming out wrong

0
0
Hi Ruggie

I had a bitcoin wallet on my old computer and could the bitcoin miner be related to my btc qt wallet, because I think I copied some files from my old computer.
I have not yet been able to transfer the wallet proper to this computer, because I keep making mistakes when I try.
I also tried to dowload a video calling software from facebook.
Also bt asked me to dowload software but I cannot remember what the software was called and bt scanned my computer and a black screen came up with a load of stuff on with 'hackers' at the end, was this just a scam from bt?
thanks.
EDITED to add, i trid to delte the files as requested, there were two facebook files, so I deleted both. I kept the bitcoin file as I have a wallet as per above.
I cannot find the frst file, so, please could you send me a link to download it, because i looked at the first posts in this thead and I wasnt sure where to download it from, sorry to sound thick, thanks.

Windows 7 Freezing all the time

0
0
triptyxh:

The previous versions of AdwCleaner had Scan and Clean and Report buttons.

The current versions now have Scan and Cleaning and Logfile buttons.

Your thread has been moved to the "Virus & Other Malware Removal" section.

I have no authority or training to help you here, so you need to wait for a gold shield removal specialist to reply.

Quote:

Well, most of the time a lot of tabs opened in Chrome and MusicBee for music. Then, often times I'll be on Dota with all of these opened. And I have Process Lasso on as well.
That's one reason why your computer has slowed down to a turtle's pace or is freezing.

That's quite a load you're putting on it at one time.

---------------------------------------------------------

Blocked from Downloading Updates

0
0
Can you post the first log from RogueKiller, I need to see what you removed.... Logs are in the floowing folder:

C:\Programdata\RogueKiller\Logs

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link
When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.


Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.


In most cases, a restart will be required.


Wait for the prompt to restart the computer to appear, then click on Yes.


When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Le me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin.

Attached Files
File Type: txt Fixlist.txt (8.4 KB)

Browser Hijack in IE

0
0
I noticed a few days ago that my IE was acting weird, like when I clicked a button on a page, it didn't do anything. Even my cursor did not change when I hovered over it. And everything was very, very slow.

On another browser (Opera), everything seemed to work fine.

I ran McAfee full scan. It told me 2 infected files found and that it was fixing the 2 issues. But then McAfee hung when it was 99% done, which seems to be a known bug.

Then today back on IE, my browser was hijacked to PowerWeb without me clicking anything.

I've noticed I have multiple instances of a process called plugin.exe that I don't remember seeing before.

Here is my TSG Sysinfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 10
Processor Count: 4
RAM: 3037 Mb
Graphics Card: Intel(R) G41 Express Chipset, 128 Mb
Hard Drives: C: Total - 473300 MB, Free - 158534 MB;
Motherboard: LENOVO, To be filled by O.E.M.
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled

And here is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:26:11 PM, on 3/25/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 32.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToMyPC\G2ProcessFactory.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\DPMTray.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe
C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\2\plugin.exe
C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\4\plugin.exe
C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe
C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\5\plugin.exe
C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugins\3\plugin.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Program Files\Opera\28.0.1750.48\opera_crashreporter.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Program Files\Opera\28.0.1750.48\opera.exe
C:\Documents and Settings\Susie\Desktop\HijackThis (1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Susie/My%20Documents/myhomepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Strong Signal - {c723a437-2eaf-466d-a95b-3fa0966bf88c} - C:\Program Files\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
O4 - HKLM\..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PWRAGD] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Documents and Settings\Susie\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-4010547908-1741489271-1736194522-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'John')
O4 - HKUS\S-1-5-21-4010547908-1741489271-1736194522-1008\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'John')
O4 - HKUS\S-1-5-21-4010547908-1741489271-1736194522-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'John')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1272292042328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1272292038406
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} (DVM_IPCam2 Control) - http://71.184.192.210/codebase/DVM_IPCam2.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Service Mgr StrongSignal - Unknown owner - C:\Documents and Settings\All Users\Application Data\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Update Mgr StrongSignal - Unknown owner - C:\Program Files\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe

--
End of file - 18492 bytes

Thanks so much.

Key-logger virus

0
0
Hi, my computer has been running really slow out of nowhere and I'm constantly having to reset account passwords because they get logged into from other places than where I normally do. I've had to get multiple new bank cards and have had several instances of false charges on my bank accounts. My antivirus can't seem to find anything wrong but something is definitely wrong with my computer. Need help please.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3891 Mb
Graphics Card: Intel(R) HD Graphics, 1721 Mb
Hard Drives: C: Total - 295335 MB, Free - 219261 MB;
Motherboard: LENOVO, 2537C84
Antivirus: ThreatTrack Security VIPRE, Updated and Enabled

HELP!!! So many Pop Ups I cant do anything!!!

0
0
I really need some help with these pop-ups, and ads sending me all over the place

clean or virus???

0
0
How do properly clean my mac? Ive been having trouble with it for the past 2 weeks, its been slow, and pop up are everywhere every time im online, im not sure if it has a virus or just needs a good clean? does anyone have any suggestions on how to help, any help would be great info :)

ive tried verifying and repairing throu disk utility's but done know where to go to from there?

Lucky Searches virus removal

0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz, Intel64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 5050 Mb
Graphics Card: NVIDIA GeForce 7300 SE/7200 GS, 256 Mb
Hard Drives: C: Total - 152524 MB, Free - 62718 MB;
Motherboard: Intel Corporation, DQ35JO
Antivirus: Microsoft Security Essentials, Updated and Enabled


Malware and virus infections are so much worse this year. The latest one I've got is Luckysearches.com. I've used AVG ,RogueKiller, Malwarebytes,adwcleaner and IObit Malware Fighter every day but still here. I went through the registry and removed 3 items but still no good. I've used the internet to ask for help as well but their help is a con, you have to download a special program which is supposed to specially remove the specific problem but never finds it (I used Spyhunter) If any one can give me some assistance that works, THANKS, Ian

Virus Removal Support

0
0

How can PC fully protected from malware and spyware?

query

0
0
Respected sir,

Last week my pc was attacked by help_decrypt virus & i was using win xp sp3, now i hd already cleaned that virus & i hd manually removed help_decrypt files,then i hd install win 7 & i hd aleardy taken backup but the problem is that i cant open any files like doc ,docx video files, jpg files in win7 so is there any problem that it can be open in win 7 as it was earlier win xp sp3 operating system & now win 7?

So my doubt is this is the problem that i cant open winxp sp3 files in win 7 or help_decrypt virus has vanished my entire files & folder. i hd lost entire data.

Sir if u help me out to this problem ur action will be highly appreciating.

Thanking u & awaiting ur fav reply soon.


Regds
jay

Help decrypt_png

0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 2559 Mb
Graphics Card: NVIDIA GeForce FX 5200 (Microsoft Corporation), 512 Mb
Hard Drives: C: Total - 953859 MB, Free - 588501 MB; D: Total - 114400 MB, Free - 114321 MB;
Motherboard: Dell Computer Corp., 0U2424
Antivirus: AVG update module, Updated: Yes, On-Demand Scanner: Enabled



Hello everyone. I am new to this forum and am attempting to get help to repair my computer.
Situation as of 2/2/15:


My computer was infected with HELP_DECRIPT.PNG. Supposedly all cleared by McAfee but viral programs/code still exist on computer and my computer is not performing as it originally was prior to the infection. Infection occurred on about 1/25/15. Most of my document files and pictures located in my harddrive as well as my external harddrive were corrupted and encrypted by this virus. I deleted as much of the decrypt files i was able to find running a search term of "decrypt" and whatever came up i deleted them. I have downloaded Malwarebytes and AVG as well and the computer is still running slow and getting ACCESS DENIED ERROR MESSAGES, YOUR CURRENT SECURITY SETTINGS DO NOT ALLOW YOU TO DOWNLOAD THIS FILE (KEEP IN MIND THAT I HAVE ADMINISTRATOR PRIVILEGES), the exhaust fans in the computer are constantly running high non-stop, Mcafee is always finding trojans on a daily basis, asks for restart after virus detection but then virus detection shows up again. Especially for this one...."c:\windows\system32\windowspowershell\v1.0\powershell.exe" (TROJAN-POWELIKE) . I know I saw you guys resolve the same problem on your site for someone named "GROWLINGDOG" and you guys apparently fixed the problem. I do have some trust issues regarding downloading software from forums but, i have no choice right about now. Please help me get rid of this virus once and for all. I will definitely be grateful for your help. This has cost me huge in time, frustration, and effort as well as loss of all my pics. I don't know why MCafee did not show up in the SYSINFO. Thank you.

Computer stopping, lagging, stops responding, has black boxes on screen....

0
0
It didn't find anything. So disappointed.....
Viewing all 4746 articles
Browse latest View live




Latest Images