TechSpot

PUP Probems

Solved
By compused
Jun 29, 2014
  1. I am now getting what my partner got:

    "C:\PROGRA~2\WINCERT\WIN32C~1.DLL is either not designed to run on Windows or it contains an error. Try installing the programe again using the original installation media or contact your system administrator or the software vendor for support."

    If you press the OK button it stays put as it's in a continuous loop but if you press the X to close it, you get several messages:

    igfxtray.exe - bad image (in every case it says "bad image" so I won't waste time typing this)
    igfxpers.exe
    GoogleUpdate.exe
    SearchEngineProtection.exe
    sidebar.exe
    MUIStartMenu exe
    QLBCTRL.exe

    etc all the programmes that are attached to the start menu are listed every time you press the X key.

    I ran Malwarebytes and it found countless PUP registry faults which I quarantined.

    Any suggestions would be gratefully received. I managed to backup my photographs and other important documents and will continue doing so tomorrow.

    Attached Files:

  2. compused

    compused TS Enthusiast Topic Starter Posts: 126

    Normally I would be able to screen capture the actual logs into Picasa but this doesn't work in this case. Most of them have occured today but there are few that occurred last year.
  3. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Hello and welcome to TechSpot.com My name is Dave. I will be helping you out with your particular problem on your computer.
    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.
    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
    Please download AdwCleaner by Xplode onto your Desktop.
    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [​IMG]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.
    [​IMG]
    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.
    [​IMG]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    [​IMG] Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • It should update automatically if the computer is connected to the internet.
    • Click on Threat Scan and click on Scan Now.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
    • Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
    • When disinfection is completed you can click on "Copy to Clipboard".
    • Paste the log in you next reply (CTRL+ V)
    *************************************************
    Please download Junkware Removal Tool to your desktop.
    Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    Shut down your protection software now to avoid potential conflicts.
    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    •The tool will open and start scanning your system.
    •Please be patient as this can take a while to complete depending on your system's specifications.
    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    •Copy and Paste the JRT.txt log into your next message.
  4. compused

    compused TS Enthusiast Topic Starter Posts: 126

    Hi Dave,

    Thank you very much for taking the time to reply and help me. However, I decided to enlist the help of an IT technician who came this morning and he recovered my hard drive to a date when I did not have the virus. He commended that instead of downloading the free version of Malwarebytes that I buy the full version as it will protect me by running a background check.

    The PUP Options virus must have hijacked the Malwarebytes programme because when I went into Control Panel, clicked on Malwarebytes and clicked uninstall, it said:

    "C:\Programe Files\Malwarebytes Anti-malware\unins\000.msg" is missing. Please correct the problem or obtain a new copy of the program."

    Furthermore, when I clicked in the shortcut icon of Malwarebytes on my Desktop, I got:

    "RUN-time error '383'
    'Text' property is read only"

    When I went on to the Malwarebytes website it said to install the new version which would override the corrupted one but this didn't work and I then got another message:

    "Malwarebytes' Anti-malwarre 1.x is currently installed and could not be uninstalled properly. Please uninstall Malwarebytes 1.x manually, reboot and then try the installation again."

    So I went on to the Malwarebytes site again and ran a cleanup tool which has fixed the problem and I am now up and running with the full version of Malwarebytes.

    I do not need any further help but I have put all this down so that if someone else has the same problem, they can get help. Needless to say, I was up until 3.50 hrs backing up my files!

    Compused
  5. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I seriously doubt that doing a System Restore will remove the infections. I recommend that you run the other scans just to be sure.
  6. compused

    compused TS Enthusiast Topic Starter Posts: 126

    I'll take my chances as I now have the full version of Malwarebytes and, whereas it found a lot of PUP Option entries before, today after scanning it found nothing. I have also run SuperAntiSpyware and this found nothing.
  7. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    SAS is an out of date scanner and will only remove tracking cookies. You would be better off keeping AdwCleaner on your computer and running it frequently.
  8. compused

    compused TS Enthusiast Topic Starter Posts: 126

    Hi Dave,

    I have downloaded and run AdwCleaner and Yes it did find quite a lot of stuff. So thank you.

    Compused
  9. compused

    compused TS Enthusiast Topic Starter Posts: 126

    # AdwCleaner v3.214 - Report created 02/07/2014 at 17:41:18
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Julia - JULIAS
    # Running from : C:\Users\Julia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKY1G5E3\adwcleaner_3.214.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\FileCure
    Folder Deleted : C:\ProgramData\GamesBar
    Folder Deleted : C:\ProgramData\wincert
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
    Folder Deleted : C:\Program Files\GamesBar
    Folder Deleted : C:\Program Files\Search Results Toolbar
    Folder Deleted : C:\Users\Julia\AppData\Local\WeatherAlerts
    Folder Deleted : C:\Users\Julia\AppData\LocalLow\DataMngr
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\oberontb.band
    Key Deleted : HKLM\SOFTWARE\Classes\oberontb.band.1
    Key Deleted : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO
    Key Deleted : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424D-B5FD-125C4AFEE34E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424D-B5FD-125C4AFEE34E}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{377E5D4D-77E5-476A-8716-7E70A9272DA0}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\AVG Nation toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\gamesbar
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\AskBarDis
    Key Deleted : HKLM\Software\AVG Nation toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\gamesbar
    Key Deleted : HKLM\Software\iLividSRTB
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Wincert\WIN32C~1.DLL
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    ***** [ Browsers ] *****
    -\\ Internet Explorer v9.0.8112.16555

    -\\ Google Chrome v
    [ File : C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
    Deleted [Search Provider] : hxxp://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
    *************************
    AdwCleaner[R0].txt - [12192 octets] - [02/07/2014 17:39:52]
    AdwCleaner[S0].txt - [12384 octets] - [02/07/2014 17:41:18]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12445 octets] ##########
  10. compused

    compused TS Enthusiast Topic Starter Posts: 126

    The above is what it found.
  11. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    That's good. Run it about once a week.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.