Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple iexplorer.exe's showing in task manager [Solved]


  • This topic is locked This topic is locked

#31
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Ok! Yes, Google Chrome was installed on this laptop at one time.

Thanks, aye it looks like leftovers from a app with the prior installed Google Chrome are the problem. Plus some adware remnants we can address also as follows...

Custom OTL Script:

If OTL is no longer present on your desktop, re-download from here and save it to your desktop.

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:Files
C:\Users\mullins4\AppData\Local\TLworks
C:\Program Files (x86)\weDownload Manager Pro

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TLworks Update"=-
[HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"TLworks Update"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CDEFDFA-4F43-4177-8153-34B33040FBE}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29ADC43E-A48D-447C-AD11-BD82809594}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323A2311-37FB-4CE5-97A9-6427C0B59C83}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5646C3B2-1CCA-45BD-8546-1C08DDC936D}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{641A82A5-EA55-4666-9DB0-CBA572D48539}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A8B63B-3D62-4CDB-AE39-1FD9B24605C}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FB9A30-6E44-444E-A165-FED88ED3443}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CD6797-1F08-4FB1-8764-589F64827ECC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CD6797-1F08-4FB1-8764-589F64827ECC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9781AAD4-273F-4F9F-97F8-EFD736CFBB90}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1812915-9F5A-417A-A970-ED9AEB812F50}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA06345B-9654-4AA7-A729-D219E9CABE0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B46096F9-BD17-4C2A-856D-6E9A8792DD16}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD53F9AE-717E-4404-B95F-87C2C54D79DC}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF630A11-C34F-41E6-BB34-9B1C15B9673}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF7C483F-19B0-4641-9A5B-24E3C4AB95BE}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D56133-7C62-4C0C-84C3-71BEBF87967E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBF85040-DD31-487A-9279-672529729FA0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5FDB88-A0B9-48A1-BC4-483BA8B06D48}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04C9430-EAD-4392-AB87-216EE99859}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1B7D654-7D93-483D-A9D-17E0FED168A2}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E96347AA-24E6-4EB7-8072-2AFA718F146F}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9EF6DE3-FB3B-49D1-B930-BE8441C9CFE8}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F028D835-DBA9-4D09-B98E-8A8C9DB08683}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F833D482-62B6-46E7-8CCE-DECB3C2DB42}]
[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\weDownload Manager Pro]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CDEFDFA-4F43-4177-8153-34B33040FBE}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29ADC43E-A48D-447C-AD11-BD82809594}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323A2311-37FB-4CE5-97A9-6427C0B59C83}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5646C3B2-1CCA-45BD-8546-1C08DDC936D}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{641A82A5-EA55-4666-9DB0-CBA572D48539}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A8B63B-3D62-4CDB-AE39-1FD9B24605C}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FB9A30-6E44-444E-A165-FED88ED3443}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CD6797-1F08-4FB1-8764-589F64827ECC}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9781AAD4-273F-4F9F-97F8-EFD736CFBB90}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1812915-9F5A-417A-A970-ED9AEB812F50}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA06345B-9654-4AA7-A729-D219E9CABE0}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B46096F9-BD17-4C2A-856D-6E9A8792DD16}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD53F9AE-717E-4404-B95F-87C2C54D79DC}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF630A11-C34F-41E6-BB34-9B1C15B9673}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF7C483F-19B0-4641-9A5B-24E3C4AB95BE}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D56133-7C62-4C0C-84C3-71BEBF87967E}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBF85040-DD31-487A-9279-672529729FA0}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5FDB88-A0B9-48A1-BC4-483BA8B06D48}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04C9430-EAD-4392-AB87-216EE99859}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1B7D654-7D93-483D-A9D-17E0FED168A2}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E96347AA-24E6-4EB7-8072-2AFA718F146F}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9EF6DE3-FB3B-49D1-B930-BE8441C9CFE8}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F028D835-DBA9-4D09-B98E-8A8C9DB08683}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F833D482-62B6-46E7-8CCE-DECB3C2DB42}]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro]
[-HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\weDownload Manager Pro]
[-HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro]

:Commands
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • When OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
  • 0

Advertisements


#32
cartoonistmusician

cartoonistmusician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hey! :)

Ok, well glad we got the problem figured out.

Ok, is this the right OTL log?




========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\mullins4\AppData\Local\TLworks folder moved successfully.
File\Folder C:\Program Files (x86)\weDownload Manager Pro not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TLworks Update deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TLworks Update not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CDEFDFA-4F43-4177-8153-34B33040FBE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CDEFDFA-4F43-4177-8153-34B33040FBE}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29ADC43E-A48D-447C-AD11-BD82809594}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29ADC43E-A48D-447C-AD11-BD82809594}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323A2311-37FB-4CE5-97A9-6427C0B59C83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323A2311-37FB-4CE5-97A9-6427C0B59C83}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5646C3B2-1CCA-45BD-8546-1C08DDC936D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5646C3B2-1CCA-45BD-8546-1C08DDC936D}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{641A82A5-EA55-4666-9DB0-CBA572D48539}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{641A82A5-EA55-4666-9DB0-CBA572D48539}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A8B63B-3D62-4CDB-AE39-1FD9B24605C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78A8B63B-3D62-4CDB-AE39-1FD9B24605C}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FB9A30-6E44-444E-A165-FED88ED3443}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FB9A30-6E44-444E-A165-FED88ED3443}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CD6797-1F08-4FB1-8764-589F64827ECC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91CD6797-1F08-4FB1-8764-589F64827ECC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CD6797-1F08-4FB1-8764-589F64827ECC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91CD6797-1F08-4FB1-8764-589F64827ECC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9781AAD4-273F-4F9F-97F8-EFD736CFBB90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9781AAD4-273F-4F9F-97F8-EFD736CFBB90}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1812915-9F5A-417A-A970-ED9AEB812F50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1812915-9F5A-417A-A970-ED9AEB812F50}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA06345B-9654-4AA7-A729-D219E9CABE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA06345B-9654-4AA7-A729-D219E9CABE0}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B46096F9-BD17-4C2A-856D-6E9A8792DD16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46096F9-BD17-4C2A-856D-6E9A8792DD16}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD53F9AE-717E-4404-B95F-87C2C54D79DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD53F9AE-717E-4404-B95F-87C2C54D79DC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF630A11-C34F-41E6-BB34-9B1C15B9673}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF630A11-C34F-41E6-BB34-9B1C15B9673}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF7C483F-19B0-4641-9A5B-24E3C4AB95BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7C483F-19B0-4641-9A5B-24E3C4AB95BE}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D56133-7C62-4C0C-84C3-71BEBF87967E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2D56133-7C62-4C0C-84C3-71BEBF87967E}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBF85040-DD31-487A-9279-672529729FA0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBF85040-DD31-487A-9279-672529729FA0}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5FDB88-A0B9-48A1-BC4-483BA8B06D48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FDB88-A0B9-48A1-BC4-483BA8B06D48}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04C9430-EAD-4392-AB87-216EE99859}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E04C9430-EAD-4392-AB87-216EE99859}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1B7D654-7D93-483D-A9D-17E0FED168A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1B7D654-7D93-483D-A9D-17E0FED168A2}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E96347AA-24E6-4EB7-8072-2AFA718F146F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E96347AA-24E6-4EB7-8072-2AFA718F146F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9EF6DE3-FB3B-49D1-B930-BE8441C9CFE8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9EF6DE3-FB3B-49D1-B930-BE8441C9CFE8}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F028D835-DBA9-4D09-B98E-8A8C9DB08683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F028D835-DBA9-4D09-B98E-8A8C9DB08683}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F833D482-62B6-46E7-8CCE-DECB3C2DB42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F833D482-62B6-46E7-8CCE-DECB3C2DB42}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\weDownload Manager Pro\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CDEFDFA-4F43-4177-8153-34B33040FBE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CDEFDFA-4F43-4177-8153-34B33040FBE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29ADC43E-A48D-447C-AD11-BD82809594}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29ADC43E-A48D-447C-AD11-BD82809594}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{323A2311-37FB-4CE5-97A9-6427C0B59C83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323A2311-37FB-4CE5-97A9-6427C0B59C83}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5646C3B2-1CCA-45BD-8546-1C08DDC936D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5646C3B2-1CCA-45BD-8546-1C08DDC936D}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{641A82A5-EA55-4666-9DB0-CBA572D48539}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{641A82A5-EA55-4666-9DB0-CBA572D48539}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78A8B63B-3D62-4CDB-AE39-1FD9B24605C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78A8B63B-3D62-4CDB-AE39-1FD9B24605C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FB9A30-6E44-444E-A165-FED88ED3443}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FB9A30-6E44-444E-A165-FED88ED3443}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CD6797-1F08-4FB1-8764-589F64827ECC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91CD6797-1F08-4FB1-8764-589F64827ECC}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9781AAD4-273F-4F9F-97F8-EFD736CFBB90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9781AAD4-273F-4F9F-97F8-EFD736CFBB90}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1812915-9F5A-417A-A970-ED9AEB812F50}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1812915-9F5A-417A-A970-ED9AEB812F50}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA06345B-9654-4AA7-A729-D219E9CABE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA06345B-9654-4AA7-A729-D219E9CABE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B46096F9-BD17-4C2A-856D-6E9A8792DD16}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46096F9-BD17-4C2A-856D-6E9A8792DD16}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD53F9AE-717E-4404-B95F-87C2C54D79DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD53F9AE-717E-4404-B95F-87C2C54D79DC}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF630A11-C34F-41E6-BB34-9B1C15B9673}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF630A11-C34F-41E6-BB34-9B1C15B9673}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF7C483F-19B0-4641-9A5B-24E3C4AB95BE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7C483F-19B0-4641-9A5B-24E3C4AB95BE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D56133-7C62-4C0C-84C3-71BEBF87967E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2D56133-7C62-4C0C-84C3-71BEBF87967E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBF85040-DD31-487A-9279-672529729FA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBF85040-DD31-487A-9279-672529729FA0}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5FDB88-A0B9-48A1-BC4-483BA8B06D48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5FDB88-A0B9-48A1-BC4-483BA8B06D48}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E04C9430-EAD-4392-AB87-216EE99859}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E04C9430-EAD-4392-AB87-216EE99859}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1B7D654-7D93-483D-A9D-17E0FED168A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1B7D654-7D93-483D-A9D-17E0FED168A2}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E96347AA-24E6-4EB7-8072-2AFA718F146F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E96347AA-24E6-4EB7-8072-2AFA718F146F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9EF6DE3-FB3B-49D1-B930-BE8441C9CFE8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9EF6DE3-FB3B-49D1-B930-BE8441C9CFE8}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F028D835-DBA9-4D09-B98E-8A8C9DB08683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F028D835-DBA9-4D09-B98E-8A8C9DB08683}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F833D482-62B6-46E7-8CCE-DECB3C2DB42}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F833D482-62B6-46E7-8CCE-DECB3C2DB42}\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro\ not found.
Registry key HKEY_USERS\S-1-5-21-2703072250-3418364838-736424028-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\weDownload Manager Pro\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\weDownload Manager Pro\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12142013_150814
  • 0

#33
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi and my apologies for the delay as I am not always available at the weekends. :)

Ok, well glad we got the problem figured out.

Is the error you mentioned in post #26 no longer appearing with every start-up/reboot ?

Plus please check that ScorpionSaver is no longer installed.

is this the right OTL log?

Aye it is thank you.

Check Hard Disk For Errors:

Download the attached hddcheck.bat below and save to your desktop:-



Now right-click on hddcheck.bat and select Run as Administrator to run the batch file. A blank command window will open on your desktop, then close in a few minutes. This is normal and the batch file itself will self-delete when completed.

A file icon named checkhd.txt should appear on your desktop. Please post the contents of this file in your next reply.
  • 0

#34
cartoonistmusician

cartoonistmusician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hey! :)

That's ok! I read in your little signature thing at the bottom of your replies that you're sometimes not available on weekends. :)

I just restarted the computer today, and that error window didn't pop up... so I believe it's fixed. :)

I found ScorpionSaver in the list of installed programs, but when I tried to uninstall it, it told me the installation source for the product is not available, and to verify that the source exists and that I can access it. Something like that. Here's a screenshot of the window that pops up.

ScorpionSaver uninstall problem.png

Here's the log from the checkhd.txt



The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1010 large file records processed.

0 bad file records processed.

0 EA records processed.

45 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
27880 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

469530623 KB total disk space.
91440924 KB in 146695 files.
101588 KB in 27881 indexes.
0 KB in bad sectors.
330731 KB in use by the system.
65536 KB occupied by the log file.
377657380 KB available on disk.

4096 bytes in each allocation unit.
117382655 total allocation units on disk.
94414345 allocation units available on disk.
  • 0

#35
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

That's ok! I read in your little signature thing at the bottom of your replies that you're sometimes not available on weekends. :)

Thanks.

I just restarted the computer today, and that error window didn't pop up... so I believe it's fixed. :)

Good.

I found ScorpionSaver in the list of installed programs, but when I tried to uninstall it, it told me the installation source for the product is not available, and to verify that the source exists and that I can access it. Something like that. Here's a screenshot of the window that pops up.

Basically the main part of the adware related dross has been removed prior and just what is known as a orphaned entry has been left behind; which can be taken care of by the below custom registry fix.

Custom Registry Modification:

Download and save ScorpionSaver.reg(see below) to your desktop.



Now right-click on ScorpionSaver.reg >> Merge >> follow the prompts.

Once processed you can delete ScorpionSaver.reg and empty the Recycle Bin

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
  • Now click on: Posted Image
  • Use notepad to open the log file located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

My friendly advice is you consider keeping the online scanner installed then run it say once per month as a extra check. A quick easy way to do so would be via:-

Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files (x86) >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.
  • 0

#36
cartoonistmusician

cartoonistmusician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hey! :)

Ok! I followed your instructions. Here's the log from ESET. I went on ahead and decided to keep the online scanner on the computer. Don't hurt to have some extra help. :)



[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6996d77f1328b24989aa3f96cf7f281c
# engine=16289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-17 12:59:57
# local_time=2013-12-16 07:59:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 138785447 0 0
# scanned=166296
# found=18
# cleaned=0
# scan_time=8329
sh=040C0EE589AA49266F8E8DC1F73D750FFC17DEDE ft=1 fh=0d72d6fa98de4fde vn="Win64/Adware.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=EDAD6FB47BA4FCC10A3A21FE089B00D24B2B3888 ft=1 fh=a873b9e011de4047 vn="a variant of Win32/Toolbar.CrossRider.K application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allyrics-16\Allyrics-16-codedownloader.exe.vir"
sh=765C0E95D157DED70E3F47E06DE62804F8B5F92F ft=1 fh=695426914236fdba vn="a variant of Win32/Toolbar.CrossRider.K application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allyrics-16\Allyrics-16-enabler.exe.vir"
sh=4D9426905EEDB3CED00CA4CE8778BBDAC917AFCD ft=1 fh=80a60555f91539bc vn="a variant of Win32/Toolbar.CrossRider.K application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Allyrics-16\Allyrics-16-updater.exe.vir"
sh=9182A923990EDEE0961913EE79DA20DB683E6BCB ft=1 fh=e4a0e7f51d99cd6a vn="a variant of Win32/Distromatic.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir"
sh=AFF6026DD64A6AD95B73CD2D1EE61EAEBA192C4E ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\bootstrap.js.old.vir"
sh=A4A18C5F695A0AC46A0925AAA223BF3C79861259 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\bootstrap.js.vir"
sh=F78886499FB89659025325395990157CB22F2872 ft=1 fh=ac1f9e8b89f73bab vn="a variant of Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\CustomActionInstall.vir"
sh=C9681A9E2E9BB9AA393472F7BABAF6B1976E54E9 ft=1 fh=5839279b415b7fbc vn="a variant of Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\CustomActionUninstall.vir"
sh=3E96B9735719402FC4DF891275A3B0CEACABC6F1 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\manifest.json.vir"
sh=4B5D3F28D53D4B23D42D87A1DB8B5400AED41984 ft=1 fh=6f98768c3952313c vn="Win32/Conduit.SearchProtect.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir"
sh=11E3F37414E0958E8E8F55820BBCDC932C247061 ft=1 fh=cfb470b4b458fa8b vn="a variant of Win32/Toolbar.CrossRider.K application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe.vir"
sh=0D58190EDB40F5F0CA15CC3DC139982DB8DD9075 ft=1 fh=12fd83a69e8da80f vn="a variant of Win32/Toolbar.CrossRider.K application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe.vir"
sh=7D9F5ADA272D046CCCA0EE32A476B124478CF475 ft=1 fh=81b5242547dc3032 vn="a variant of Win32/Toolbar.CrossRider.K application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe.vir"
sh=447B17637B9B160240EBD88EB6994754C2C92C35 ft=1 fh=296582bf4d899aa9 vn="a variant of Win32/Toolbar.CrossRider.K application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe.vir"
sh=5357E97F4D68F68B8C7278D4EA9191B53711FA11 ft=1 fh=b8e328b3d4bb0561 vn="Win32/MyPCBackup.A application" ac=I fn="C:\FRST\Quarantine\1371786419_Cloud_Backup_Setup.exe"
sh=CC9B9B955D84F9C21B4148025BF0DEE55AB22690 ft=1 fh=f0888fe41e5bc520 vn="Win32/Packed.ScrambleWrapper.G application" ac=I fn="C:\FRST\Quarantine\1384266401_wedownload_manager_pro_1.exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R application" ac=I fn="C:\FRST\Quarantine\sp_downloader.exe"
  • 0

#37
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I went on ahead and decided to keep the online scanner on the computer. Don't hurt to have some extra help. :)

A prudent move, I have it installed also on all of the machines in my household.

Now regarding the actual results of the online scan, the results are favourable as all that has been detected are items in the quarantine folders of both AdwCleaner and FRST. Both of which will be purged/fully removed in due course.

Next:

Let check/update some software as follows shall we...

  • Download and install FileHippo Update Checker from here.
  • Once installed(during the installation process deselect the option:- Run at Startup >> Start(Windows 7 Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
  • Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Uninstall a program or Programs and Features in the Control Panel.
  • Re-install the updated software, delete the installers and then empty the Recycle Bin.
  • When completed the above let myself know and if any further issues remaining, thank you.
Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
  • 0

#38
cartoonistmusician

cartoonistmusician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello! :)

Ok! Well I just installed FileHippo and updated all the things it detected that needed updating. :)

I don't think there are any other issues remaining. Computer seems to be running fine now. I'm still unable to uninstall that ScorpionSaver. Should I be able to remove it now, or is that something we'll get to later? :) Besides that, everything else seems fine.
  • 0

#39
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I'm still unable to uninstall that ScorpionSaver

Still present eh...OK download and merge the below reg' fix same as last time and let myself know if it is still present afterwards please.


  • 0

#40
cartoonistmusician

cartoonistmusician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Yea, still there. I just downloaded the 2nd reg file and clicked merge, but ScorpionSaver is still showing up in the installed programs.
  • 0

Advertisements


#41
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I just downloaded the 2nd reg file and clicked merge, but ScorpionSaver is still showing up in the installed programs.

OK lets try a different approach as follows...

Add Remove Program Cleaner:

Please download Add Remove Program Cleaner to your desktop.

  • Right-click on addremovecleaner.exe and select Run as Administrator to launch the application.
  • Locate ScorpionSaver in the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list.
  • At the prompt click on Yes then Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.
Next:

Check if the entry is still present for ScorpionSaver etc.
  • 0

#42
cartoonistmusician

cartoonistmusician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Alright! Just tried the Add Remove Programs Cleaner and restarted. ScorpionSaver is gone now. :)
  • 0

#43
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Alright! Just tried the Add Remove Programs Cleaner and restarted. ScorpionSaver is gone now. :)

Good, congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall AdwCleaner:

  • Right-click on AdwCleaner.exe nd select Run as Administrator to start the program
  • Click on Uninstall >> Yes, this will remove the application and its log(s) etc.
Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties >> System protection >> Create....
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

  • Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Charter Security Suite(the AV component) automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Registry Backup:

Tweaking.com - Registry Backup, I advise you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Note: As mentioned prior a tutorial for Registry Backup explaining the various features be viewed here.

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings, Securing Your Web Browser and Securing Your Router.

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

CryptoPrevent Tool:

How to prevent your computer from becoming infected by CryptoLocker

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#44
cartoonistmusician

cartoonistmusician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hey! :)

Well that's good to hear it's clean now. So we're done I guess? Thanks for the help and the extra advice here, I'll definitely use it. And thanks to NathDep for his help too. :)
  • 0

#45
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Aye the Malware Removal process is completed now and you're most welcome! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP