Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Corrupt Registry [Solved]


  • This topic is locked This topic is locked

#16
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I've installed "Wirelesskeyview" myself to get my neighbours password (i've got their permission), it's rather long.

Here is the ESET report,; now going to conduct Security Check scan.

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a867e8ec8b0f3c4a8bcffc502cf0f0e8
# engine=19614
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-12 11:24:57
# local_time=2014-08-12 01:24:57 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 359569 172263187 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8897 159473888 0 0
# scanned=238741
# found=58
# cleaned=0
# scan_time=7798
sh=EA3A67ADA3840798C08B3973B628610BFC1185C9 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx.vir"
sh=45A0F8916FC6E261741F49DE42AD9172510BF017 ft=1 fh=c1cabb88bd877a2c vn="Win32/BrowseFox.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\lucky leap\luckyleapUninstall.exe.vir"
sh=886271A59B6E513DE79B853354A67CB9D0B6F9E0 ft=1 fh=e47de79839fbeae1 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\MYC-ST\APNIC.dll.vir"
sh=7EFC31C349C63F11909481825B9240F7C51E4E09 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\js\app\background.js.vir"
sh=8AC318CCD2B22FA8329CA445726C4CF3239570FA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\js\app\extension.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\120_luck_m.js.vir"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\92_superfish_m.js.vir"
sh=DEF8CB14886F5A427CEB5E70D8C1D395AC135F4A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\ZoneAlarm_Security\ldrtbZone.dll.vir"
sh=E6F9792E271F52A2245CC8D72C05A57D6DFBBDE3 ft=1 fh=0690a81bbbd9c1b6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\ZoneAlarm_Security\tbZone.dll.vir"
sh=6E40FB5B9DE5DC33A5A77809690485504D8CB2AF ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected]"
sh=6EC2EC913362EADB9961006A9F8865AECFA24B05 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx.xBAD"
sh=9D4DD972B7B8DB157D6D0E994D77A920463CCBB1 ft=1 fh=e2ca1b320f290c43 vn="probably a variant of Win32/FreeNew potentially unwanted application" ac=I fn="C:\Program Files\FreeApps\FreeApps.exe"
sh=50F757A7A278E6DB3897C241F6942FA6E775A77B ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep14.zip"
sh=7B717663472084DBDBD9271BCCDF9B4900963374 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep17.zip"
sh=43FDC38F4BDD29777B9B7E312717823A93715A24 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep20.zip"
sh=69610BC4481D9CB5CFAB79A16900FB998770EBBD ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\Pricepeep9.zip"
sh=972A2703F30AD4F76074002AC58DE64787C838AF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO14.zip"
sh=60274E4D5A9CF0FE76F65EB6F66205D0BE666BCD ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO32.zip"
sh=321172DF88DE7AC6372EF25D3B326EE619463461 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO44.zip"
sh=0746BA60796902D6B57763D70D2251055B226C07 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO56.zip"
sh=3A689BCDA869764FC0510E55DC5821F47ADE7272 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip"
sh=50F757A7A278E6DB3897C241F6942FA6E775A77B ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep14.zip"
sh=7B717663472084DBDBD9271BCCDF9B4900963374 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep17.zip"
sh=43FDC38F4BDD29777B9B7E312717823A93715A24 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep20.zip"
sh=69610BC4481D9CB5CFAB79A16900FB998770EBBD ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\Pricepeep9.zip"
sh=972A2703F30AD4F76074002AC58DE64787C838AF ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO14.zip"
sh=60274E4D5A9CF0FE76F65EB6F66205D0BE666BCD ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO32.zip"
sh=321172DF88DE7AC6372EF25D3B326EE619463461 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO44.zip"
sh=0746BA60796902D6B57763D70D2251055B226C07 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO56.zip"
sh=3A689BCDA869764FC0510E55DC5821F47ADE7272 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip"
sh=1233CA266AE517F84C9B76E582C536E4A1BE1F48 ft=1 fh=0043c85fb004618c vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\User\Documents\Downloads\Brothersoft.exe"
sh=63F80A9454E72A8256125C3C6787BD25042924A9 ft=0 fh=0000000000000000 vn="a variant of Win32/WirelessKeyView.A potentially unsafe application" ac=I fn="C:\Users\User\Dropbox\wirelesskeyview.zip"
sh=D8546A1D91EF5E320E6864430927B151CE9E427B ft=1 fh=71571a2b3ab1c107 vn="probably a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Windows\Installer\MSI5632.tmp"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09302013_140027\C_Users\User\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe"
 


  • 0

Advertisements


#17
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 SUPERAntiSpyware     
 Secunia PSI (3.0.0.9015)   
 Java 7 Update 67  
 Java version out of Date!
 Adobe Flash Player     14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 


  • 0

#18
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi Janji :)


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    C:\Program Files\FreeApps
    C:\Users\User\Documents\Downloads\Brothersoft.exe
    C:\Windows\Installer\MSI5632.tmp
    C:\ProgramData\iWin Games
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply. Include it before running DelFix.


updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.
Your logs clearly indicate that some of your software needs updating.

javacup.png Updating Java manually

  • Click the Start button
  • Click Control Panel
  • Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed.
  • If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
  • From Control panel also please remove any older versions of Java - do not leave them installed!.

Remember to keep it always updated.


51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.


  • 0

#19
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Hi Naat :)

Here is the Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by User at 2014-08-13 12:21:13 Run:2
Running from C:\Users\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Program Files\FreeApps
C:\Users\User\Documents\Downloads\Brothersoft.exe
C:\Windows\Installer\MSI5632.tmp
C:\ProgramData\iWin Games
end
*****************

C:\Program Files\FreeApps => Moved successfully.
C:\Users\User\Documents\Downloads\Brothersoft.exe => Moved successfully.
C:\Windows\Installer\MSI5632.tmp => Moved successfully.
C:\ProgramData\iWin Games => Moved successfully.

==== End of Fixlog ====


  • 0

#20
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I've already installed the latest Java update, I did what you said tho, just in case but the programme confirmed it.

 

I've completed the DelFix but it didn't display a notepad report, instead it showed one of these notices saying that the computer can't display .txt files and asked me to look up .txt online for some reason.
I tried to locate the log by searching for log and also typing in the search box the name of the programme "DelFix" but there is only the MalwareBytes log.
since you asked me to reboot 'after' posting the logfile I'm waiting with the reboot after your answer.

Cheers, Janji :)


  • 0

#21
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Just for clarity, I got sent to this site http://www.filetypea...ng=en&mode=soft


  • 0

#22
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Thanks for the info.
I need to consult one thing with some wise people here. Please hold on for a moment.

If I won't reply to your thread more, just don't be concerned cause I will be unavailable until monday. I will ask a colleague of mine to take care about your case, however it is not exactly malware related. Please stay tuned :thumbsup:

Cheers,
Naat :)
  • 0

#23
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Thanks very much, will do :)  :wave:


  • 0

#24
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Naathim asked myself to post the below for you to complete if you will please:-

Windows-System-Restore-Point.png Create a System Restore Point

Creating and maintaining System Restore Points is a backup plan if something would go wrong. Better to be safe than sorry.
  • Press the StartOrb.jpg, right-click on Computer and select Properties.
  • Select System Protection.
  • Confirm if prompted and/or enter the Administrator password if necessary.
  • At the bottom click Create.
  • Enter the name, like Fresh Restore Point and click Create.
  • You will be prompted when finished.
You may now close the System Properties window.

Next:

It appears malware is no longer the root cause of your machines issues and since we only primarily provide Anti-Malware support; my best advise would be to create a new topic in this part of the forum:-

Windows Vista and Windows 7

By all means include a link to this topic if you so wish:-
http://www.geekstogo.com/forum/topic/341864-corrupt-registry/
And mention I advised you seek further assistance etc.

Now some advice for on-line safety:

The below is worth reading/bookmarking for future reference:

Computer Security - a short guide to staying safer online

Next:

Any questions ? Feel free to ask, if not stay safe and I sincerely hope you resolve your machines other problems.
  • 0

#25
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Thanks Dakeyras, I've followed your advice and also posted a new topic in the forum you linked me too :)
Naat, thanks very,very much, you were awesome and helped me a lot  :heart: :thumbsup:

 

Cheers Janji :)


Edited by janji, 15 August 2014 - 10:23 AM.

  • 0

Advertisements


#26
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged and on behalf of us both you are most welcome! :)
  • 0

#27
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP