Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer

adware spyware

  • This topic is locked This topic is locked

#31
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
OK,

Weatherbug or Commodo. If I try to manually uninstall it, it opens up the software and asks me to upgrade it.

Got tied up with things around the house. Sorry for some delay here.

Did you try an uninstall GeekBuddy?


See if you can remove Chromium with Revo uninstaller,

Please download and install Revo Uninstaller Free save the file to the desktop.
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

    Let me know..

  • 0

Advertisements


#32
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Thanks.

 

I checked/deleted the bolded item, and it finished deleting it, according to the software. Afterward, I clicked Next, and then Finish. I was not prompted to check any further folders (as indicated on your third to final step).  


  • 0

#33
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
OK,

Did you uninstall geekbuddy ? If not try.

Then
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-18\...\Run: [] => [X]
C:\Program Files\Earth Networks\WeatherBug
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2277838659-3731106266-1447913230-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-05-21] (Comodo Security Solutions, Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-06-01] (Comodo Security Solutions, Inc.)
S1 kybvchuj; \??\C:\Windows\system32\drivers\kybvchuj.sys [X]
2015-07-18 17:41 - 2015-07-18 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-07-18 17:41 - 2015-07-18 17:41 - 00000000 ____D C:\ProgramData\COMODO
2015-07-18 17:41 - 2015-07-18 17:41 - 00000000 ____D C:\Program Files\COMODO
2015-07-18 17:40 - 2015-07-18 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2015-07-18 17:40 - 2015-07-18 17:40 - 02659114 _____ (Media Freeware) C:\Users\Andy\Documents\epubreader_setup [1].exe
2015-07-18 17:40 - 2015-07-18 17:40 - 00000000 ____D C:\Program Files\Earth Networks
Task: {286D729A-7D20-4C57-810A-C00643ED818C} - \AutoKMS No Task File <==== ATTENTION
C:\Users\Andy\AppData\Local\Chromium
Task: {868C91D2-BAA0-48C1-94FC-C2AE65102824} - System32\Tasks\UpdateTask => C:\Users\Andy\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#34
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Thanks, I tried looking for Geekbuddy on the Revo Uninstaller, but I couldn't find it. 

 

I went through the Fixlist.txt steps and restarted. Here is the log it produced. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Andy (2015-08-06 20:25:02) Run:1
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-18\...\Run: [] => [X]
C:\Program Files\Earth Networks\WeatherBug
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2277838659-3731106266-1447913230-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-05-21] (Comodo Security Solutions, Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-06-01] (Comodo Security Solutions, Inc.)
S1 kybvchuj; \??\C:\Windows\system32\drivers\kybvchuj.sys [X]
2015-07-18 17:41 - 2015-07-18 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-07-18 17:41 - 2015-07-18 17:41 - 00000000 ____D C:\ProgramData\COMODO
2015-07-18 17:41 - 2015-07-18 17:41 - 00000000 ____D C:\Program Files\COMODO
2015-07-18 17:40 - 2015-07-18 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2015-07-18 17:40 - 2015-07-18 17:40 - 02659114 _____ (Media Freeware) C:\Users\Andy\Documents\epubreader_setup [1].exe
2015-07-18 17:40 - 2015-07-18 17:40 - 00000000 ____D C:\Program Files\Earth Networks
Task: {286D729A-7D20-4C57-810A-C00643ED818C} - \AutoKMS No Task File <==== ATTENTION
C:\Users\Andy\AppData\Local\Chromium
Task: {868C91D2-BAA0-48C1-94FC-C2AE65102824} - System32\Tasks\UpdateTask => C:\Users\Andy\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Program Files\Earth Networks\WeatherBug => moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
GeekBuddyRSP => Service stopped successfully.
GeekBuddyRSP => service removed successfully
CLPSLauncher => service removed successfully
kybvchuj => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO => moved successfully.
C:\ProgramData\COMODO => moved successfully.
C:\Program Files\COMODO => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug® => moved successfully.
C:\Users\Andy\Documents\epubreader_setup [1].exe => moved successfully.
C:\Program Files\Earth Networks => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{286D729A-7D20-4C57-810A-C00643ED818C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{286D729A-7D20-4C57-810A-C00643ED818C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"C:\Users\Andy\AppData\Local\Chromium" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{868C91D2-BAA0-48C1-94FC-C2AE65102824}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{868C91D2-BAA0-48C1-94FC-C2AE65102824}" => key removed successfully
C:\Windows\System32\Tasks\UpdateTask => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask" => key removed successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{E710E447-C952-4802-8A70-5F2A28A31861} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 529.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:25:33 ====

  • 0

#35
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
ok,

What about Chromium can we remove that using revo ?

How is the computer right now ?
  • 0

#36
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

The Chromium was removed. At least, I think it was, according to the Revo.

 

The computer is acting much better. Not having the Comodo Geekbuddy alerts popping up every 15 seconds, is a big improvement. 


  • 0

#37
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
OK,

If there are no further issues we can close the topic.
  • 0

#38
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Great, thanks a lot for all the help!


  • 0

#39
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: adware, spyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP