My programs wont open

[Closed]
Report
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013
-
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
-
Hello,



When ever i click to open a program it justs ignores it as if nothing happened.
I have tried to download MalwareBytes in safe mode and have done multiple scans and deleted everything found, I have been to http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html and downloaded the .EXE file in safe mode and Merged it, but still no successful outcome and as seen on many other similar problems right clicking and entering open will open the program for them, but it doesn't for me nothing works, please help.

12 replies

Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Hello,

When I read that you went sevenforums I could not help but to say: "Oh boy! What a way to get in trouble!"

Your issue just may be caused by a virus.

To help you and precribe a remedy, I must make a diagnostic and to do so, I require a system log.

1. Boot in safemode with networking.

2. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Also clicking on the "hardhat" icon allows to change the language.)

3. Save the file on your Desktop.

4. Double click on ZHPDiag.exe and follow the installation instructions.

the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).

5. Double click on the short cut ZHPDiag on your Destktop.

6. Click on the eyedropper icon and ensure all of the items are checked.

7. Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

8. Close ZHPDiag.

9. To transmit the report, click on this link :

https://authentification.site

10. Usually on your desktop or C:\Program Files\ZHPDiag).

11. Select the file ZHPDiag.txt.

12. Click on "upload »

13. Copy the url and post it here

Best regards

Ambucias
Moderator, Security Contributor
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month

Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Hey thanks for the reply,
http://speedy.sh/TRxrR/ZHPDiag.txt
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Hi Daniel,

Please stand-by for results.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Hi again Daniel,

Yes, your machine is infected by all kinds of viruses.

Here are the first two steps:

1. Download the following Adwcleaner from Xplode

https://toolslib.net

Launch it (for Windows 7 and 8, click right to run as administrator)

Click on delete

Post the log C:\Adwcleaner[Sx].txt on this thread.

2. Go to your control panel, add/remove programmes. Delete all the toolbar application that you see.

Catch you later
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

do you mean, Control panel - uninstall program, also im a bit confused to what programs im uninstalling
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Run adwcleaner and post the log here. I will give you details later.

P.S. I forgot to tell you that there is a hyjacker in your machine.
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

ok no problem,
http://speedy.sh/QZmSZ/AdwCleaner-S2.txt
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Okay Daniel,

Most if not all of the 116 malware that you got came from Pando Media Booster.

I strongly suggest that you totally uninstall it and never use it again.

When you installed ZHP Diag, it created an icon called ZHP Fix. It looks like a seringe.

1. Launch the application

2. Copy the items below

3. Click on the clipboad icon in ZHP Fix (Top left) The items which you copied should get pasted.

4. Click on "Go", bottom button.

5. Paste the report here.

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: Modified => INTERNET EXPLORER : Supprime message de connexion sécurisée
M3 - MFPP: Plugins - [Daniel] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\bbgdqpkv.default\searchplugins\Searchab.xml => Infection Hijack (Hijacker.Searchab)
M0 - MFSP: prefs.js [Daniel - bbgdqpkv.default] https://www.hugedomains.com/domain_profile.cfm?d=searchab&e=com => Infection Hijack (Hijacker.Searchab)
M2 - MFEP: prefs.js [Daniel - bbgdqpkv.default\5110b3035a065@5110b3035a09e.com] [] MagniPic v1.5 (.MagniPic.) => Infection PUP (Adware.MagniPic)*
M2 - MFEP: prefs.js [Daniel - bbgdqpkv.default\plugin@yontoo.com] [] Yontoo v1.20.00 (.Yontoo LLC.) => Infection PUP (Adware.Yontoo)*
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=searchab&e=com => Infection Hijack (Hijacker.Searchab)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} . (.Search Results LLC. - Search Results.) -- C:\Users\Daniel\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll => Infection PUP (Adware.IMBooster)*
O2 - BHO: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} . (...) -- C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll (.not file.) => Infection PUP (PUP.BearShare)*
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files\Yontoo\YontooIEClient.dll => Infection PUP (Adware.Yontoo)*
O3 - Toolbar: Wincore Mediabar - [HKLM]{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} . (...) -- C:\Program Files\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll => Infection PUP (PUP.BearShare)*
O20 - AppInit_DLLs: . (...) - C:\Program Files\MagniPic\sprotector.dll => Infection PUP (Adware.MagniPic)*
O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\Daniel\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe => Infection PUP (Adware.IMBooster)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MagniPicUpdaterTask{66E7334E-7227-4F6F-B357-B3D0E3EA5BF7}.job [376] => Infection PUP (Adware.MagniPic)*
O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM] -- DefaultTab => Infection PUP (Adware.IMBooster)*
O42 - Logiciel: MagniPic - (.Unknown owner.) [HKLM] -- {94865A53-9825-425F-A0B4-D0074F6578A5} => Infection PUP (Adware.MagniPic)*
O42 - Logiciel: Yontoo 1.10.03 - (.Yontoo LLC.) [HKLM] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} => Infection PUP (Adware.Yontoo)*
[HKCU\Software\AppDataLow\SProtector] => Infection PUP (PUP.Mocaflix)
[HKCU\Software\AppDataLow\Software\Crossrider] => Infection PUP (PUP.CrossRider)*
[HKCU\Software\AppDataLow\Software\DefaultTab] => Infection PUP (Adware.IMBooster)
[HKCU\Software\AppDataLow\Software\PriceGong] => Infection PUP (Adware.PriceGong)*
[HKCU\Software\AppDataLow\Software\Smartbar] => Infection PUP (Hijacker.SmartBar)*
[HKCU\Software\AppDataLow\Software\mediabarbs] => Infection PUP (PUP.BearShare)
[HKCU\Software\BearShare] => Infection PUP (PUP.BearShare)*
[HKCU\Software\Cr_Installer] => Infection PUP (Adware.VidSaver)
[HKCU\Software\Datamngr] => Infection PUP (PUP.BearShare)*
[HKCU\Software\Default Tab] => Infection PUP (Adware.IMBooster)
[HKCU\Software\DefaultTab] => Infection PUP (Adware.IMBooster)
[HKCU\Software\InstallCore] => Infection PUP (Adware.InstallCore)
[HKCU\Software\StartSearch] => Infection PUP (PUP.StartSearch)
[HKLM\Software\Default Tab] => Infection PUP (Adware.IMBooster)
[HKLM\Software\SP Global] => Infection PUP (PUP.AdvancedSystemProtector)
[HKLM\Software\SProtector] => Infection PUP (PUP.Mocaflix)
O43 - CFD: 17/09/2012 - 7:56:28 PM - [0] ----D C:\Program Files\alotappbar => Infection BT (AdWare.Comet)
O43 - CFD: 17/12/2012 - 3:11:43 PM - [0] ----D C:\Program Files\BearShare Applications => Infection PUP (PUP.BearShare)*
O43 - CFD: 14/02/2013 - 3:21:12 AM - [1.491] ----D C:\Program Files\MagniPic => Infection PUP (Adware.MagniPic)*
O43 - CFD: 19/12/2012 - 12:56:58 AM - [0.319] ----D C:\Program Files\Yontoo => Infection PUP (Adware.Yontoo)*
O43 - CFD: 13/02/2013 - 7:47:52 PM - [2.285] ----D C:\Users\Daniel\AppData\Roaming\DefaultTab => Infection PUP (Adware.IMBooster)
O43 - CFD: 12/03/2013 - 8:51:54 PM - [0.001] ----D C:\Users\Daniel\AppData\Local\SwvUpdater => Infection PUP (PUP.Software.Updater)
O45 - LFCP:[MD5.7D26A952AEA4DB50A77FED8B7EA6AA48] - 12/03/2013 - 7:36:26 PM ---A- - C:\Windows\Prefetch\MAGNIPIC.EXE-170A4970.pf => Infection PUP (Adware.MagniPic)*
O61 - LFC: 12/03/2013 - 7:30:21 PM ---A- C:\Users\Daniel\AppData\Local\SwvUpdater\Updater.xml [1092] => Infection PUP (PUP.Software.Updater)
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("extensions.BabylonToolbar.prtkDS", 0); => Infection PUP (Toolbar.Babylon)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0); => Infection PUP (Toolbar.Babylon)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("extensions.crossrider.bic", "13a0759dd4a13a05887b3e747eb28d48"); => Infection PUP (PUP.CrossRider)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.keyword.URL", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.searchguard.enable", ""); => Infection PUP (PUP.SweetIM)*
O69 - SBI: SearchScopes [HKCU] {BC80D062-D7C9-4276-B187-C53C02BB56D3} - (Search Here) - http://www.mysearchresults.com => Infection BT (Adware.MyWebSearch)*
[MD5.C2151C5814D13001D351EEB9980BA382] [SPRF][6/04/2012] (.Musiclab, LLC - BearShare.) -- C:\Users\Daniel\AppData\Local\Temp\BearShare_setup.exe [2367592] => Infection PUP (PUP.BearShare)*
[MD5.AE7E0C99C5BC7D28325C0CD7885C851F] [SPRF][24/10/2012] (.Yontoo LLC - Installer.) -- C:\Users\Daniel\AppData\Local\Temp\YontooSetup-S.exe [1062504] => Infection PUP (Adware.Yontoo)*
O87 - FAEL: "{11259090-0CA8-42D6-B160-F4EB92685463}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{7E3D9E02-5AE2-4C6B-A7D1-25600113C435}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{B2BC450E-8FB7-4763-B115-7CAF31E02E52}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{5877B1CB-D9AD-458A-84E0-26EEEAFE0A37}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{6DB7C0E1-7F7D-4F17-AFE3-1689724066DB}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{4A758C44-8292-4D52-9518-56F369A0A9CD}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) => Infection PUP (PUP.BearShare)*
[HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] => Infection BT (Adware.PriceGong)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}] => Infection BT (Adware.Agent)
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] => Infection BT (Adware.MyWebSearch)
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)*
[HKCU\Software\default tab] => Infection PUP (Adware.IMBooster)
[HKLM\Software\default tab] => Infection PUP (Adware.IMBooster)
[HKCU\Software\defaulttab] => Infection PUP (Adware.IMBooster)
[HKCU\Software\AppDataLow\Software\defaulttab] => Infection PUP (Adware.IMBooster)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab] => Infection PUP (Adware.IMBooster)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] => Infection PUP (PUP.BearShare)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] => Infection PUP (PUP.BearShare)
[HKLM\Software\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] => Infection PUP (PUP.BearShare)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] => Infection PUP (PUP.BearShare)
[HKLM\Software\Classes\YontooIEClient.Api] => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\YontooIEClient.Api.1] => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\YontooIEClient.Layers] => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\YontooIEClient.Layers.1] => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\AppID\YontooIEClient.DLL] => Infection PUP (Adware.Yontoo)*
C:\Program Files\yontoo => Infection PUP (Adware.Yontoo)*
C:\Program Files\alotappbar => Infection BT (AdWare.Comet)
C:\Program Files\BearShare Applications => Infection PUP (PUP.BearShare)*
C:\Users\Daniel\AppData\Roaming\defaulttab => Infection PUP (Adware.IMBooster)
C:\Users\Daniel\AppData\Local\SwvUpdater => Infection PUP (PUP.Software.Updater)
C:\Users\Daniel\AppData\LocalLow\PriceGong => Infection PUP (Adware.PriceGong)*
C:\Users\Daniel\AppData\LocalLow\wincorebsband => Infection PUP (PUP.iMesh)
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc => Infection PUP (Adware.Yontoo)
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\bbgdqpkv.default\Extensions\plugin@yontoo.com => Infection PUP (Adware.Yontoo)*
C:\Users\Daniel\AppData\Local\Temp\YontooSetup-S.exe => Infection PUP (Adware.Yontoo)*
C:\Users\Daniel\AppData\Local\Temp\GoogleToolbarInstaller1.log => Infection PUP (Toolbar.Babylon)
C:\Users\Daniel\AppData\Local\Temp\GoogleToolbarInstaller2.log => Infection PUP (Toolbar.Babylon)
SS - | Auto 107520 | (DefaultTabUpdate) . (...) - C:\Users\Daniel\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe => Infection PUP (Adware.IMBooster)

6. Delete the ZHP Diag log
7. Boot in normal mode and see if you can open your programmes
8. Produce a new one and upload it.

I am getting typer's cramps so I may reply to you only in 10 hours.

Good luck
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Thanks,
I really appreciate all the help,
the report - http://speedy.sh/YbZUb/ZHPFixReport.txt
Step 8 where you say produce a new one and upload it, produce a new what?
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Greetings Daniel

Because you appreciate the help, it's a pleasure helping you.

ZHP Fix did a wonderful job !

Sorry, I meant produce a new ZHP Diag log.

I would like to see another ZHP Diag log.

I would also like to know if you have further difficulties opening your programmes (I spell programmes and not programs because of my origins)

Once I have look at the latest ZHP Diag log, I shall give you directions for a post desinfection clean-up which is necessary.

If you can open your programmes, we should be able to get the rest done in a jeffy, in any event, I require the log.

Realizing the time it is where you live, don't let the bed bugs bite.:-)
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Haha I did realise the origin situation :P
also the new diaglog- http://speedy.sh/7tCWt/ZHPDiag.txt
Thanks :D
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
You should now be able to open your programmes correct ? You machine is now virus free.

There is some junk and some essential clean-up to do to ensure your system's stability.

1. Go to your control panel, click on start, click on control panel and open the add/remove programme utility.

2. Wait for the list to populate.

3. Malwarebyte may create conflicts with McAfee, select it and delete it.

4. Delete ZHP Diag

5. Close the control panel, click right on start and left to open Explorer.

6. Delete Adwcleaner

7. In the left pane, navigate, find and delete the following files:

- C:/program files/Malwarebyte
- C:/program files/ZHP Diag

C:\Users\Daniel\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe [417384]
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe
C:\Users\Daniel\AppData\Local\Temp\conduitinstaller.exe

8. Download and install CCleaner:

https://ccm.net/download/download-33-ccleaner

9. Run Cleaner for both scrap files and also for the registry.

10. Remember that your peer-to-peer application is a vector for infection.

We are done, cherio and Bob's your uncle.
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Still no luck :(
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

i can open a program when i log in then i close steam and utorrent (they automatically pop up) and then it just stops working
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Now you tell me. I ask you the question yesterday.

I warned you about peer-to-peer applications. Pango Media Booster and U-Torrent.

Please delete them all and all files related to them and give me some feedback. Use CCleaner tool to delete.

See you in 10 hours.

Regards
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

sorry about that,
so i cleaned utorrent with ccleaner with no positive outcome :(
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Please, when I issue instructions it is important for us to have quality communications or we may have to repeat ourselves and waste valuable time.

Have you removed Pando ?

Have you done the clean-up as instructed ?

Open explorer, see if you find these files and delete them :

c:\programs\utorrent\utorrent.exe and delete it.
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe
C:\Users\Daniel\AppData\Local\Temp\conduitinstaller.exe

Run CCleaner make sure that prefetch is checked.

Finally, boot in normal mode and produce a new ZHP Diag log to upload on speedyshare.

Regards
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Sorry about that,
i'm pretty sure i deleted everything asked to be deleted but still no positive outcome, The lastes ZHP Diag- http://speedy.sh/RUv6U/ZHPDiag.txt
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
You got infected again !

I did ask for a normal boot log but you are still booting in safe mode. Is there a reason.

I see that you have Bit Torrent !

1. Launch ZHP Fix, copy the lines below, click on clipboard and click on "go"

[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}]
[HKLM\Software\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.) => Pando Networks Media Booster
O4 - HKCU\..\Run: [PC_GIZMOS] C:\Users\Daniel\AppData\Roaming\PC-Gizmos\PC_136519.en_74.exe (.not file.) => Fichier absent
O4 - HKUS\S-1-5-21-235623114-1153122893-1807144250-1000\..\Run: [PC_GIZMOS] C:\Users\Daniel\AppData\Roaming\PC-Gizmos\PC_136519.en_74.exe (.not file.) => Fichier absent
O4 - GS\QuickLaunch: Launch BoutCheetah.lnk . (...) -- C:\Users\Daniel\Desktop\bout.exe (.not file.) => Fichier absent
O4 - GS\QuickLaunch: µTorrent.lnk . (...) -- C:\Users\Daniel\Desktop\uTorrent.exe (.not file.) => P2P.µTorrent*
O4 - GS\Desktop: Computer - Shortcut.lnk - Orphean Key => Orphean Key not necessary
[HKCU\Software\BitTorrent] => P2P.BitTorrent*
O43 - CFD: 22/07/2012 - 8:15:09 PM - [4.470] ----D C:\Program Files\GUM271A.tmp => Google Inc - Google Update Manager
O43 - CFD: 22/07/2012 - 8:17:36 PM - [4.470] ----D C:\Program Files\GUM6689.tmp => Google Inc - Google Update Manager
O43 - CFD: 22/07/2012 - 8:29:49 PM - [4.470] ----D C:\Program Files\GUM9778.tmp => Google Inc - Google Update Manager
O43 - CFD: 22/07/2012 - 8:14:44 PM - [0] ----D C:\Program Files\GUMC9FD.tmp => Google Inc - Google Update Manager
O43 - CFD: 12/02/2013 - 8:04:58 AM - [11.341] ----D C:\Program Files\McAfee Security Scan => McAfee, Inc.
O43 - CFD: 9/03/2013 - 12:05:19 AM - [0.001] ----D C:\ProgramData\McAfee Security Scan => McAfee, Inc.
O43 - CFD: 14/03/2013 - 10:00:33 PM - [0.623] ----D C:\Users\Daniel\AppData\Roaming\uTorrent => P2P.µTorrent*
O43 - CFD: 14/02/2013 - 3:58:58 AM - [0] ----D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics => Microsoft Windows Elevated Diagnostics*
O44 - LFC:[MD5.C03C45B6675EA03A76AA26CAF843F0C5] - 8/03/2013 - 8:49:44 PM ----- . (...) -- C:\bootsqm.dat [3432] => Microsoft Corporation - CHKDSK Log
O45 - LFCP:[MD5.5A8DD2AED16CDA8E3EF68A80CFCB18C6] - 1/03/2013 - 8:58:17 PM ---A- - C:\Windows\Prefetch\LOLCLIENT.EXE-E9E7B3FC.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0434629DE6878A50C3D4A302CCEB044A] - 12/03/2013 - 6:39:05 PM ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.986234637A9F6C7FBB70AD4B8342F780] - 12/03/2013 - 6:39:10 PM ---A- - C:\Windows\Prefetch\NVTRAY.EXE-DB83881B.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.C939609F90CBE186492345410EC65DA6] - 12/03/2013 - 6:47:36 PM ---A- - C:\Windows\Prefetch\ONENOTEM.EXE-0E0A1110.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EAB4C8F6169229996251DAC031C8B483] - 12/03/2013 - 6:47:36 PM ---A- - C:\Windows\Prefetch\SSSCHEDULER.EXE-E9FA8200.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.74EE0909839E88F8B6757AEFD130A401] - 12/03/2013 - 7:05:34 PM ---A- - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.5BD1AF672B6C9B4AEAC104844D547C93] - 12/03/2013 - 7:30:11 PM ---A- - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E3357571A08E8554783E9CA457CE24DA] - 12/03/2013 - 7:58:39 PM ---A- - C:\Windows\Prefetch\JUCHECK.EXE-C527D46E.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.83FB16D93074CE2FDCCCB760B3971352] - 12/03/2013 - 8:00:45 PM ---A- - C:\Windows\Prefetch\SAUPD.EXE-3FB74199.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.DCA2EF4A677E392A09C599332CB5EF98] - 13/03/2013 - 8:54:43 PM ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7EC6BA0D8B91777FE9FC3E8581B976D8] - 13/03/2013 - 8:55:12 PM ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EDAF05DDDBFE3E36D2A408CC45A42BA4] - 13/03/2013 - 8:55:26 PM ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-C625291D.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.11A14470D8923E6E6AD464D8EB9FBE38] - 13/03/2013 - 8:55:44 PM ---A- - C:\Windows\Prefetch\MBAMSERVICE.EXE-447DC311.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A5D5452F1DF1196A4F283286011685DD] - 14/03/2013 - 10:02:30 PM ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4F82FD362473A57AFB8F10BB5C0B41D3] - 14/03/2013 - 10:25:00 PM ---A- - C:\Windows\Prefetch\STEAMERRORREPORTER.EXE-A6331F2B.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.130A7B21A7477AD24E1279EDE925D0E9] - 14/03/2013 - 10:25:30 PM ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.BE728BDCF3B3F21046CF724763CCE118] - 14/03/2013 - 10:31:15 PM ---A- - C:\Windows\Prefetch\SAUPD.EXE-529AB0F8.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.71E1F1F3EE7E6BC5CA05D20B2FA59AE8] - 14/03/2013 - 10:36:32 PM ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.9B22519865C15159772626E3EDC5DBE9] - 14/03/2013 - 9:05:23 PM ---A- - C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D80A9E2A4BDF3482425EDE2C24704D72] - 14/03/2013 - 9:05:24 PM ---A- - C:\Windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B6AA58EC847310E0A80E757BBD82C286] - 14/03/2013 - 9:05:24 PM ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7F128A5B2F6ACF7650CC410510CFD337] - 14/03/2013 - 9:05:24 PM ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.8241D03F2DDDA9299ABFA6E72328F07E] - 14/03/2013 - 9:10:20 PM ---A- - C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.19AE85A519D5425EE6D735AF0321BF56] - 14/03/2013 - 9:10:58 PM ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1B74032D3CD083F242C80B5D4C4224AC] - 14/03/2013 - 9:12:24 PM ---A- - C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B10CBEB1CB5F30F8050CDFF58D4F7740] - 14/03/2013 - 9:44:47 PM ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.933D49AC63AAC01BE6294B25AE86A6CA] - 15/03/2013 - 2:54:21 PM ---A- - C:\Windows\Prefetch\CHROME.EXE-DE64FDCD.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.64E26F984A26D954539671F012E0A980] - 15/03/2013 - 2:55:10 PM ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4BCCAC94D78D8B3EF0B1B796661F344F] - 15/03/2013 - 2:55:27 PM ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-FE771DDA.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.78570936E5DC7ED1A6DB90A141628AB9] - 15/03/2013 - 2:55:55 PM ---A- - C:\Windows\Prefetch\MINECRAFT.EXE-EA549C85.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.9DFB22FFA5425020E30A9665C15E1456] - 2/03/2013 - 12:21:27 PM ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.77D786EAFF8A52C74816B1E8D9DBA314] - 2/03/2013 - 5:13:24 PM ---A- - C:\Windows\Prefetch\HAMACHI-2-UI.EXE-18AF8A25.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.13FAF869DB0370E098400C7575BBD9BB] - 28/02/2013 - 12:30:27 AM ---A- - C:\Windows\Prefetch\FLASHPLAYERINSTALLER.EXE-7A827B6D.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.C1946D257E5F3CECE0EAF1CD75CBDCA7] - 28/02/2013 - 2:18:16 AM ---A- - C:\Windows\Prefetch\POQEXEC.EXE-69592829.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.6E03AA3A1432A9D5031A36B92868BF3C] - 28/02/2013 - 2:25:50 AM ---A- - C:\Windows\Prefetch\STEAM.EXE-8B1DBB8A.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.63E6C229C8806A8817950C950E6CB4C3] - 28/02/2013 - 2:56:56 AM ---A- - C:\Windows\Prefetch\MAKECAB.EXE-0F1704A4.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.DE4647EA7D386A25C902828B0CCA87B2] - 28/02/2013 - 3:41:03 PM ---A- - C:\Windows\Prefetch\LEAGUE OF LEGENDS.EXE-5EDA9C6E.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.512B17E249310DF7EC4D3FEDC2404F9B] - 3/03/2013 - 2:15:56 PM ---A- - C:\Windows\Prefetch\PREVHOST.EXE-4F1C4E0F.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A500F43EF2703697878C16CB3F6A6C42] - 3/03/2013 - 2:16:02 PM ---A- - C:\Windows\Prefetch\WMPRPH.EXE-D438CDC4.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7624D19C9D35DB93747ABBCF86901775] - 3/03/2013 - 4:24:57 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.01D35427BB95037E55CE691262B75CB7] - 4/03/2013 - 10:22:12 PM ---A- - C:\Windows\Prefetch\MCUICNT.EXE-9B22BF7E.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.CB9CFDA54B728C1B49D218FAB1AA7863] - 4/03/2013 - 7:15:06 PM ---A- - C:\Windows\Prefetch\LOLLAUNCHER.EXE-7EBD835B.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E7F4F91A7524584F591934301B41C2B5] - 5/03/2013 - 11:30:03 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EDD4FF9BFE05A476C2287DAEC32EE77C] - 5/03/2013 - 3:32:05 PM ---A- - C:\Windows\Prefetch\SETUP.EXE-55A7CDBD.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.19F4F0A54532E48DE233F3BD866FE606] - 5/03/2013 - 3:32:06 PM ---A- - C:\Windows\Prefetch\SETUP.EXE-4D8381EE.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4CCFF8E420C0AE46E4E64F367B8EC1FE] - 5/03/2013 - 3:32:26 PM ---A- - C:\Windows\Prefetch\25.0.1364.152_25.0.1364.97_CH-F91BB978.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4E2A870F7578BCB23CC8D849218F64E9] - 5/03/2013 - 6:30:48 PM ---A- - C:\Windows\Prefetch\CSC.EXE-A3B8D95D.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.FFAD85BBD90B5745E1D316E0CF3443FE] - 5/03/2013 - 6:30:48 PM ---A- - C:\Windows\Prefetch\CVTRES.EXE-069169FB.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.17510B5D613D1C975F6399C329B91B34] - 5/03/2013 - 6:30:54 PM ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.DF24E9E6B467B605BF71243B2818F92C] - 5/03/2013 - 6:30:55 PM ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.293A1BE39E6D3347809FFB9C6E5CD7CB] - 5/03/2013 - 6:31:04 PM ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.BB356F826196CFA4CD9CF515FFA831E7] - 5/03/2013 - 7:19:24 AM ---A- - C:\Windows\Prefetch\MCCHSVC.EXE-91F1E75A.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.526166F6E1C1AEBB6E81326EAE66DBD8] - 5/03/2013 - 7:39:16 PM ---A- - C:\Windows\Prefetch\LOL.LAUNCHER.EXE-4C860503.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.29A69415C18CCFF7D603EE6256126EC5] - 5/03/2013 - 7:39:24 PM ---A- - C:\Windows\Prefetch\LOLCLIENT.EXE-FD0A9C6A.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7222D6D1698123FB1C8B5948C533D6FC] - 5/03/2013 - 7:39:26 PM ---A- - C:\Windows\Prefetch\RADS_USER_KERNEL.EXE-9DAAF573.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.9ADA8DF48EE8BB00BF11F3D51BE46BEF] - 5/03/2013 - 7:39:27 PM ---A- - C:\Windows\Prefetch\LOLLAUNCHER.EXE-8CB4E335.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E2240517DC4E20E9862408CB3C29C6BC] - 5/03/2013 - 7:50:03 PM ---A- - C:\Windows\Prefetch\LEAGUE OF LEGENDS.EXE-00973BDF.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7C9F73B1FC1CA9740E764AEEDC8CB345] - 5/03/2013 - 8:04:03 PM ---A- - C:\Windows\Prefetch\PMB.EXE-BFCEBC66.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1FF7AAC5D2188AEFE093D319FD827F7C] - 6/03/2013 - 2:02:58 PM ---A- - C:\Windows\Prefetch\AGCP.EXE-5E44A663.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0DD27E4C80783F6D8E2F92B0C0B0CD70] - 6/03/2013 - 2:02:59 PM ---A- - C:\Windows\Prefetch\SILVERLIGHT.CONFIGURATION.EXE-AC2C4AE3.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0E5099B0ED4C313419E88517F2CEE94A] - 6/03/2013 - 3:01:01 PM ---A- - C:\Windows\Prefetch\PORTAL.EXE-37C2B5D8.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.F42F4263C1FA79FAE3331552B42731DF] - 6/03/2013 - 3:01:02 PM ---A- - C:\Windows\Prefetch\HL2.EXE-CC065CA4.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.5DEAB147288C4EDB3B57ED30CB230031] - 6/03/2013 - 4:02:05 PM ---A- - C:\Windows\Prefetch\DAEMONU.EXE-BB669599.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D284343929651EB1D6009E417ABEEB4E] - 6/03/2013 - 4:02:20 PM ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.93DC15A3826B56663DE9BD5A3DD0DF46] - 6/03/2013 - 4:03:40 PM ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.53CDC06B91291408E1A81F8E69058273] - 6/03/2013 - 4:03:44 PM ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A0D5541C5DFF424C6421485A1D882794] - 6/03/2013 - 4:13:46 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A3E35360.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.BB850D57CB53B11A41E1DB1DCD5CFE70] - 7/03/2013 - 10:19:06 PM ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.232C20C9F7DB91C5E2B420E1071CFEC4] - 7/03/2013 - 2:01:10 PM ---A- - C:\Windows\Prefetch\WINZIPRO.EXE-B6787379.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.2C873EF69F28D751807F3E38DDD7BDA9] - 7/03/2013 - 4:11:45 PM ---A- - C:\Windows\Prefetch\SAUI.EXE-9B504921.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.925FB7672E8A4ED02809047B67FD63A9] - 7/03/2013 - 7:52:13 PM ---A- - C:\Windows\Prefetch\DEFAULTTABSTART.EXE-7BA89D94.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7F6E784A84900CD91D258383EA5D9B0E] - 7/03/2013 - 7:52:33 PM ---A- - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D4C6C008010EDACCF1B18E60E4A0D29B] - 7/03/2013 - 7:52:59 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-54A2EBEF.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.2C122784B58CE944E16C74661CFD6E5B] - 7/03/2013 - 7:53:02 PM ---A- - C:\Windows\Prefetch\UTORRENTCONTROL_V2TOOLBARHELP-E532C173.pf => P2P.µTorrent*
O45 - LFCP:[MD5.20B4592EB3EA30F9060D29D805E43137] - 7/03/2013 - 8:01:16 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.21EFB5E6F4EE72546894E49F2FA69A8E] - 7/03/2013 - 8:09:57 AM ---A- - C:\Windows\Prefetch\SAUI.EXE-F7DD1DAA.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.934813D2C8505090689E523A2DB3AF88] - 7/03/2013 - 8:13:25 PM ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-FEED2F65.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B11014EA9B52E0092676D46278D16E90] - 7/03/2013 - 9:28:00 PM ---A- - C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-ECAD9571.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A9BFA98A8F5516DA03047C49720B8C92] - 7/03/2013 - 9:58:10 PM ---A- - C:\Windows\Prefetch\UPDATER.EXE-D6EA286E.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.FB23459C46111CEB25D79A870C7AF25D] - 8/03/2013 - 11:16:16 PM ---A- - C:\Windows\Prefetch\UPDATETASK.EXE-7C757890.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.AD5BB2992E1F83773F7FEF355DF64424] - 8/03/2013 - 11:18:26 PM ---A- - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0EDF2E24C27614B70C08E2385E3056F2] - 8/03/2013 - 5:05:53 PM ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-235623114-1153122893-1807144250-1000.db => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.8C36CA66E13D8B8DF53C1BF98D175F31] - 8/03/2013 - 5:05:53 PM ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-235623114-1153122893-1807144250-1000.db => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1505329FAA1BD06A37E98EE21B91E5DB] - 8/03/2013 - 5:08:11 PM ---A- - C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EBD4AC341E1834E045C7E0917DC3BDCD] - 8/03/2013 - 6:59:22 PM ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B83FC06F400A8BE914CAFAD0FC81FE7D] - 8/03/2013 - 6:59:22 PM ---A- - C:\Windows\Prefetch\AgRobust.db => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.871C20E6F525049A30CEE1E798E4AD57] - 8/03/2013 - 6:59:23 PM ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B41B773369E6D9139EA94819234A6DDB] - 8/03/2013 - 6:59:23 PM ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D5FCBAEB7C2F01D1FC96156A02DB5A90] - 8/03/2013 - 7:32:31 PM ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-4683A698.pf => Fichier du dossier Prefetcher
O51 - MPSK:{60d59bbd-073a-11e0-a729-806e6f6e6963}\AutoRun\command - Orphean Key => Orphean Key not necessary
O61 - LFC: 14/03/2013 - 1:27:50 PM ---A- C:\Users\Daniel\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set [968] => Temporary file not necessary
O61 - LFC: 14/03/2013 - 1:27:50 PM ---A- C:\Users\Daniel\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json [34] => Temporary file not necessary
O61 - LFC: 15/03/2013 - 2:53:46 PM ---A- C:\Users\Daniel\AppData\Local\Temp\hsperfdata_Daniel\3940 [65536] => Temporary file not necessary
O61 - LFC: 15/03/2013 - 2:55:55 PM ---A- C:\Users\Daniel\AppData\Local\Temp\hsperfdata_Daniel\7140 [65536] => Temporary file not necessary
M2 - MFEP: prefs.js [Daniel - bbgdqpkv.default\appbar@alot.com] [] ALOT Appbar v1.0.19000 (.alot.com.) => Toolbar.Alot
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F} => Toolbar.Google
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] => Toolbar.Ask
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] => Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Toolbar.Bing
[HKLM\Software\Classes\Toolbar.CT2438727] => Toolbar.Conduit*
[HKLM\Software\Classes\Toolbar.CT3220468] => Toolbar.Conduit

2. Delete the following software, it will create conflicts with McAfee.

Arovax AntiSpyware

3. Download and run the following free but efficient registry clean-up utility, delete (repair) all items that are found:

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

Let me know

Regards
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

ill send off the latest ZHP Diag Log
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Here it is
http://speedy.sh/mNpcN/ZHPDiag.txt
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Heres the ZHP Fix Report
http://speedy.sh/Vw3Bw/ZHPFixReport.txt
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Why do you keep booting in safe mode ?
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

It doesnt open in normal mode
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Sticky wicket !

What do you get when you try in normal mode ?

1. Open explorer, navigate and delete the following item:

C:\Users\Daniel\AppData\Local\Temp\GoogleToolbarInstaller1.log

2. Navigate to: c:/windows/prefetch

Click on prefetch.

Select the files in the right pane except the file called "Layout" and delete them

3. Click on start, run, type cmd a black window will open.

4. Type chkdsk /r press enter

5. Repeat the above but now type sfc/scannow

6. Report with results.
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

When i open in normal it just doesn't load, it stays at 0% and then if i exit it wont open
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Im up to typing chkdsk /r and its saying if i want to do it on next restart for some reason do you want me to click Y then restart my computer and then do sfc/scannow ?
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Yes
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

"Windows Resource Protection did not find any integrity problems
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
So I take it that you have performed both chkdsk and sfc scannow ?

I also presume that you have deleted the prefetch files as indicated ?

You have also deleted the Babylon files.

Correct me if I'm wrong, all of your programmes launch in safe mode but your computer does not boot in normal mode.

Do you get a message or does it just hang there in normal mode ?

I can certify upon my honour and glorious reputation that your machine is virus free.

However, the 116 infected items may have caused some collateral damage., before I investigate further in consultation with a colleague, please confirm the above.

Regards
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Babylon files? what babylon files?

But yes iv'e deleted prefetch files, all except layout

When i launch my computer in safe mode my programs launch fine, but in normal mode I can only open it straight when I log in then i cant open it again
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
This Babylon file:
C:\Users\Daniel\AppData\Local\Temp\GoogleToolbarInstaller1.log => Infection PUP (Toolbar.Babylon)

My aussie is not as good as yours, please explain: "I can only open it straight"
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Ok ive deleted the babylon file
also i meant I can only open it right when i log in then i can open it again haha sorry.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
I'm still confused ! The words "open it" escape me

Correct me if I'm wrong

1. You boot in normal mode.
2. You log in with your password
3. Windows loads
4. You can launch your applications
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

5. after launching applications and exiting them, i am unable to reopen them.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
Hi,

I can tell you anything unless I have a ZHP Diag log in normal mode.

Please boot in normal mode, open ZHP Diag. Click on the arrow button for an update. Generate a new ZHP Diag log and upload it on Speedyshare.
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

I cant it doesnt load
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Ok so im reading through everything you said and trying to re-do it all, at one stage to told me to delete all toolbar applications, how do i do that?
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
The toolbars have been all deleted already with ZHP Fix.

1. Delete ZHP Diag with CCleaner,
2. Download this fresh copy which I have uploaded on Speedyshare especially for you

http://speedy.sh/YGc6b/ZHPDiag2.exe

3. Install it and proceed as usual but in normal mode
Posts
26
Registration date
Tuesday March 12, 2013
Status
Member
Last seen
March 20, 2013

Ok,
Once I log in to normal mode, I can open the programs for the first 30 seconds im in normal mode, but then after them 30 seconds or so, if i try to open a program, it justs ignores everything i click on thats a .exe folder and acts as if I didn't click it.
When I open ZHPDiag in them first 30 seconds I log in, It just stops at 1% and just stays at Working...
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134
1) Try clean boot. This will make sure that only Microsoft services are running

in the normal mode and disable the startup items.

Boot into Safe Mode --> In search bar, type msconfig and press Enter -->

"System Configuration" will be opened --> Click on "Services" tab --> Select the

option "Hide all Microsoft services" (You can find this option at bottom) --> Then

click on "Disable All" button. Click on "Startup" tab and click on "Disable All"

button -->Click on OK. Now try to boot in normal mode.

Now check if you can launch the applications.
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,134