Remove Gen:Variant.Adware.1 Virus
marieb.44
Posted messages
12
Registration date
Status
Membre
Last intervention
-
ninjadz Posted messages 1 Status Membre -
ninjadz Posted messages 1 Status Membre -
Hello,
Since this afternoon and a bit of surfing on the internet, Bitdefender has notified me that it blocked a virus: Gen:Variant.Adware.1
It also dealt with the infected files but the scan doesn't find anything and the virus alert continues to appear. Now it tells me that it could not disinfect, delete, or quarantine this item and that the object has been prohibited.
I couldn't find any information on the Bitdefender website to remove this virus!
If someone could help me remove this virus, that would be great! Thank you
Configuration: Windows 7 / Firefox 3.6.6
Since this afternoon and a bit of surfing on the internet, Bitdefender has notified me that it blocked a virus: Gen:Variant.Adware.1
It also dealt with the infected files but the scan doesn't find anything and the virus alert continues to appear. Now it tells me that it could not disinfect, delete, or quarantine this item and that the object has been prohibited.
I couldn't find any information on the Bitdefender website to remove this virus!
If someone could help me remove this virus, that would be great! Thank you
Configuration: Windows 7 / Firefox 3.6.6
16 réponses
You are infected with the spyware HotBar/ShopperReports, which is part of the toolbars for Internet Explorer that displays ad popups or transmits the websites you visit to third-party servers.
These programs are offered through ad popups on dangerous banner/popup advertisement sites on the web.
# Open Add/Remove Programs in the Control Panel, uninstall all programs containing the word:
* HbTools
* Hotbar
* SpamBlockerUtility
* ShopperReports
Then:
* Download Malwarebytes Antimalware:
http://data-cdn.mbamupdates.com/v0/program/data/mbam-setup-1.46.exe
* Update the software (it is normally done during installation)
# Choose "Run a full scan" by clicking on it.
Select the drives you want to scan and click on "Start scan"
# Click on Search
# Wait until the scan is finished.....a window will open, then click on OK
# If MalwareBytes didn't detect anything, click on Ok. A report will appear, close it.
# If MalwareBytes detected infections, click on Show results then on Remove selected
# Save the report on your Desktop for easier access.
# Then post this report.
Note: If MalwareBytes needs to restart to finish the removal, accept by clicking on Ok.
--
O.o°*|| $η@δθW || °o.O
These programs are offered through ad popups on dangerous banner/popup advertisement sites on the web.
# Open Add/Remove Programs in the Control Panel, uninstall all programs containing the word:
* HbTools
* Hotbar
* SpamBlockerUtility
* ShopperReports
Then:
* Download Malwarebytes Antimalware:
http://data-cdn.mbamupdates.com/v0/program/data/mbam-setup-1.46.exe
* Update the software (it is normally done during installation)
# Choose "Run a full scan" by clicking on it.
Select the drives you want to scan and click on "Start scan"
# Click on Search
# Wait until the scan is finished.....a window will open, then click on OK
# If MalwareBytes didn't detect anything, click on Ok. A report will appear, close it.
# If MalwareBytes detected infections, click on Show results then on Remove selected
# Save the report on your Desktop for easier access.
# Then post this report.
Note: If MalwareBytes needs to restart to finish the removal, accept by clicking on Ok.
--
O.o°*|| $η@δθW || °o.O
Hello,
>> Download ZHPDiag to your desktop:
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
>> Follow the installation instructions, it will launch automatically at the end.
>> Click on the icon representing a magnifying glass (« Start the diagnosis »)
>> Save the report to your Desktop using the icon representing a floppy disk
>> Upload the report ZHPDiag.txt to Cijoint, then copy/paste the link provided in your next reply on the forum:
http://www.cijoint.fr/
--
O.o°*|| $η@δθW || °o.O
>> Download ZHPDiag to your desktop:
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
>> Follow the installation instructions, it will launch automatically at the end.
>> Click on the icon representing a magnifying glass (« Start the diagnosis »)
>> Save the report to your Desktop using the icon representing a floppy disk
>> Upload the report ZHPDiag.txt to Cijoint, then copy/paste the link provided in your next reply on the forum:
http://www.cijoint.fr/
--
O.o°*|| $η@δθW || °o.O
I'm sorry, but I cannot access external links. Please provide the text you would like me to translate.
Regarding the programs to remove with the words you gave me, I only had one! In fact, I had already removed some programs before posting my question. I did what you told me afterwards, here is the report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4313
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14/07/2010 19:27:52
mbam-log-2010-07-14 (19-27-52).txt
Scan type: Full scan (C:\|D:\|)
Item(s) scanned: 367306
Elapsed time: 53 minute(s), 18 second(s)
Infected memory processes: 1
Infected memory modules: 0
Infected registry keys: 107
Infected registry values: 1
Infected registry data items: 0
Infected folders: 10
Infected files: 18
Infected memory processes:
C:\Users\marie\AppData\Local\Temp\saiE980.exe (Adware.Zwangi) -> Unloaded process successfully.
Infected memory modules:
(No harmful items detected)
Infected registry keys:
HKEY_CLASSES_ROOT\shopperreports.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21ba420e-161c-413a-b21e-4e42ae1f4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4afc07d0-59bb-46b8-b097-1a46e88eef71} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{acc62306-9a63-4864-bd2f-c8825d2d7ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dee758b4-c3fb-4a5b-9939-848b9c77a2fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573f4abb-a1a2-44ed-9ba9-a8dad40aac46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71e02280-5212-45c3-b174-4d5a35da254f} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396cfc12-932d-496b-a0a8-5d7201e105e1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60da826c-b1c6-4358-bdec-4837ced45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74c22317-5b90-471f-9ad2-fec049870a16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c1089f63-7afc-4538-b0eb-bea0f4225a57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02aed140-2b62-4b49-8b3b-179020cc39b9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17bf1e05-c0e8-413c-bd1f-a481eea3b8e9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc7bd6f1-565c-47ce-a5bb-9c935e77b59d} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfc16189-8a92-4a29-a940-60248385f426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5fe0ceae-cb69-40af-a323-40f94257dacb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65a16874-2ed0-460e-a547-5fe2ec3a13a7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721a8e5-bfdb-4562-9912-9e0531ca616c} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f1a1892c-2a6c-4817-98b4-ff81443cba20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e25da6d6-c365-46cf-abaf-dc5893135d7a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167c-483d-a4ba-8b3122abb432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6dd76b7b-6423-4df0-9a07-84a6cad973a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f6cfb6a-9227-4bb8-b941-f2b067e76f51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab0ee208-df60-4fa7-a617-c4269760033e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e12aeab6-7d12-4c07-8e36-5892efb4dafb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2f2c137-a782-4fb5-81af-086156f5eb0a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1d06c9f-51f0-4476-bede-5ddf91be304e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3a32df2-7413-4fb1-b575-1ac920a17b76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.asyncreporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.asyncreporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
Infected registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\shopperreports@shopperreports.com (ShopperReports) -> Quarantined and deleted successfully.
Infected registry data items:
(No harmful items detected)
Infected folders:
C:\Users\marie\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Quarantined and deleted successfully.
Infected files:
C:\Users\marie\AppData\Local\Temp\saiE980.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\ShopperReports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\CntntCntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\marie\Downloads\VLCSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4313
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14/07/2010 19:27:52
mbam-log-2010-07-14 (19-27-52).txt
Scan type: Full scan (C:\|D:\|)
Item(s) scanned: 367306
Elapsed time: 53 minute(s), 18 second(s)
Infected memory processes: 1
Infected memory modules: 0
Infected registry keys: 107
Infected registry values: 1
Infected registry data items: 0
Infected folders: 10
Infected files: 18
Infected memory processes:
C:\Users\marie\AppData\Local\Temp\saiE980.exe (Adware.Zwangi) -> Unloaded process successfully.
Infected memory modules:
(No harmful items detected)
Infected registry keys:
HKEY_CLASSES_ROOT\shopperreports.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21ba420e-161c-413a-b21e-4e42ae1f4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4afc07d0-59bb-46b8-b097-1a46e88eef71} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{acc62306-9a63-4864-bd2f-c8825d2d7ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dee758b4-c3fb-4a5b-9939-848b9c77a2fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573f4abb-a1a2-44ed-9ba9-a8dad40aac46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71e02280-5212-45c3-b174-4d5a35da254f} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396cfc12-932d-496b-a0a8-5d7201e105e1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60da826c-b1c6-4358-bdec-4837ced45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74c22317-5b90-471f-9ad2-fec049870a16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c1089f63-7afc-4538-b0eb-bea0f4225a57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02aed140-2b62-4b49-8b3b-179020cc39b9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17bf1e05-c0e8-413c-bd1f-a481eea3b8e9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc7bd6f1-565c-47ce-a5bb-9c935e77b59d} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfc16189-8a92-4a29-a940-60248385f426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5fe0ceae-cb69-40af-a323-40f94257dacb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65a16874-2ed0-460e-a547-5fe2ec3a13a7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721a8e5-bfdb-4562-9912-9e0531ca616c} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f1a1892c-2a6c-4817-98b4-ff81443cba20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e25da6d6-c365-46cf-abaf-dc5893135d7a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167c-483d-a4ba-8b3122abb432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6dd76b7b-6423-4df0-9a07-84a6cad973a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f6cfb6a-9227-4bb8-b941-f2b067e76f51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab0ee208-df60-4fa7-a617-c4269760033e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e12aeab6-7d12-4c07-8e36-5892efb4dafb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2f2c137-a782-4fb5-81af-086156f5eb0a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1d06c9f-51f0-4476-bede-5ddf91be304e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3a32df2-7413-4fb1-b575-1ac920a17b76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.asyncreporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.asyncreporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
Infected registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\shopperreports@shopperreports.com (ShopperReports) -> Quarantined and deleted successfully.
Infected registry data items:
(No harmful items detected)
Infected folders:
C:\Users\marie\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Quarantined and deleted successfully.
Infected files:
C:\Users\marie\AppData\Local\Temp\saiE980.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\ShopperReports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\CntntCntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\marie\Downloads\VLCSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ShopperReports3\bin\3.0.485.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
I didn't have many programs with the words you gave me, just one! I had already deleted some programs like that before asking my question. I did everything you told me and I'm putting the report on the same site as before.
Do you think the virus has completely disappeared?
http://www.cijoint.fr/cjlink.php?file=cj201007/cijdAfXX5G.txt
Thank you.
Do you think the virus has completely disappeared?
http://www.cijoint.fr/cjlink.php?file=cj201007/cijdAfXX5G.txt
Thank you.
Ok.
>> Download CCleaner:
http://download.piriform.com/ccsetup233.exe
>Install it making sure to uncheck the various options including the Yahoo toolbar and the update.
> Launch CCleaner then click on "Options", "Advanced" and uncheck the box "Only delete files in the Windows Temp folder older than 48 hours".
>For other settings, leave it with its default settings.
> Then in the Cleaner menu
> Click on Analyze (let it run, it may take a while the first time)
> Click on the Run Cleaner button.
> Click once again on the Run Cleaner button
> Do the same for the "Find Errors" menu
=> Do this regularly (1 to 2 times a week for example).
Please run another report with ZHPDiag, so we can see where we stand.
--
O.o°*|| $η@δθW || °o.O
>> Download CCleaner:
http://download.piriform.com/ccsetup233.exe
>Install it making sure to uncheck the various options including the Yahoo toolbar and the update.
> Launch CCleaner then click on "Options", "Advanced" and uncheck the box "Only delete files in the Windows Temp folder older than 48 hours".
>For other settings, leave it with its default settings.
> Then in the Cleaner menu
> Click on Analyze (let it run, it may take a while the first time)
> Click on the Run Cleaner button.
> Click once again on the Run Cleaner button
> Do the same for the "Find Errors" menu
=> Do this regularly (1 to 2 times a week for example).
Please run another report with ZHPDiag, so we can see where we stand.
--
O.o°*|| $η@δθW || °o.O
Thank you, I did what you told me with CCleaner, then I relaunched the report, here is the link:
http://www.cijoint.fr/cjlink.php?file=cj201007/cijCCeksxU.txt
Keep me posted!
Thanks
http://www.cijoint.fr/cjlink.php?file=cj201007/cijCCeksxU.txt
Keep me posted!
Thanks
Ok. I don't understand how Malwarebytes missed this:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
...well, let's do it differently.... ;)
- Right-click: run as administrator on the ZHPFix icon on the desktop or the shield-shaped icon.
- Click on the H button.
- Copy and paste what is in bold below into the empty ZHPFix window
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\Software\Conduit]
[HKLM\Software\Conduit]
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Conduit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
- Click OK
- Check all the boxes (or click ALL) then Clean.
- Post the report that will appear at the end.
Then restart Malwarebytes but this time choose to run a Quick Scan.
Post the malwarebytes report in your next message.
--
O.o°*|| $η@δθW || °o.O
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
...well, let's do it differently.... ;)
- Right-click: run as administrator on the ZHPFix icon on the desktop or the shield-shaped icon.
- Click on the H button.
- Copy and paste what is in bold below into the empty ZHPFix window
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\Software\Conduit]
[HKLM\Software\Conduit]
O43 - CFD:Common File Directory ----D- C:\Program Files (x86)\Conduit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
- Click OK
- Check all the boxes (or click ALL) then Clean.
- Post the report that will appear at the end.
Then restart Malwarebytes but this time choose to run a Quick Scan.
Post the malwarebytes report in your next message.
--
O.o°*|| $η@δθW || °o.O
Here is the report:
ZHPFix Report v1.12.3121 by Nicolas Coolman, Update of 14/07/2010
Registry export file: C:\ZHPExportRegistry-15-07-2010-19-41-10.txt
Run by marie at 15/07/2010 19:41:10
Website: http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact: nicolascoolman@yahoo.fr
========== Registry Key ==========
HKCU\Software\Conduit => Key absent
HKLM\Software\Conduit => Key absent
========== Registry Value ==========
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe => Value successfully deleted
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe => Value successfully deleted
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe => Value absent
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe => Value absent
========== Registry Data Element ==========
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified => Data successfully deleted
========== Folder ==========
C:\Program Files (x86)\Conduit => Deleted and quarantined
========== File ==========
c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe => Deleted and quarantined
ZHPFix Report v1.12.3121 by Nicolas Coolman, Update of 14/07/2010
Registry export file: C:\ZHPExportRegistry-15-07-2010-19-41-10.txt
Run by marie at 15/07/2010 19:41:10
Website: http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact: nicolascoolman@yahoo.fr
========== Registry Key ==========
HKCU\Software\Conduit => Key absent
HKLM\Software\Conduit => Key absent
========== Registry Value ==========
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe => Value successfully deleted
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe => Value successfully deleted
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe => Value absent
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe => Value absent
========== Registry Data Element ==========
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified => Data successfully deleted
========== Folder ==========
C:\Program Files (x86)\Conduit => Deleted and quarantined
========== File ==========
c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe => Deleted and quarantined
and I'm sending you the mbam report on cijoint:
http://www.cijoint.fr/cjlink.php?file=cj201007/cij5y9MpeC.txt
http://www.cijoint.fr/cjlink.php?file=cj201007/cij5y9MpeC.txt
The antivirus doesn't find anything anymore and I'm attaching the zphdiag report! But I believe there's nothing left!
http://www.cijoint.fr/cjlink.php?file=cj201007/cijbHCl6XB.txt
http://www.cijoint.fr/cjlink.php?file=cj201007/cijbHCl6XB.txt
It's almost good.
Removal of used tools:
Download and install ToolsCleaner2:
http://pc-system.fr/
# Double-click on it to launch.
# Click on " Search " and wait a moment for the search to complete...
# When the search is finished, ToolsCleaner displays a list of the various found tools, click on "Remove" to delete them.
# Close the program by clicking on "Exit ".
# Post the report found here >>> C:\TCleaner.txt
=================================================
Update JAVA:
https://www.java.com/fr/download/
=================================================
Delete the old restore point(s):
1. Click on Start
2. Right-click on "Computer", then "Properties"
3. In the taskbar on the left, click on "System Protection"
4. A window appears.
5. Go to the system protection tab, let your computer work for a few seconds while it finds the restore points.....
6. Click once on Local Disk (C:) (System) to highlight it, then click on the Configure... button
7. A new window appears, click on the Delete button to remove the old restore points then OK.
Create a new restore point:
1. Click on the Windows (Start) logo.
2. Just above the logo, you have a "Search" bar, type " restore "
3. Let your computer work until it finds "Create a restore point"
4. Then click on "Create a restore point"
5. You have the option to name your restore point so you can easily find it when you need to restore your system to a previous date.
6. Confirm and wait... the restore point is being created,
7. Done ;)
=================================================
Run CCleaner.
Removal of used tools:
Download and install ToolsCleaner2:
http://pc-system.fr/
# Double-click on it to launch.
# Click on " Search " and wait a moment for the search to complete...
# When the search is finished, ToolsCleaner displays a list of the various found tools, click on "Remove" to delete them.
# Close the program by clicking on "Exit ".
# Post the report found here >>> C:\TCleaner.txt
=================================================
Update JAVA:
https://www.java.com/fr/download/
=================================================
Delete the old restore point(s):
1. Click on Start
2. Right-click on "Computer", then "Properties"
3. In the taskbar on the left, click on "System Protection"
4. A window appears.
5. Go to the system protection tab, let your computer work for a few seconds while it finds the restore points.....
6. Click once on Local Disk (C:) (System) to highlight it, then click on the Configure... button
7. A new window appears, click on the Delete button to remove the old restore points then OK.
Create a new restore point:
1. Click on the Windows (Start) logo.
2. Just above the logo, you have a "Search" bar, type " restore "
3. Let your computer work until it finds "Create a restore point"
4. Then click on "Create a restore point"
5. You have the option to name your restore point so you can easily find it when you need to restore your system to a previous date.
6. Confirm and wait... the restore point is being created,
7. Done ;)
=================================================
Run CCleaner.
In fact, I have a little problem with Toolscleaner 2. I launch it and start the scan, but either the program stops responding, or even if I leave the scan running, it doesn’t progress at all! I admit I’ve tried several times without success!
Ok, it's normal that he doesn't "respond" but after a while...
We'll go with another one:
# Download OTCleanIT from Old Timer.
http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
# Save it to your desktop.
# Run the software by double-clicking on it.
# Click on CleanUp!
# The software will ask you to start the scan. Accept.
# You will be asked to restart your PC to complete the deletion of files and also remove OTCleanIT. Accept.
We'll go with another one:
# Download OTCleanIT from Old Timer.
http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
# Save it to your desktop.
# Run the software by double-clicking on it.
# Click on CleanUp!
# The software will ask you to start the scan. Accept.
# You will be asked to restart your PC to complete the deletion of files and also remove OTCleanIT. Accept.
Hello, if someone can help me, I have the adware virus gen variant. Thank you. This is an ad remover report.
HKLM\Software\Classes\CLSID\{2fede777-1ac3-4af7-ad32-f84ae5841af3}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2fede777-1ac3-4af7-ad32-f84ae5841af3}
Key found: HKLM\Software\Classes\CLSID\{692CB092-59BA-49A8-A210-0BDABAD44C8D}
Key found: HKLM\Software\Classes\Interface\{692CB092-59BA-49A8-A210-0BDABAD44C8D}
Key found: HKLM\Software\Classes\CLSID\{838b9725-b6d4-49d7-83a1-2f427efc4d42}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{838b9725-b6d4-49d7-83a1-2f427efc4d42}
Key found: HKLM\Software\Classes\CLSID\{a4d12b26-b341-43da-8491-1b7b15d7ae33}
Key found: HKLM\Software\Classes\CLSID\{c53de48a-7a70-478a-b16b-17ccda7e8218}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c53de48a-7a70-478a-b16b-17ccda7e8218}
Key found: HKLM\Software\Classes\CLSID\{EEA15CDB-69E1-4C85-B8D0-6D8E42F2C21E}
Key found: HKLM\Software\Classes\Interface\{EEA15CDB-69E1-4C85-B8D0-6D8E42F2C21E}
Key found: HKLM\Software\Classes\Interface\{48BB694D-DD05-40E0-A281-BC3413775754}
Key found: HKLM\Software\Classes\Interface\{A7FBB0D4-97E2-485A-BDE1-B9996E86093D}
Key found: HKLM\Software\Classes\Interface\{D4F530A5-884D-48FC-A4F6-8614C7367D2F}
Key found: HKLM\Software\Classes\Interface\{D700567E-2A70-45CD-B44A-27463B72DBBA}
Key found: HKLM\Software\Classes\TypeLib\{AFCED8DA-DA58-4750-A8C9-4B3B668D2A71}
Key found: HKLM\Software\Classes\TypeLib\{B7546CC7-2C26-441A-A2D4-AB6F4A1E4FEB}
Key found: HKLM\Software\Classes\TypeLib\{D68D32A6-F3DD-4E6A-A10E-7D0C1AAFC20E}
Key found: HKLM\Software\Live-Player
Key found: HKLM\Software\OfferBox
Key found: HKCU\Software\Grand Virtual
Key found: HKCU\Software\Live-Player
Key found: HKCU\Software\OfferBox
Key found: HKCU\Software\PartyGaming
Key found: HKLM\Software\Canneverbe Limited\OpenCandy
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Everest Poker
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PartyPoker
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\live-player
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d42c6214-d496-4393-8f72-f963e0b8752b}
Key found: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key found: HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
Value found: HKLM\Software\Mozilla\Firefox\Extensions|pixeasy@spointer.com
============== ADDITIONAL SCAN ==============
-- C:\Documents and Settings\David Vard\Application Data\Mozilla\FireFox\Profiles\jpve4ybw.default --
Extensions\ffxtlbr@Facemoods.com (Facemoods)
Extensions\npfax@microgaming.co.uk (Flash AX Control)
Extensions\staged-xpis (?)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} (?)
Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (?)
Prefs.js - browser.search.defaultenginename, Fast Browser Search
Prefs.js - browser.search.defaulturl, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.GOOGLE.FR
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.6
HKLM\Software\Classes\CLSID\{2fede777-1ac3-4af7-ad32-f84ae5841af3}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2fede777-1ac3-4af7-ad32-f84ae5841af3}
Key found: HKLM\Software\Classes\CLSID\{692CB092-59BA-49A8-A210-0BDABAD44C8D}
Key found: HKLM\Software\Classes\Interface\{692CB092-59BA-49A8-A210-0BDABAD44C8D}
Key found: HKLM\Software\Classes\CLSID\{838b9725-b6d4-49d7-83a1-2f427efc4d42}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{838b9725-b6d4-49d7-83a1-2f427efc4d42}
Key found: HKLM\Software\Classes\CLSID\{a4d12b26-b341-43da-8491-1b7b15d7ae33}
Key found: HKLM\Software\Classes\CLSID\{c53de48a-7a70-478a-b16b-17ccda7e8218}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c53de48a-7a70-478a-b16b-17ccda7e8218}
Key found: HKLM\Software\Classes\CLSID\{EEA15CDB-69E1-4C85-B8D0-6D8E42F2C21E}
Key found: HKLM\Software\Classes\Interface\{EEA15CDB-69E1-4C85-B8D0-6D8E42F2C21E}
Key found: HKLM\Software\Classes\Interface\{48BB694D-DD05-40E0-A281-BC3413775754}
Key found: HKLM\Software\Classes\Interface\{A7FBB0D4-97E2-485A-BDE1-B9996E86093D}
Key found: HKLM\Software\Classes\Interface\{D4F530A5-884D-48FC-A4F6-8614C7367D2F}
Key found: HKLM\Software\Classes\Interface\{D700567E-2A70-45CD-B44A-27463B72DBBA}
Key found: HKLM\Software\Classes\TypeLib\{AFCED8DA-DA58-4750-A8C9-4B3B668D2A71}
Key found: HKLM\Software\Classes\TypeLib\{B7546CC7-2C26-441A-A2D4-AB6F4A1E4FEB}
Key found: HKLM\Software\Classes\TypeLib\{D68D32A6-F3DD-4E6A-A10E-7D0C1AAFC20E}
Key found: HKLM\Software\Live-Player
Key found: HKLM\Software\OfferBox
Key found: HKCU\Software\Grand Virtual
Key found: HKCU\Software\Live-Player
Key found: HKCU\Software\OfferBox
Key found: HKCU\Software\PartyGaming
Key found: HKLM\Software\Canneverbe Limited\OpenCandy
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Everest Poker
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PartyPoker
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\live-player
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d42c6214-d496-4393-8f72-f963e0b8752b}
Key found: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key found: HKLM\Software\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
Value found: HKLM\Software\Mozilla\Firefox\Extensions|pixeasy@spointer.com
============== ADDITIONAL SCAN ==============
-- C:\Documents and Settings\David Vard\Application Data\Mozilla\FireFox\Profiles\jpve4ybw.default --
Extensions\ffxtlbr@Facemoods.com (Facemoods)
Extensions\npfax@microgaming.co.uk (Flash AX Control)
Extensions\staged-xpis (?)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} (?)
Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (?)
Prefs.js - browser.search.defaultenginename, Fast Browser Search
Prefs.js - browser.search.defaulturl, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.GOOGLE.FR
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.6
Ok, I did that and now should I do the thing with the restore points or not? What’s the point of deleting the restore files?
Yes, do the section that concerns the restore points.
"What's the point of deleting restore files?"
>> Free up space on your hard drive
>> Ensure that no infection can return (normal if you delete the restore points...)
Why create a new one?
>> Your PC is now clean. If you encounter any problems later, you can restore your PC with the new restore point created.
"What's the point of deleting restore files?"
>> Free up space on your hard drive
>> Ensure that no infection can return (normal if you delete the restore points...)
Why create a new one?
>> Your PC is now clean. If you encounter any problems later, you can restore your PC with the new restore point created.
I have a virus on my laptop "Gen:Variant.Adware.adseo1" that persists even though I have BitDefender 10. Attached is the report from the analysis of my PC with ZHPDiag:
http://ww38.toofiles.com/fr/oip/documents/txt/6350_zhpdiag.html
Thank you for your response.
http://ww38.toofiles.com/fr/oip/documents/txt/6350_zhpdiag.html
Thank you for your response.
For the variant virus and all other threats, BitDefender handles it in rescue mode.
Click on protection/click on rescue mode
/The computer restarts as if it were in safe mode
,/Choose BitDefender rescue mode.
After opening the interface, there will be a kind of file; just click on these files one by one and BitDefender will give you the option to analyze these files one by one.
It will take a bit long, but I can assure you that there's nothing to worry about with this superb BitDefender machine.
Best regards
Click on protection/click on rescue mode
/The computer restarts as if it were in safe mode
,/Choose BitDefender rescue mode.
After opening the interface, there will be a kind of file; just click on these files one by one and BitDefender will give you the option to analyze these files one by one.
It will take a bit long, but I can assure you that there's nothing to worry about with this superb BitDefender machine.
Best regards