I had to print my documents using someone else’s computer so I had to plug my USB storage drive in, however the owner wasn’t really updating his antivirus software so I had no clue that my USB storage drive was infected by this weejoeh.exe thingy. I used the USB drive again at home and realized that there were new applications that use folder icons inside it, namely ‘Love You’, ‘Money’, ‘Nude’, ‘Sex’, ‘System Volume Informaton’, and ‘weejoeh’. There were also other shortcuts, all with the location weejoeh (F:), namely ‘Favourites’, ‘Private’, ‘Passwords’, ‘Movies’, ‘Music’, ‘Search’, and ‘Pictures’. And there are two new folders that were hidden (I only saw them when I allowed hidden folders to be shown), ‘System Volume Information’ and ‘weejoeh’. My own folders were also hidden and the visible copies of them were applications.

My USB drive was located in drive F so I really have no idea what to do. I attempted to delete them all but then they came back so I checked my computer and realized that weejoeh copied itself to my computer already! It was inside a folder named ‘heojeew’ with the location C:\Users\Jolene\heojeew. I attempted to delete all files with the names ‘weejoeh’ and ‘heojeew’ but I couldn’t because according to Windows Task Manager, it’s running.

Avast doesn’t detect this as a virus. Please help! I can’t remove it!!! I can’t plug other devices anymore because of this problem.

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Note: Unplug your USB first…!!

Hi there run these two programmes. The first will clean the USB and the second will enable me to see where the problem lies

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG

Plug in the drive and McShield will start a scan

Then get the log which will be located under the logs tab on the main page

And post that

THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

Alright, hold on.

Log from MCShield

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2014.8.19.1 / Windows Vista <<<


8/24/2014 8:18:19 PM > Drive F: - scan started (ENELOJ ~7563 MB, FAT32 flash drive )...



---> Note: traces of file replicators have been found!

---> Executing generic S&D routine...


>>> F:\weejoeh.exe - Malware > Deleted. (14.08.24. 20.19 weejoeh.exe.462902; MD5: 05a294a17109db948d809abd3cbcfc3f)

>>> F:\System Volume Information.exe - Malware > Deleted. (14.08.24. 20.19 System Volume Information.exe.216529; MD5: 05a294a17109db948d809abd3cbcfc3f)

>>> F:\BLAH BLAH.exe - Malware > Deleted. (14.08.24. 20.19 BLAH BLAH.exe.236348; MD5: 05a294a17109db948d809abd3cbcfc3f)

>>> F:\Love You.exe - Malware > Deleted. (14.08.24. 20.19 Love You.exe.981625; MD5: 05a294a17109db948d809abd3cbcfc3f)

>>> F:\Nude.exe - Malware > Deleted. (14.08.24. 20.19 Nude.exe.644599; MD5: 05a294a17109db948d809abd3cbcfc3f)

>>> F:\Sex.exe - Malware > Deleted. (14.08.24. 20.19 Sex.exe.207342; MD5: 05a294a17109db948d809abd3cbcfc3f)

>>> F:\Money.exe - Malware > Deleted. (14.08.24. 20.19 Money.exe.729502; MD5: 05a294a17109db948d809abd3cbcfc3f)

>>> F:\Secret Folder.lnk - Suspicious > Renamed. (MD5: 3cab4b0d8da97a7b4b712190233ba57b)

>>> F:\Favourites.lnk - Suspicious > Renamed. (MD5: df4d7845c62259bf2a87ca86820c15b9)

>>> F:\Private.lnk - Suspicious > Renamed. (MD5: 71b5ae46dfb1863b27e9539eed536801)

>>> F:\Passwords.lnk - Suspicious > Renamed. (MD5: ee7c60a95967394e8acfde9157a511c4)

>>> F:\Movies.lnk - Suspicious > Renamed. (MD5: 3f42ca3b1637d46f57e150655254acd0)

>>> F:\Music.lnk - Suspicious > Renamed. (MD5: 37d9d72f03d6e1208ffdd27569d1c9ba)

>>> F:\Search.lnk - Suspicious > Renamed. (MD5: a1f44b02e65e327f1d31fbd0ff3cc128)

>>> F:\Pictures.lnk - Suspicious > Renamed. (MD5: 36f1e62c6ceb3a944a8a8432b1b1a939)

> Resetting attributes: F:\BLAH BLAH < Successful.


=> Malicious files   : 7/7 deleted.
=> Suspicious files  : 8/8 renamed.
=> Hidden folders    : 1/1 unhidden.

____________________________________________

::::: Scan duration: (Interactive mode) ::::
____________________________________________

Could you attach the FRST logs as they will be too big to post

FRST logs

Oh yeah when I ran the MCShield thingy, it deleted the weejoeh.exe from my PC and my USB drive. :3

that file goes under many names … but MD5 does not lie
https://www.virustotal.com/en/file/14e3f561cf8d20843effefc098ced9904c75c747b8218915ea8085ee6e276b57/analysis/

Okey dokey next step

Uninstall the following two programmes using Control panel

File Type Assistant
Free File Viewer 2012

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\Run: [MSSMSGS] => rundll32.exe winzny32.rom,FhrXBZF HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\Run: [weejoeh] => C:\Users\Jolene\heojeew\weejoeh.exe [130179 2014-08-10] () HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {460348d5-2b13-11dd-9836-0016d4268fbc} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {5a0b874e-6a45-11d9-8fa2-0016d4268fbc} - a2h2.com HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {5f538a02-780f-11dd-b5a0-0016d4268fbc} - F:\bar311.exe %1 HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {7d774a2d-2eb3-11dd-8f32-0016d4268fbc} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {9df07dfc-2b18-11dd-abf3-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {f61f227d-e323-11de-b14e-0016d4268fbc} - mbvd.exe Startup: C:\Users\Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\weejoeh.lnk ShortcutTarget: weejoeh.lnk -> C:\Users\Jolene\heojeew\weejoeh.exe () URLSearchHook: HKCU - (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File URLSearchHook: HKCU - (No Name) - {C3E3DDD5-BAD5-4717-AA77-14E141548B83} - No File URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - No File Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab U3 azdcjekv; C:\Windows\system32\Drivers\azdcjekv.sys [0 ] (Microsoft Corporation) C:\Users\Jolene\heojeew C:\Windows\system32\Drivers\azdcjekv.sys 2014-08-24 20:15 - 2014-08-24 20:16 - 00000000 ____D () C:\Program Files\GUM369A.tmp 2014-08-23 02:40 - 2014-08-24 19:46 - 00000000 _RSHD () C:\Users\Jolene\heojeew Task: {5938B487-D471-44A5-B6A2-D5EB74A675A9} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2012-10-13] (Bitberry Software) Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION C:\Program Files\FreeFileViewer EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

What should I do if FRST does not respond after it started fixing?

Log after fix

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014 01
Ran by Jolene at 2014-08-24 23:04:16 Run:1
Running from C:\Users\Jolene\Downloads\Installers
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\Run: [MSSMSGS] => rundll32.exe winzny32.rom,FhrXBZF
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\Run: [weejoeh] => C:\Users\Jolene\heojeew\weejoeh.exe [130179 2014-08-10] ()
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {460348d5-2b13-11dd-9836-0016d4268fbc} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {5a0b874e-6a45-11d9-8fa2-0016d4268fbc} - a2h2.com
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {5f538a02-780f-11dd-b5a0-0016d4268fbc} - F:\bar311.exe %1
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {7d774a2d-2eb3-11dd-8f32-0016d4268fbc} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {9df07dfc-2b18-11dd-abf3-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
HKU\S-1-5-21-418808599-124273002-2944462063-1001\...\MountPoints2: {f61f227d-e323-11de-b14e-0016d4268fbc} - mbvd.exe
Startup: C:\Users\Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\weejoeh.lnk
ShortcutTarget: weejoeh.lnk -> C:\Users\Jolene\heojeew\weejoeh.exe ()
URLSearchHook: HKCU - (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: HKCU - (No Name) - {C3E3DDD5-BAD5-4717-AA77-14E141548B83} -  No File
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -  No File
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
U3 azdcjekv; C:\Windows\system32\Drivers\azdcjekv.sys [0 ] (Microsoft Corporation)
C:\Users\Jolene\heojeew  
C:\Windows\system32\Drivers\azdcjekv.sys 
2014-08-24 20:15 - 2014-08-24 20:16 - 00000000 ____D () C:\Program Files\GUM369A.tmp
2014-08-23 02:40 - 2014-08-24 19:46 - 00000000 _RSHD () C:\Users\Jolene\heojeew
Task: {5938B487-D471-44A5-B6A2-D5EB74A675A9} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2012-10-13] (Bitberry Software)
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
C:\Program Files\FreeFileViewer
EmptyTemp: 
CMD: bitsadmin /reset /allusers
*****************

HKU\S-1-5-21-418808599-124273002-2944462063-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MSSMSGS => value deleted successfully.
HKU\S-1-5-21-418808599-124273002-2944462063-1001\Software\Microsoft\Windows\CurrentVersion\Run\\weejoeh => Value not found.
"HKU\S-1-5-21-418808599-124273002-2944462063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{460348d5-2b13-11dd-9836-0016d4268fbc}" => Key deleted successfully.
"HKCR\CLSID\{460348d5-2b13-11dd-9836-0016d4268fbc}" => Key not found.
"HKU\S-1-5-21-418808599-124273002-2944462063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a0b874e-6a45-11d9-8fa2-0016d4268fbc}" => Key deleted successfully.
"HKCR\CLSID\{5a0b874e-6a45-11d9-8fa2-0016d4268fbc}" => Key not found.
"HKU\S-1-5-21-418808599-124273002-2944462063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f538a02-780f-11dd-b5a0-0016d4268fbc}" => Key deleted successfully.
"HKCR\CLSID\{5f538a02-780f-11dd-b5a0-0016d4268fbc}" => Key not found.
"HKU\S-1-5-21-418808599-124273002-2944462063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d774a2d-2eb3-11dd-8f32-0016d4268fbc}" => Key deleted successfully.
"HKCR\CLSID\{7d774a2d-2eb3-11dd-8f32-0016d4268fbc}" => Key not found.
"HKU\S-1-5-21-418808599-124273002-2944462063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9df07dfc-2b18-11dd-abf3-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{9df07dfc-2b18-11dd-abf3-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-418808599-124273002-2944462063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f61f227d-e323-11de-b14e-0016d4268fbc}" => Key deleted successfully.
"HKCR\CLSID\{f61f227d-e323-11de-b14e-0016d4268fbc}" => Key not found.
C:\Users\Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\weejoeh.lnk not found.
C:\Users\Jolene\heojeew\weejoeh.exe not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C3E3DDD5-BAD5-4717-AA77-14E141548B83} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B3535C18-0E70-4D4B-B36B-BBFE139BB144} => value deleted successfully.
"HKCR\CLSID\{B3535C18-0E70-4D4B-B36B-BBFE139BB144}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => value deleted successfully.
"HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}" => Key deleted successfully.
"HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}" => Key not found.
azdcjekv => Service not found.
C:\Users\Jolene\heojeew => Moved successfully.
"C:\Windows\system32\Drivers\azdcjekv.sys" => File/Directory not found.
C:\Program Files\GUM369A.tmp => Moved successfully.
"C:\Users\Jolene\heojeew" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5938B487-D471-44A5-B6A2-D5EB74A675A9}" => Key not found.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => Key not found.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job not found.
"C:\Program Files\FreeFileViewer" => File/Directory not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6000 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

Unable to cancel {7165CE27-7D07-4456-8D1A-43D8A1170C98}.
{DDC38DDD-FF4C-46AE-B16C-92A45F21BD7B} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 2.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

EmptyTemp: => Removed 2.5 GB temporary data.
That is why it appeared not to be responding… You now have an extra 2.5GB of space on your hard drive

WOW hahaha thanks a lot! ;D

BTW this is the AdwCleaner log that appeared after reboot

# AdwCleaner v3.308 - Report created 24/08/2014 at 23:55:46
# Updated 20/08/2014 by Xplode
# Operating System : Windows Vista (TM) Ultimate  (32 bits)
# Username : Jolene - VALENZUELA
# Running from : C:\Users\Jolene\Downloads\Installers\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Users\ARLENE\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\ARLENE\AppData\Local\PackageAware
Folder Deleted : C:\Users\ARLENE\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\ARLENE\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\ARLENE\Documents\Updater
Folder Deleted : C:\Users\Jolene\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Jolene\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Jolene\AppData\Roaming\Aimersoft Video Converter Ultimate
Folder Deleted : C:\Users\Jolene\Documents\Aimersoft Video Converter Ultimate
Folder Deleted : C:\Users\Jolene\Documents\Updater

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17037


-\\ Google Chrome v

[ File : C:\Users\ARLENE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Homepage] : hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZUxdm493YYPH&ptb=hHyedZdPTFad8nSerErOtw

[ File : C:\Users\Jolene\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm493YYPH&fl=0&ptb=hHyedZdPTFad8nSerErOtw&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
Deleted [Search Provider] : hxxp://www.imusicz.net/searchSuggest.php?txtSearch={searchTerms}&cmdSearch=Search%21&dosearch=dosearch
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7188 octets] - [24/08/2014 23:51:38]
AdwCleaner[S0].txt - [7257 octets] - [24/08/2014 23:55:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7317 octets] ##########

How is the computer behaving now ?

It’s faster than before. Whew! And the weejoeh thingy is COMPLETELY gone!

Thank you! Even other programs that I’ve been wanting to remove are gone…all those nasty toolbars that my mother unintentionally removed but could not be completely installed -_- finally gone!!! ;D

bows THANK YOU FOR SOLVING MY PROBLEMS bows

One final thing before I let you go

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe