O.T. - Temporary firewall problem at boot up:

I understand that Microsoft Security Essentials
is not a replacement for Malwarebytes.

I did not know Microsoft Security Essentials conflicted
with Avast so I will uninstall it.

My question was is this link ok to download
and install Malwarebtyes:

http://www.malwarebytes.org/

In addition, is there any third party disc software that
you could recommend to check for malware?

Thanks,
Robert

On Sat, 11 Jan 2014 01:43:38 -0500, Nil
wrote:

On 10 Jan 2014, "Ken Blake, MVP" wrote in
microsoft.public.windowsxp.general:

I agree with everything you say in this message, except for that
sentence. Microsoft Security Essentials is not *comparable to
Norton or McAfee; it is *much* better than either.

Wellll... they are comarable in that you can compare them.



OK, if that's what you mean, but you use the word differently than I
do.

On 11 Jan 2014, wrote in
microsoft.public.windowsxp.general:

I understand that Microsoft Security Essentials
is not a replacement for Malwarebytes.

I did not know Microsoft Security Essentials conflicted
with Avast so I will uninstall it.

Whatever "it" is.

My question was is this link ok to download
and install Malwarebtyes:

http://www.malwarebytes.org/

Yes, indeed. You did ask that. You got a nice answer, too.

In addition, is there any third party disc software that
you could recommend to check for malware?

Dizzy, I'm so dizzy my head is spinning
Like a whirlpool it never ends
And it's you girl makin' it spin
You're making me dizzy

On 1/11/2014 5:05 AM, wrote:

snip

In addition, is there any third party disc software that
you could recommend to check for malware?

Thanks,
Robert


Kaspersky Rescue CD. (Boot the computer with it.)

http://support.kaspersky.com/8092

Adwcleaner. (Runs within Windows, for Adware/Toolbars)

http://www.bleepingcomputer.com/download/adwcleaner/

Malwarebytes Free One-Time Scanner (not the paid version)
(Runs within Windows - covers some of the same
stuff as Kaspersky)

http://www.malwarebytes.org/

Those are some examples.

If you run into any you're "interested" in, post
a link here for comments. Rather than randomly downloading
them from some malware site, and ending up in yet more trouble.

HTH,
Paul

Hello Paul,

Here's what I've done; I uninstalled Microsoft Security Essentials and
installed the free version of Malwarebytes and when I ran it for the first time it came up with (1) Pup malware but I was able to delete it. However it set me to thinking that I'm still infected with malware.

I ran another scan afterwards and it came up clean.

I decided to try a System image restore but when I checked my external HD and expected to see several system images but there's only one dated 1-8-14. I know I've made system images at least once a month but I could not find them. In any case, I started the process which took me to a screen much like Safe Mode looks and decided to cancel it because I didn't want to make things worst than they already are and felt that if this is the latest version then it will be infected too. I still don't understand what happened to all the other system images I made unless it writes over them? That would be pretty useless if I needed an earlier version (which I do).

I downloaded/installed the Kapersky Rescue Disk 10 on a 32GB Cruzer Glide flash drive
however I was unable to bring up the Bios for some reason and I tried several times.

When I attemped to download and install Adwcleaner it installed Slow PC fighter, Arcade Palor (which is where I traced one of my infected Pup malware files previously), Yahoo Toolbar and changed my homepage from Firefox to Yahoo. Other programs that show today's date are 7-Zip, CWA Reminder by We-Care.com, File Association Manager, and Winferno Registry Power Cleaner and Adwcleaner never did install.

My computer is once again infected with malware with (30) objects found from Arcade Palor, 7-Zip, We Care Reminder, Registry Key HKCR. Just like I was infected from Optimizer Pro which came with CcCleaner

I deleted Arcade Palor, Yahoo Toolbar, and Slow PC Fighter but can I delete the rest of these programs as well since they seem to be infected.


Here are the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401202
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) - Delete on reboot.

Hello Paul,

Here's what I've done; I uninstalled Microsoft
Security Essentials and installed the free version
of Malwarebytes and when I ran it for the first
time it came up with (1) Pup malware but I was
able to delete it. However it set me to thinking
that I'm still infected with malware.

I ran another scan afterwards and it came up clean.

I decided to try a System image restore but when
I checked my external HD and expected to see
several system images but there's only one dated
1-8-14. I know I've made system images at least
once a month but I could not find them. In any
case, I started the process which took me to a
screen much like Safe Mode looks and decided to
cancel it because I didn't want to make things
worst than they already are and felt that if this is
the latest version then it will be infected too. I still
don't understand what happened to all the other
system images I made unless it writes over them?
That would be pretty useless if I needed an earlier
version (which I do).

I downloaded/installed the Kapersky Rescue Disk
10 on a 32GB Cruzer Glide flash drive however I
was unable to bring up the Bios for some reason and
I tried several times.

When I attemped to download and install Adwcleaner
it installed Slow PC fighter, Arcade Palor (which is
where I traced one of my infected Pup malware files
previously), Yahoo Toolbar and changed my homepage
from Firefox to Yahoo. Other programs that show today's
date are 7-Zip, CWA Reminder by We-Care.com, File
Association Manager, and Winferno Registry Power
Cleaner and Adwcleaner never did install.

My computer is once again infected with malware with
(30) objects found from Arcade Palor, 7-Zip, We Care
Reminder, Registry Key HKCR. Just like I was infected
from Optimizer Pro which came with CcCleaner

I deleted Arcade Palor, Yahoo Toolbar, and
Slow PC Fighter but can I delete the rest
of these programs as well since they seem
to be infected.

Here are the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401202
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) - Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) - Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) - Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.

Files Detected: 17
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) - Delete on reboot.
C:\Users\Rob\Downloads\7zip_bimo.exe (PUP.Optional.SecureInstaller.A) - Quarantined and deleted successfully.
C:\Windows\Installer\23bed.msi (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.ex e (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) - Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\Arcadeparl or.dll (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\removal.ex e (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\versionche ck.exe (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.

(end)

I ran Malwarebytes again and it came up with (7)
objects detected.

In passing, I also installed the free version of
Malwarebytes on the 8200 and it remains clean as
far as the scans are concerned.

I hope this doesn't prevent me from posting to
this site again. That's what happened last time
and it took 3 weeks before I could post again.

Thoughts/suggestions?
Robert

Hello Paul,

Here's what I've done; I uninstalled Microsoft
Security Essentials and installed the free version
of Malwarebytes and when I ran it for the first
time it came up with (1) Pup malware but I was
able to delete it. However it set me to thinking
that I'm still infected with malware.

I ran another scan afterwards and it came up clean.

I decided to try a System image restore but when
I checked my external HD and expected to see
several system images but there's only one dated
1-8-14. I know I've made system images at least
once a month but I could not find them. In any
case, I started the process which took me to a
screen much like Safe Mode looks and decided to
cancel it because I didn't want to make things
worst than they already are and felt that if this is
the latest version then it will be infected too. I still
don't understand what happened to all the other
system images I made unless it writes over them?
That would be pretty useless if I needed an earlier
version (which I do).

I downloaded/installed the Kapersky Rescue Disk
10 on a 32GB Cruzer Glide flash drive however I
was unable to bring up the Bios for some reason and
I tried several times.

When I attemped to download and install Adwcleaner
it installed Slow PC fighter, Arcade Palor (which is
where I traced one of my infected Pup malware files
previously), Yahoo Toolbar and changed my homepage
from Firefox to Yahoo. Other programs that show today's
date are 7-Zip, CWA Reminder by We-Care.com, File
Association Manager, and Winferno Registry Power
Cleaner and Adwcleaner never did install.

My computer is once again infected with malware with
(30) objects found from Arcade Palor, 7-Zip, We Care
Reminder, Registry Key HKCR. Just like I was infected
from Optimizer Pro which came with CcCleaner

I deleted Arcade Palor, Yahoo Toolbar, and
Slow PC Fighter but can I delete the rest
of these programs as well since they seem
to be infected.

Here are the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401202
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) - Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) - Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) - Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.

Files Detected: 17
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) - Delete on reboot.
C:\Users\Rob\Downloads\7zip_bimo.exe (PUP.Optional.SecureInstaller.A) - Quarantined and deleted successfully.
C:\Windows\Installer\23bed.msi (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.ex e (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) - Delete on reboot.
C:\Users\Rob\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\Arcadeparl or.dll (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\removal.ex e (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\ArcadeParlor\versionche ck.exe (PUP.Optional.ArcadeParlor.A) - Quarantined and deleted successfully.

(end)

I ran Malwarebytes again and it came up with
7) objects detected.

In passing, I also installed the free version
of Malwarebytes on the 8200 and it remains
clean as far as the scans are concerned.

I hope this doesn't prevent me from posting to
this site again. That's what happened last time
and it took 3 weeks before I could post again.

Thoughts/suggestions?
Robert

Actually, the scan wasn't totally finished
when I wrote my previous message. The
total number of objects found were (23).

Here's the results of the scan:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 400929
Time elapsed: 35 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) - Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) - Delete on reboot.
HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) - Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) - Delete on reboot.

Files Detected: 11
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) - Delete on reboot.
C:\Windows\Installer\23bed.msi (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\IEToolMenuDisable.ex e (PUP.Optional.WeCare.A) - Delete on reboot.
C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) - Delete on reboot.

(end)


I'll continue to run scans to see if I can
delete them all but I suspect I need to
delete the source programs.

Thoughts/suggestions?
Robert

Hello Paul,

I've run numerous Malwarebytes scans and
keep coming up with (23) objects found and
seems to point to CWA Reminder as the culprit.
So I decided to uninstall it but when trying to
do so I received this message:

The installer has encountered an unexpected
error installing this package. This may indicate
a problem with this package. The error code is 2318.

I tried again and got the same message so I
clicked repair and this is what it gave me:

The Path

"C:\Users\Rpbert\AppData\Local\Temp\qs_f930d200W3i SliderCWAv4.1.24.3_20131003.msi" cannot be found. Verify you have access
to this location and try again, or try to find the
installation package. "W3iSliderCWAv4.1.24.3_20131003.msi"
in a folder from which you can install the product
CWA Reminder by We-Care.com v4.1.23.3


So how am I suppose to uninstall it when it
won't let me? Now my computer is worst off
than before.

Thoughts/suggestions?
Robert

Ok Paul,

This has gotten really serious,

I decided to go into my Administrators account
to see if I could delete the CW Reminder from there
versus the User Account (the computer lets me type
in my Admin password so I don't have to go back
and forth). However, after clicking on the Administrator
Account and entering the password I got a black screen
with the exception of two Windferno Registry Power
Cleaner pop-ups that appeared.

I closed them and nothing. So I pushed the power button
to reset/restart the computer hoping it would take me
back here.

Now I can't even use my Administrator Account !! The
screen is totally blacked out!

I was able to remove Window Registry Cleaner on the User
Side. I tried removing CWA Reminder by We-Care.com
again but I got the same messages as before and could not
remove it.

What am I suppose to do now?

Thoughts/Suggestions?
Robert

On 1/12/2014 1:43 PM, wrote:
Hello Paul,

I've run numerous Malwarebytes scans and
keep coming up with (23) objects found and
seems to point to CWA Reminder as the culprit.
So I decided to uninstall it but when trying to
do so I received this message:

The installer has encountered an unexpected
error installing this package. This may indicate
a problem with this package. The error code is 2318.

I tried again and got the same message so I
clicked repair and this is what it gave me:

The Path

"C:\Users\Rpbert\AppData\Local\Temp\qs_f930d200W3i SliderCWAv4.1.24.3_20131003.msi" cannot be found. Verify you have access
to this location and try again, or try to find the
installation package. "W3iSliderCWAv4.1.24.3_20131003.msi"
in a folder from which you can install the product
CWA Reminder by We-Care.com v4.1.23.3


So how am I suppose to uninstall it when it
won't let me? Now my computer is worst off
than before.

Thoughts/suggestions?
Robert


What's weird, is I can find a reference to that file on
Virustotal. But the analysis is clean.

https://www.virustotal.com/en/file/9...710e/analysis/

The We-Care.com site tries to install stuff in your browser. I
don't see why a .msi would be involved directly.

There was one suggestion to try Revo Uninstaller. So
that's a possibility, if all that is left is bits and
pieces.

Maybe some AV software on your machine (like MBAM),
quarantined the .msi file.

Apparently the we-care stuff, allows other programs to download.
If the uninstaller worked, the piggy back programs
get removed too. So all the references I can find to that,
the Add/Remove or Programs and Features route to removal, worked.
If the uninstaller isn't working, I don't know, maybe
the Revo Uninstaller would work. Not really sure what
to try next.

The AdwCleaner might recognize it. Whatever is left of it.

Paul

On 1/12/2014 2:02 PM, wrote:
Ok Paul,

This has gotten really serious,

I decided to go into my Administrators account
to see if I could delete the CW Reminder from there
versus the User Account (the computer lets me type
in my Admin password so I don't have to go back
and forth). However, after clicking on the Administrator
Account and entering the password I got a black screen
with the exception of two Windferno Registry Power
Cleaner pop-ups that appeared.

I closed them and nothing. So I pushed the power button
to reset/restart the computer hoping it would take me
back here.

Now I can't even use my Administrator Account !! The
screen is totally blacked out!

I was able to remove Window Registry Cleaner on the User
Side. I tried removing CWA Reminder by We-Care.com
again but I got the same messages as before and could not
remove it.

What am I suppose to do now?

Thoughts/Suggestions?
Robert


OMG :-)

You're a fast worker.

I found a copy of the msi file. But a fat lot of good it's
going to do now. You save this, then upload to Virustotal.com
and verify it's the same file. I.e. That it's clean.

http://dl5.v24installer.com/lm/bundl...3_20131003.msi

And when I test that one, it takes me back here. Since we can't trust
a site like that, I recommend testing the downloaded file when
you get it, and verify the Virustotal.com scan of it is clean.
(Note - Virustotal was bought by Google, so it's actually run by
Google now.)

https://www.virustotal.com/en/file/9...710e/analysis/

So that would be a copy of the file, if you needed one.
You would move it back to where ever the dialog box said it should be.

W3iSliderCWAv4.1.24.3_20131003.msi
4,521,984 bytes
Signed: ‎Thursday, ‎October ‎3, ‎2013 8:47:56 AM (Comodo)
MD5SUM 514ab618b7806440a61f6a481a128b33

*******

If your user account is a member of the Administrators group,
then you don't need an Administrator account as such. You should
be able to do what's needed from the User account.

If you're in Windows 7, and use System Image, it will overwrite
the last copy. To stop that, when the System Image operation is
completed, you *move* the System Image folder created,
out of the way, rename the folder in a descriptive way. Then,
the next System Image you make, won't be able to overwrite
the renamed folder. That's basically how you keep multiple
Windows 7 System Images alive.

And if that remaining System Image is not damaged, you can
restore that System Image and bring your Administrator
account "back to life".

I know you're a fast worker, and you can undoubtedly brick the
machine before long, and all I can do on this end, is "pray for you" :-)

Paul

Hello Paul,

Here's what I did:

I was finally able to download and install
AdwCleaner and ran all the scans. I tried to
set up the Pup hosts under tools but it was
all in French.

After running all the scans and cleaning afterwards
I then tried to delete CWA Reminder and
this time I was successful!

I then ran a full scan with Malwarebytes which
came up with (2) objects found which were in
AdwCleaner quarantine. So I uninstalled AdwCleaner
which seemed to be the only way to clear the quarantine
and the system is clean once more.

Just to make sure, I tried to logon to the Administrator
Account and it 'seems' everything is back to normal.

Thoughts/suggestions,
Robert

On 1/13/2014 5:38 AM, wrote:
Hello Paul,

Here's what I did:

I was finally able to download and install
AdwCleaner and ran all the scans. I tried to
set up the Pup hosts under tools but it was
all in French.

After running all the scans and cleaning afterwards
I then tried to delete CWA Reminder and
this time I was successful!

I then ran a full scan with Malwarebytes which
came up with (2) objects found which were in
AdwCleaner quarantine. So I uninstalled AdwCleaner
which seemed to be the only way to clear the quarantine
and the system is clean once more.

Just to make sure, I tried to logon to the Administrator
Account and it 'seems' everything is back to normal.

Thoughts/suggestions,
Robert


Move your good System Image somewhere, so you have it
for future consideration.

Otherwise, it sounds like you were successful :-)

Paul

The only System Image I have is the one dated
1-8-14 which is on the external HD.

http://www.newegg.com/Product/Produc...82E16822178107

I'll create another just to make sure.

I want to thank you and everyone else for
helping get through all this. If I have any
other questions or problems I'll start a
new post.

Thanks,
Robert