Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Delete DAP.exe, VA33_DapSo.exe, sbu.exe, SBUpdate.exe, and SpeedBits


  • Please log in to reply
20 replies to this topic

#1 shley

shley

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 15 June 2013 - 01:14 PM

Hello,
I wasn't smart and downloaded DAP.exe (a video downloader accelerator program) from CNET. It used to be that Cnet was careful to only post quality programs but apparently their QA/QC has changed.
In any case, have attempted to get rid of all the remaining files that have to do with dap.exe, SpeedBits, and associated registry findings. Most is off the hard drive but there are a few 'locked' files that I can't seem to remove. My antivirus and antimalware ARE keeping the files at bay, at least for the time being, as far as I can tell but I would really like some help on how to remove these things off my system completely.
 
I am running a Compaq Laptop Presairo V5000 (Product #EZ573UA#ABA).
It is running Windows XP Home SP 3.
I have tried some registry cleaners as well, to no avail. 
When I navigate into the registry and search on criteria there are some keys I cannot delete due to permission problems. But I cannot change the permissions so this is why I am elevating this issue to Bleeping Computer because that shouldn't happen. I fear that there is something else going on other than just locking registry keys. 

Here are a couple of identified problems:
- A "SpeedBit" file folder exists and cannot be deleted here:
C:\Documents and Settings\All Users\Application Data\SpeedBit\
sub-folder DAP\Offers\ contains a file "VA33_DapSo.exe" which is locked in registry as the parent file folder is in Win Explorer. This VA33_DapSo.exe has been quarantined but it is a nuisance.
- In C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe also exists and cannot be deleted.
- sbu.exe exists in C:\Program Files\SpeedBit\SBUpdate\sbu.exe and can't be deleted.
 
I would appreciate help in deleting these and related items as well as possibly guidance in double-checking system for any other issues.

Just a side note: I had been going to a public WiFi network that does NOT have a up-to-date certificate. It is also an open network. I know MS Internet Explorer and other browsers have flagged this as a problem but I would like some opinions. Is there a chance on 'sessions' web pages that personally identifiable information is being extracted by pirates? And if so, how does a person such as a customer go about forcing a corporation to update their certificate? Is there a protocol to follow for this? The management has been told many times of the problem but nothing has changed. Thanks for any suggestions with regard to this as well. 
Thank you i advance for your great assistance to me as well as everything you do!

-Shley

Edit: Moved topic from Windows XP Home and Professional to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 15 June 2013 - 03:34 PM

Hi, to begin with lets run through the following: 

 

Malwarebytes Anti Malware      -  A quick scan is enough with MBAM

Adw Cleaner

 

In your next post, include the log files of MBAM/Adw Cleaner and JRT.

 

Regards,

Abcd. 


3dsig_zpsd150d538.png

 


#3 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 16 June 2013 - 02:05 AM

Thanks, Imabcd, for assisting with this. Much appreciated.

Here they are but the TFC.exe hung up twice and went into limbo. I had to restart twice...so I couldn't generate a report.

MBAM:
 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.15.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
OEM Customer :: PC863512472119 [administrator]

Protection: Disabled

6/16/2013 2:41:16 AM
mbam-log-2013-06-16 (02-41-16).txt

Scan type: Custom scan (C:\Documents and Settings\OEM Customer\My Documents\Downloads\TFC.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-------------------------------------------------

AdwCleaner [R2]:
 

# AdwCleaner v2.303 - Logfile created 06/16/2013 at 02:29:31
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : OEM Customer - PC863512472119
# Boot Mode : Normal
# Running from : C:\Documents and Settings\OEM Customer\My Documents\Downloads\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Speedbit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\DynConIE
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mn35vc8r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4236 octets] - [16/06/2013 01:32:24]
AdwCleaner[R2].txt - [3780 octets] - [16/06/2013 02:29:32]

########## EOF - C:\AdwCleaner[R2].txt - [3840 octets] ##########

--------------------------------------------

AdwCleaner [S1]:
 

# AdwCleaner v2.303 - Logfile created 06/16/2013 at 02:31:59
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : OEM Customer - PC863512472119
# Boot Mode : Normal
# Running from : C:\Documents and Settings\OEM Customer\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\DynConIE
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mn35vc8r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4236 octets] - [16/06/2013 01:32:24]
AdwCleaner[R2].txt - [3909 octets] - [16/06/2013 02:29:32]
AdwCleaner[S1].txt - [3892 octets] - [16/06/2013 02:31:59]

########## EOF - C:\AdwCleaner[S1].txt - [3952 octets] ##########

 

 

 



#4 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 16 June 2013 - 07:25 AM

You don't seemed to have scanned with JRT and I think you mistakenly did a custom scan with Malware bytes and instead of scanning the system with it, scanned TFC. So, do a quick scan with MalwareBytes again by double clicking Malware Bytes anti malware icon and selecting quick scan. Then post its log again. Also make sure to scan with JRT. As far as TFC is concerned, if it is hanging in normal mode, scan with TFC in safe mode. 

 

Regards,

Abcd. 


3dsig_zpsd150d538.png

 


#5 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 June 2013 - 06:31 PM

OK. Thanks. You were correct I posted the wrong file. I'm working on generating new ones right now.
Just for validation, the JRT.exe was flagged by Comodo as running a 7z Setup SFX file. It is by Oleg N. Scherbakov and version 1.2.0.175. I'm assuming this is all standard with the application? 
Thanks. I'll post later the results..

-shley



#6 67Nero

67Nero

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:57 PM

Posted 17 June 2013 - 08:07 PM

Jrt is legit program, so as long as you have downloaded from BC (which you have done), you can safely ignore the security program warnings.

trace.

Signature500x83_zps94555895.png


#7 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 June 2013 - 08:51 PM

I am using a different computer to respond here while the TFC is running. Can anyone advise as to how long it takes for the TFC.exe to run usually? It seems to be 'stuck' (but maybe not?) on this process:

 

User: LocalService
->Temp folder emptied: 0 bytes

I'll re-run as per Imabcd in Safe Mode if it doesn't come back but I was curious about average length of times to produce report.

 

Thanks everyone.

 

- Shley



#8 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 June 2013 - 09:23 PM

TFC was able to generate a report in Safe Mode. What I'm finding difficult to understand is that my User Profile *has* admin rights but it isn't showing up in the "Run As" option. When I check Run As another user, only OEM Customer and "APNS Certificate" are the choices. My User Name is not even listed unless it automatically removes the current user name from the optional drop down boxes. 
In any case, I went into safe mode and choose the Administrator user profile which WAS listed when I right-clicked on the TFC.exe to run. 

Reports to follow...



#9 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 June 2013 - 09:35 PM

MBAB Log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.15.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
OEM Customer :: PC863512472119 [administrator]
 
Protection: Disabled
 
6/17/2013 7:11:53 PM
mbam-log-2013-06-17 (19-11-53).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235473
Time elapsed: 11 minute(s), 9 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

------
JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by OEM Customer on Mon 06/17/2013 at 19:31:55.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\system32\turegopt.exe"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\OEM Customer\Application Data\pccustubinstaller"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/17/2013 at 19:58:08.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Log (new report):
# AdwCleaner v2.303 - Logfile created 06/17/2013 at 22:33:50
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : OEM Customer - PC863512472119
# Boot Mode : Normal
# Running from : C:\Documents and Settings\OEM Customer\Desktop\SysHealth Utlities\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mn35vc8r.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v [Unable to get version]
 
File : C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [4236 octets] - [16/06/2013 01:32:24]
AdwCleaner[R2].txt - [3909 octets] - [16/06/2013 02:29:32]
AdwCleaner[R3].txt - [1351 octets] - [17/06/2013 22:33:50]
AdwCleaner[S1].txt - [4021 octets] - [16/06/2013 02:31:59]
 
########## EOF - C:\AdwCleaner[R3].txt - [1471 octets] ##########
 

 



 

TFC Log (just in case it's needed):

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: Administrator
->Temp folder emptied: 7195635 bytes
->Temporary Internet Files folder emptied: 14604602 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: OEM Customer
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 852785 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp 
 
folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local 
 
Settings\Temporary Internet Files folder emptied: 32699062 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 53.00 mb


#10 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 17 June 2013 - 10:54 PM

And here is the final log for the AdwCleaner. I forgot to Erase so this was the final report after that step:

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 23:29:48
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : OEM Customer - PC863512472119
# Boot Mode : Normal
# Running from : C:\Documents and Settings\OEM Customer\Desktop\SysHealth Utlities\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\OEM Customer\Application Data\Mozilla\Firefox\Profiles\up01y3w9.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mn35vc8r.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v [Unable to get version]
 
File : C:\Documents and Settings\OEM Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [4236 octets] - [16/06/2013 01:32:24]
AdwCleaner[R2].txt - [3909 octets] - [16/06/2013 02:29:32]
AdwCleaner[R3].txt - [1540 octets] - [17/06/2013 22:33:50]
AdwCleaner[R4].txt - [1600 octets] - [17/06/2013 23:29:13]
AdwCleaner[S1].txt - [4021 octets] - [16/06/2013 02:31:59]
AdwCleaner[S2].txt - [1531 octets] - [17/06/2013 23:29:48]
 
########## EOF - C:\AdwCleaner[S2].txt - [1591 octets] ##########


#11 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 18 June 2013 - 08:53 AM

Your logs seem fine to me. A quick question, do you have Tune Up utilities installed? Though your main problem remains unsolved.(We will look into that after doing the following) Anyways, to finish up with checking for virus I would like you to run Eset Online Scanner. Once done with that, posts its log over here. 
After running Eset, do the following:

  • Please double-click OTL.exe to run it.
  • Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, make sure that you set the following specifications:
  • Output = Standard Output
  • Processes = Use SafeList
  • Services = Use SafeList
  • Standard Registry = Use SafeList
  • Modules = No Company Name
  • Drivers = Use SafeList
  • Extra Registry = Use SafeList
  • Check the LOP Check and Purity Check boxes.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two Notepad windows:
OTL.txt
Extras.txt
These are saved in the same location as OTL.

 

OTL logs are going to be big, so upload them to some pasting site like http://justpaste.it/ and post the link here. 

Note: Upload both the OTL and Extra logs. (Do them differently though). 

 

Regards,

Abcd.

 


3dsig_zpsd150d538.png

 


#12 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 19 June 2013 - 07:40 AM

http://justpaste.it/shley



#13 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 20 June 2013 - 03:58 AM

I do have AVG Tune Up utilities installed. fyi. However, not that long ago I updated the version fro 2012 to the newer 2013. Personally, I liked the older version better. This version is more like a real-time entity instead of an on-demand type app.

I noticed there was an error listed for Win Update, "Failed extract of third-party root list from auto update cab. . . ."
Not sure what's going on there.

Thanks for your support and help!

 

 

'shley



#14 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 20 June 2013 - 03:14 PM

Copy and paste the following code in the custom scan and fixes section in OTL: 

:OTL
O4 - HKLM..\Run: []  File not found
@Alternate Data Stream - 242 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0574215C
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

:commands
[emptytemp]

Click on 'Run fix' option in OTL. 

 

I would like to ask you a question, which PDF readers/converters in total you have installed on your PC? 

 

Also, back to your original problem; I do not see any Speed bit folder in the OTL scan. Have you already deleted it? 


3dsig_zpsd150d538.png

 


#15 shley

shley
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 28 June 2013 - 04:46 PM

Hi Imabcd

Sorry I wasn't able to get back here right away - I had some things to take care of.

Yes, I have multiple .pdf readers. But they are really only two: Nuance's PDF Pro and also adobe Acrobat Pro 9. I also have AVS's suite which allows for conversions of files including .pdf's. I had once installed a program that created them but I think it was junk and deleted it. Hopefully it is not trying to revive itself from the abyss of bits of ones and zeros...

As for Speed Bits I believe you are correct. I do not see it anymore - this is great! I did not manually delete anything. It showed up on a report above: "Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit"

I ran the command you outlined above within OTL. It is here for you to see: 
http://justpaste.it/2yl2
<a href="http://justpaste.it/2yl2">http://justpaste.it/2yl2</a>

http://justpaste.it/2yl2

Thanks for your help.

 

~ SHLEY






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users