Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad/malware keeps returning even after deletion


  • This topic is locked This topic is locked
22 replies to this topic

#1 JohnMenthol

JohnMenthol

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 17 December 2013 - 04:48 AM

Super AntiSpyware has been detecting hundreds of suspicious files as of the last week. I had been showing dozens but I did one update around a week ago and now it's detecting hundreds of files, in one case 313. I have them removed but there back within a couple days. It is so bad my letters do not appear immediately when typing and sometimes there's a delay of a couple seconds significantly slowing my typing down.


Edited by hamluis, 17 December 2013 - 10:22 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 17 December 2013 - 05:26 AM

Do you use something other than SAS? What you are interpreting as threats are cookies which are not threats. And they will keep returning each time you are on the internet. I suggest you download and run Malware Bytes to see if you are really infected. MB does not detect cookies. I use SAS and I have disabled cookie detection in the settings. I don't need it as I have another way to clean cookies. Disable cookie detection in SAS and then run it. It will probably detect nothing.


Edited by hamluis, 17 December 2013 - 10:22 AM.


#3 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 17 December 2013 - 05:30 AM

What could you suggest as a viable problem why in the last couple months I have developed the delay in my keyboard?



#4 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 17 December 2013 - 05:32 AM

Is there any need to run MBAM scanning for files over 4 MB? because I noticed there was an option for that.



#5 Roodo

Roodo

  • Members
  • 760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 PM

Posted 17 December 2013 - 05:03 PM

check your system processes anything high? What AV do you have? Run this:

https://security.symantec.com/nbrt/npe.aspx



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 18 December 2013 - 09:10 PM

Hello.. are the items found by SAS, cookies or Trojans etc...?

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 21 December 2013 - 02:06 PM

minitool box

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by User (administrator) on 19-12-2013 at 05:13:08
Running from "C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : system-53dadea5

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : Public TylerVault



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-15-C5-BC-DC-58



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . : Public TylerVault

        Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

        Physical Address. . . . . . . . . : 00-16-CF-A5-C0-87

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.70.116

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.70.1

        DHCP Server . . . . . . . . . . . : 192.168.70.1

        DNS Servers . . . . . . . . . . . : 8.8.8.8

                                            208.180.42.68

        Lease Obtained. . . . . . . . . . : Thursday, December 19, 2013 4:54:15 AM

        Lease Expires . . . . . . . . . . : Friday, December 20, 2013 4:54:15 AM

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  173.194.46.8, 173.194.46.9, 173.194.46.4, 173.194.46.6
      173.194.46.1, 173.194.46.3, 173.194.46.14, 173.194.46.7, 173.194.46.0
      173.194.46.5, 173.194.46.2



Pinging google.com [74.125.227.165] with 32 bytes of data:



Reply from 74.125.227.165: bytes=32 time=3ms TTL=57

Reply from 74.125.227.165: bytes=32 time=7ms TTL=57



Ping statistics for 74.125.227.165:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 3ms, Maximum = 7ms, Average = 5ms

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=186ms TTL=50

Reply from 98.139.183.24: bytes=32 time=67ms TTL=50



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 67ms, Maximum = 186ms, Average = 126ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 bc dc 58 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 16 cf a5 c0 87 ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.70.1  192.168.70.116      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0   192.168.70.116  192.168.70.116      20
     192.168.70.0    255.255.255.0   192.168.70.116  192.168.70.116      25
   192.168.70.116  255.255.255.255        127.0.0.1       127.0.0.1      25
   192.168.70.255  255.255.255.255   192.168.70.116  192.168.70.116      25
        224.0.0.0        240.0.0.0   192.168.70.116  192.168.70.116      25
  255.255.255.255  255.255.255.255   192.168.70.116               2      1
  255.255.255.255  255.255.255.255   192.168.70.116  192.168.70.116      1
Default Gateway:      192.168.70.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/18/2013 03:12:23 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (12/17/2013 11:36:30 PM) (Source: Application Error) (User: )
Description: Faulting application webkit2webprocess.exe, version 7534.57.2.4, faulting module webkit.dll, version 7534.57.2.4, fault address 0x0004b36f.
Processing media-specific event for [webkit2webprocess.exe!ws!]

Error: (12/17/2013 03:03:35 AM) (Source: Application Hang) (User: )
Description: Hanging application winamp.exe, version 5.6.6.3512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/16/2013 01:31:03 AM) (Source: Application Hang) (User: )
Description: Hanging application Safari.exe, version 5.34.57.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/16/2013 01:27:37 AM) (Source: Application Hang) (User: )
Description: Hanging application Safari.exe, version 5.34.57.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/16/2013 01:27:34 AM) (Source: Application Hang) (User: )
Description: Hanging application Safari.exe, version 5.34.57.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/12/2013 11:42:01 PM) (Source: Application Error) (User: )
Description: Faulting application paltalk.exe, version 11.1120.6051.0, faulting module paltalk.exe, version 11.1120.6051.0, fault address 0x00250a1d.
Processing media-specific event for [paltalk.exe!ws!]

Error: (12/12/2013 11:38:07 PM) (Source: Application Error) (User: )
Description: Faulting application paltalk.exe, version 11.1120.6051.0, faulting module paltalk.exe, version 11.1120.6051.0, fault address 0x00250a1d.
Processing media-specific event for [paltalk.exe!ws!]

Error: (12/12/2013 11:35:32 PM) (Source: Application Error) (User: )
Description: Faulting application paltalk.exe, version 11.1120.6051.0, faulting module paltalk.exe, version 11.1120.6051.0, fault address 0x00250a1d.
Processing media-specific event for [paltalk.exe!ws!]

Error: (12/12/2013 09:37:30 PM) (Source: Application Hang) (User: )
Description: Hanging application paltalk.exe, version 11.1120.6051.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (12/19/2013 05:09:58 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Error: (12/19/2013 05:05:30 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Error: (12/19/2013 05:03:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.

Error: (12/19/2013 05:01:48 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Error: (12/19/2013 04:57:43 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Error: (12/19/2013 04:52:42 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Error: (12/19/2013 04:49:13 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0016CFA5C087.  The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (12/19/2013 04:46:02 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.

Error: (12/19/2013 04:43:31 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0016CFA5C087.  The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (12/19/2013 04:40:37 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.


Microsoft Office Sessions:
=========================
Error: (12/18/2013 03:12:23 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (12/17/2013 11:36:30 PM) (Source: Application Error)(User: )
Description: webkit2webprocess.exe7534.57.2.4webkit.dll7534.57.2.40004b36f

Error: (12/17/2013 03:03:35 AM) (Source: Application Hang)(User: )
Description: winamp.exe5.6.6.3512hungapp0.0.0.000000000

Error: (12/16/2013 01:31:03 AM) (Source: Application Hang)(User: )
Description: Safari.exe5.34.57.2hungapp0.0.0.000000000

Error: (12/16/2013 01:27:37 AM) (Source: Application Hang)(User: )
Description: Safari.exe5.34.57.2hungapp0.0.0.000000000

Error: (12/16/2013 01:27:34 AM) (Source: Application Hang)(User: )
Description: Safari.exe5.34.57.2hungapp0.0.0.000000000

Error: (12/12/2013 11:42:01 PM) (Source: Application Error)(User: )
Description: paltalk.exe11.1120.6051.0paltalk.exe11.1120.6051.000250a1d

Error: (12/12/2013 11:38:07 PM) (Source: Application Error)(User: )
Description: paltalk.exe11.1120.6051.0paltalk.exe11.1120.6051.000250a1d

Error: (12/12/2013 11:35:32 PM) (Source: Application Error)(User: )
Description: paltalk.exe11.1120.6051.0paltalk.exe11.1120.6051.000250a1d

Error: (12/12/2013 09:37:30 PM) (Source: Application Hang)(User: )
Description: paltalk.exe11.1120.6051.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
AMD Catalyst Install Manager (Version: 3.0.851.0)
AMD Processor Driver (Version: 1.3.2.)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.009.0225.1545)
ATI Display Driver (Version: 8.31-061011a-053721C-Dell)
Audacity 2.0.5 (Version: 2.0.5)
AVG 2012 (Version: 12.0.2126)
AVG 2012 (Version: 12.0.2127)
AVG 2012 (Version: 12.0.2411)
Best Youtube Downloader (Version: 1.0.39)
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
BufferChm (Version: 90.0.146.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0225.1546.28221)
Catalyst Control Center Graphics Full Existing (Version: 2009.0225.1546.28221)
Catalyst Control Center Graphics Full New (Version: 2009.0225.1546.28221)
Catalyst Control Center Graphics Light (Version: 2009.0225.1546.28221)
Catalyst Control Center Graphics Previews Common (Version: 2009.0225.1546.28221)
Catalyst Control Center HydraVision Full (Version: 2009.0225.1546.28221)
CCC Help English (Version: 2009.0225.1545.28221)
ccc-core-preinstall (Version: 2009.0225.1546.28221)
ccc-core-static (Version: 2009.0225.1546.28221)
ccc-utility (Version: 2009.0225.1546.28221)
CCleaner (Version: 4.08)
Conexant HDA D110 MDC V.92 Modem
CustomerResearchQFolder (Version: 1.00.0000)
Defraggler (Version: 2.16)
Dell Wireless WLAN Card (Version: 4.100.15.8)
DeviceDiscovery (Version: 90.0.146.000)
DeviceManagementQFolder (Version: 1.00.0000)
Discovering French, Nouveau! Take-Home Tutor Rouge
dj_sf_software (Version: 90.0.200.000)
dj_sf_software_req (Version: 90.0.200.000)
eSupportQFolder (Version: 1.00.0000)
EZ MPEG TO AVI Converter 3.00
Flv Player 1.0
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
Free MP4 To AVI Converter (Version: 1.0.0)
Free YouTube Downloader 3.5.178
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Deskjet Printer Driver Software 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.002)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 29 (Version: 6.0.290)
K-Lite Mega Codec Pack 9.7.0 (Version: 9.7.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 90.0.146.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paltalk Messenger  11.1 (Version: 11.1.0)
PanoStandAlone (Version: 90.0.146.000)
Power Tab Editor 1.7 (Version: 1.7.0)
Prism Video File Converter
PSSWCORE (Version: 2.01.0000)
QuickTime (Version: 7.74.80.86)
RICOH Media Driver (Version: 2.14.00.05)
Safari (Version: 5.34.57.2)
SigmaTel Audio (Version: 5.10.5210.0)
Skins (Version: 2009.0225.1546.28221)
SolutionCenter (Version: 90.0.146.000)
Sothink FLV Player (Version: 2.3)
SpyHunter (Version: 4.11.10.4138)
Status (Version: 90.0.146.000)
SUPERAntiSpyware (Version: 5.6.1042)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VideoToolkit01 (Version: 90.0.146.000)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 90.0.146.000)
Winamp (Version: 5.666 )
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (Version: 11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinX Free MP4 to MPEG Converter 4.1.11
Xiph QuickTime Components

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 1917.97 MB
Available physical RAM: 1196.9 MB
Total Pagefile: 3811.48 MB
Available Pagefile: 3059.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.97 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:32.26 GB) NTFS
2 Drive d: (PIP_090_000_238_) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\SYSTEM-53DADEA5

Administrator            Guest                    HelpAssistant            
SUPPORT_388945a0         User                     


**** End of log ****
 



#8 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 21 December 2013 - 02:07 PM

# AdwCleaner v3.015 - Report created 19/12/2013 at 05:16:21
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - SYSTEM-53DADEA5
# Running from : C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater11.1.0

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\NCH Software
File Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\mysearchdial-speeddial.crx
File Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\searchplugins\spamfreesearch.xml
File Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\user.js
File Deleted : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\02e950fc.default-1382787099890\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1829368823");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "793C29F8BF80D3ABB57B91EF0F8CF43D");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "0016CFA5C08799B8");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16029");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.04:36:19");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.04:36:19");
Line Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyB[...]

[ File : C:\Documents and Settings\User.SYSTEM-53DADEA5\Application Data\Mozilla\Firefox\Profiles\qlo0scma.default\prefs.js ]

Line Deleted : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=f81699b80000000000000016cfa5c087");
Line Deleted : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=f81699b80000000000000016cfa5c087&q=");
Line Deleted : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Line Deleted : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Line Deleted : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=f81699b80000000000000016cfa5c087&q=");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtCyC0C0F0AyD0CtDzzyBzyzy0BzztN0D0Tzu0CyCzzzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\User.SYSTEM-53DADEA5\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18354 octets] - [28/11/2013 15:58:01]
AdwCleaner[R1].txt - [19013 octets] - [19/12/2013 05:15:05]
AdwCleaner[S0].txt - [19135 octets] - [19/12/2013 05:16:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19196 octets] ##########
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 21 December 2013 - 09:27 PM

Hi we still have steps to do after ESET.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 22 December 2013 - 08:46 AM

okay. sorry it's taking me a while. i've been having trouble connecting a few days now but hope to have the rest up this morning. Please be patient with me and I'll get there.



#11 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 23 December 2013 - 06:29 AM

eset

 

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qn0m1k89.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul    Win32/DealPly.J application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\61\69928a3d-302e1044    a variant of Java/TrojanDownloader.Agent.NDJ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\background.html    Win32/DealPly.J application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\dlm1F.tmp\Pazera_Free_FLV_to_AVI_Converter.exe    Win32/InstallMonetizer.AF application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\is1438683437\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\is1438683437\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\3HNEW11V\ww2_forexlibrary_net[2].htm    JS/Agent.NJV trojan    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cbsidlm-cbsi134-Weird_Metronome-SEO-10073673.exe    a variant of Win32/CNETInstaller.B application    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\cbsidlm-cbsi145-Free_MP4_to_AVI_Converter-SEO-75925890.exe    a variant of Win32/CNETInstaller.B application    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\BestVideoDownloader.exe    a variant of Win32/KBM.A application    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\cbsidlm-cbsi145-Free_MP4_to_WMV_Converter-SEO-75898999.exe    a variant of Win32/CNETInstaller.B application    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\ccsetup408.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\dfsetup216.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\flvplayer.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\pal_install_r83190.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\User.SYSTEM-53DADEA5\My Documents\Downloads\pal_install_r86012.exe.part    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\FRST\Quarantine\Level Quality Watcher\v1.01\levelqualitywatcher64.exe    a variant of Win64/Adware.Adpeak.B application    cleaned by deleting - quarantined
C:\FRST\Quarantine\ScorpionSaver\CustomActionInstall    a variant of Win32/AdWare.Adpeak.B application    cleaned by deleting - quarantined
C:\FRST\Quarantine\ScorpionSaver\CustomActionUninstall    a variant of Win32/AdWare.Adpeak.B application    cleaned by deleting - quarantined
 



#12 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 23 December 2013 - 06:31 AM

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by User on Thu 12/19/2013 at  5:25:29.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46326615-F6B8-47AE-8401-566C9C42E8FA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5B934EB-95EE-4668-8C0D-B438ED75F9B9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\free youtube downloader"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/19/2013 at  5:43:38.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 23 December 2013 - 11:34 AM

This looks a lot better..

In control Panel Uninstall these
AVG 2012 (Version: 12.0.2126)
AVG 2012 (Version: 12.0.2127)
AVG 2012 (Version: 12.0.2411)

Java™ 6 Update 29 (Version: 6.0.290)

reboot


Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.
:santa:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 JohnMenthol

JohnMenthol
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 23 December 2013 - 03:30 PM

The AVG is going to be a problem. It started.out over a year ago really causing problems. It would not let me manually delete it. I tried deleting it in safe mode but either way I went before it would finish uninstalling it would shut my computer power off. I tried deleting it file by file and I got all of it except maybe just a couple files. It no longer even shows up in the add or remove programs. What can I do to delete what's remaining?



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:01 PM

Posted 23 December 2013 - 06:47 PM

Hello, use Opswat's free AppRemover utility.

There is a video on the page to see how to use it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users