Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I know I am Infected :P


  • Please log in to reply
13 replies to this topic

#1 jero59

jero59

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 13 January 2014 - 06:25 PM

I found out today that my virus protection was disabled or whatever ... does not matter after the fact ~ I have discovered that there is malware and probably a virus on my pc ~ In the Registry I have found HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CurrentVerision\Run and then the RFC1156Agent with the Parameters and a "trojan" attached to it - My question would be - how do I go about deleting the TrapPollTimeMilliSecs? 

 

If I just delete this will it ruin my pc ~ I have run the updates from Microsoft but have delayed restarting my pc. 

 

I discovered your forums and am so thankful that you folk are here.

 

BTW - I did download what I thought was a new program for Virus Protection but it was NOT and that is how I found the registry key(s) and the infected files -

 

Thanks again~!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 13 January 2014 - 07:10 PM

Welcome jero
 
We should be able to clean this and some things by running these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 14 January 2014 - 01:37 PM

I am not sure what is happening - I have tried to download each one that you have stated and I can not find them on my pc ~ I am totally lost as to what to do - I used to be able to figure this out but this has me stymied.  How do I download to my desktop or to a directory on my pc and then copy to the desktop ~ something? is not allowing this



#4 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 14 January 2014 - 05:36 PM

Okay - finally figured out what to do after reading and searching ~ who would have thought I was a geek at one time - here are your reports and I THANK YOU ...

 

# AdwCleaner v3.017 - Report created 14/01/2014 at 14:26:04
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Owner - YOUR-AE066C3A9B
# Running from : C:\Documents and Settings\HP_Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

 

 

for some reason I could not copy and paste the TDSSKiller file and I can not find it on my C: drive

 



***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\fduzq3oc.default\Conduit
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\fduzq3oc.default\invalidprefs.js
File Deleted : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\fduzq3oc.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\fduzq3oc.default\prefs.js ]

Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2438727.CTID", "CT2438727");
Line Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.CurrentServerDate", "10-2-2011");
Line Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2438727.FirstServerDate", "11-2-2010");
Line Deleted : user_pref("CT2438727.FirstTime", true);
Line Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Line Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2438727.Initialize", true);
Line Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2438727.InstalledDate", "Thu Feb 11 2010 11:37:52 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2438727.InvalidateCache", false);
Line Deleted : user_pref("CT2438727.IsGrouping", false);
Line Deleted : user_pref("CT2438727.IsMulticommunity", false);
Line Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Wed Feb 09 2011 01:55:34 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2438727.LastLogin_2.5.6.0", "Mon Feb 22 2010 08:01:15 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2438727.LastLogin_2.5.7.3", "Thu Apr 29 2010 06:44:33 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_2.5.8.6", "Thu Feb 10 2011 01:55:25 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2438727.LatestVersion", "2.7.1.3");
Line Deleted : user_pref("CT2438727.Locale", "en");
Line Deleted : user_pref("CT2438727.LoginCache", 4);
Line Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2438727.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2438727.SearchBoxWidth", 872);
Line Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
Line Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Wed Feb 09 2011 07:55:29 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Thu Feb 10 2011 01:55:17 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2438727.SettingsLastUpdate", "1297181872");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Mon Feb 07 2011 22:21:04 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974");
Line Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2438727.UserID", "UN95468499362987373");
Line Deleted : user_pref("CT2438727.ValidationData_Search", 2);
Line Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2438727.alertChannelId", "832836");
Line Deleted : user_pref("CT2438727.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2438727.myStuffEnabled", true);
Line Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Feb 09 2011 07:55:29 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Feb 09 2011 07:55:28 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{dab72087-67ff-44a0-b551-016b2974dede}");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 23072627);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxps://isearch.avg.com/search?cid=%7B85d16341-9d7b-47e8-afb4-f9ae0f0cae2e%7D&mid=0967ddc6cd7c47d089d4d15869065919-6f7a870190b73a759e6f68636799241ebf846[...]
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=53B0A121-0F21-4FB2-853F-7B2F8DD46050&n=77fc1b7b&p2=^YK^xdm014^S03852^ca&si=CNyR8MS_2bQCFeGDQ[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.lastGuardTime", 464050048);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.installDate", "2013010811");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerId", "^YK^xdm014^S03852^ca");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerSubId", "CNyR8MS_2bQCFeGDQgodSzwAHw");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.toolbarId", "53B0A121-0F21-4FB2-853F-7B2F8DD46050");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.lastActivePing", "1357673492307");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.weather.location", "V5K+V");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=CA&userid=a85dc75b-d523-880d-22ca-17294849bea5&searchtype=ds&installDate=13/11/2013&q=");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3muy4lbn.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17794 octets] - [14/01/2014 14:24:18]
AdwCleaner[S0].txt - [17148 octets] - [14/01/2014 14:26:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17209 octets] ##########

 

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by HP_Owner (administrator) on 14-01-2014 at 14:12:37
Running from "C:\Documents and Settings\HP_Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp_port", 3
"network.proxy.http_port", 3
"network.proxy.share_proxy_settings", true
"network.proxy.socks_port", 3
"network.proxy.ssl_port", 3
"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

VIA Rhine II Fast Ethernet Adapter = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : your-ae066c3a9b

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : Yes

        DNS Suffix Search List. . . . . . : gv.shawcable.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : gv.shawcable.net

        Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

        Physical Address. . . . . . . . . : 00-11-2F-E2-B0-EA

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.103

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

        Lease Obtained. . . . . . . . . . : January 14, 2014 1:48:31 PM

        Lease Expires . . . . . . . . . . : January 21, 2014 1:48:31 PM

1.0.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial  = 1
    refresh = 600 (10 mins)
    retry   = 1200 (20 mins)
    expire  = 604800 (7 days)
    default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com.gv.shawcable.net
Address:  208.69.32.145



Pinging google.com [173.194.43.64] with 32 bytes of data:



Reply from 173.194.43.64: bytes=32 time=75ms TTL=52

Reply from 173.194.43.64: bytes=32 time=74ms TTL=52



Ping statistics for 173.194.43.64:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 74ms, Maximum = 75ms, Average = 74ms

Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com.gv.shawcable.net
Address:  208.69.32.145



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=107ms TTL=49

Reply from 98.138.253.109: bytes=32 time=90ms TTL=49



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 90ms, Maximum = 107ms, Average = 98ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 11 2f e2 b0 ea ...... VIA Rhine II Fast Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.103      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.103   192.168.0.103      20
    192.168.0.103  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.0.255  255.255.255.255    192.168.0.103   192.168.0.103      20
        224.0.0.0        240.0.0.0    192.168.0.103   192.168.0.103      20
  255.255.255.255  255.255.255.255    192.168.0.103   192.168.0.103      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/14/2014 10:52:13 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module QuickTime.cpl, version 7.73.80.64, fault address 0x0000aa4a.
Processing media-specific event for [rundll32.exe!ws!]

Error: (01/14/2014 09:17:17 AM) (Source: Application Hang) (User: )
Description: Hanging application EasyShare.exe, version 5.3.25.50, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/13/2014 01:21:34 PM) (Source: MsiInstaller) (User: YOUR-AE066C3A9B)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (01/13/2014 01:20:16 PM) (Source: MsiInstaller) (User: YOUR-AE066C3A9B)
Description: Product: Compatibility Pack for the 2007 Office system -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (01/13/2014 01:20:03 PM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2863239, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (01/13/2014 10:26:03 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01929c61.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/31/2013 10:17:20 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.8.24, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2013 10:17:20 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.8.24, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/10/2013 08:57:08 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.8.24, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/05/2013 00:06:54 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 25.0.1.5064, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/14/2014 10:36:59 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:59 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:59 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:58 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:58 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:58 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:58 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:58 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:58 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (01/14/2014 10:36:58 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (01/14/2014 10:52:13 AM) (Source: Application Error)(User: )
Description: rundll32.exe5.1.2600.5512QuickTime.cpl7.73.80.640000aa4a

Error: (01/14/2014 09:17:17 AM) (Source: Application Hang)(User: )
Description: EasyShare.exe5.3.25.50hungapp0.0.0.000000000

Error: (01/13/2014 01:21:34 PM) (Source: MsiInstaller)(User: YOUR-AE066C3A9B)
Description: Product: Microsoft Office Standard Edition 2003 -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (01/13/2014 01:20:16 PM) (Source: MsiInstaller)(User: YOUR-AE066C3A9B)
Description: Product: Compatibility Pack for the 2007 Office system -- Error 1704. An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (01/13/2014 01:20:03 PM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb286323910331601msif9.0.40215.0installx86xp0

Error: (01/13/2014 10:26:03 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.001929c61

Error: (12/31/2013 10:17:20 AM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.8.24hungapp0.0.0.000000000

Error: (12/31/2013 10:17:20 AM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.8.24hungapp0.0.0.000000000

Error: (12/10/2013 08:57:08 AM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.8.24hungapp0.0.0.000000000

Error: (12/05/2013 00:06:54 PM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064hungapp0.0.0.000000000


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
Agere Systems PCI Soft Modem
AudibleManager
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
BufferChm (Version: 43.1.5.000)
CameraDrivers (Version: 3.1.0)
CardRd81 (Version: 4.00.0000.0004)
CCScore (Version: 6.02.0001.0002)
Color Efex Pro 3.0 Corel Sampler (Version: 3.1.0.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 43.1.5.000)
Corel MediaOne (Version: 2.100.0000)
Corel Paint Shop Pro Photo X2 (Version: 12.50.0000)
Corel Painter Photo Essentials 4 (Version: 4.0)
CR2 (Version: 4.00.0000.0003)
Creative Mass Storage Drivers
Creative MediaSource (Version: 2.00)
Creative MuVo NX-TX (Version: 1.0)
Creative System Information
Creative Zen Nano Plus (Version: 1.0)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
DMUninstaller
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.213.000)
ESSBrwr (Version: 6.02.0001.0001)
ESSCDBK (Version: 6.02.0001.0001)
ESScore (Version: 6.02.0001.0004)
ESSgui (Version: 6.02.0001.0003)
ESSini (Version: 6.02.0001.0001)
ESSPCD (Version: 6.02.001.0001)
ESSPDock (Version: 6.02.0001.0002)
ESSSONIC (Version: 6.2.0001.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 5.03.0000.0001)
FinePix Studio
FinePixViewer Resource (Version: 1.2)
FinePixViewer Ver.5.5 (Version: 5.5)
GearDrivers
Google Talk Plugin (Version: 4.9.1.16010)
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
HP Deskjet Preloaded Printer Drivers (Version: 8.3.3.0)
HP Diagnostic Assistant (Version: 1.0.1.0)
HP Image Zone 4.2 (Version: 4.2)
HP Image Zone Plus 4.2 (Version: 4.2)
HP Organize
HP Photo & Imaging 3.5 - HP Devices (Version: 3.0)
HP Software Update (Version: 2.0.39.20040212)
HP Unload DLL Patch (Version: 1.00.0000)
hpg2436 (Version: 3.5.0.0)
hpg3970 (Version: 3.5.0.0)
hpg4600 (Version: 3.5.0.0)
hpg5530 (Version: 3.5.0.0)
hpg8200 (Version: 3.5.0.0)
HPIZ402 (Version: 4.2.2.0)
HpSdpAppCoreApp (Version: 3.00.0000)
HPSystemDiagnostics (Version: 1.5.0.0)
ImageSkill Background Remover 3 (Version: 3.0)
InstantShare (Version: 4.0.0.40)
IntelliMover Data Transfer Demo
InterVideo WinDVD Player (Version: 5.0-B11.422)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 11.0.2.26)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 2 Runtime Environment, SE v1.4.2_06 (Version: 1.4.2_06)
Java™ 6 Update 11 (Version: 6.0.110)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Junk Mail filter update (Version: 14.0.8117.416)
kgcbase (Version: 5.03.0000.0004)
Kodak EasyShare software
KSU (Version: 632.62.0004.0001)
Lexmark S300-S400 Series
Lyra Jukebox Applications (Version: 1.0.503)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Dancer LE (Version: 1.1.0.3463)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3500)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Works 6-9 Converter (Version: 14.0.6120.5002)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft Works 7.0 (Version: 07.02.0808)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSN
MSN Search Toolbar (Version: 02.05.0000.1082)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 3.5 magicMoments - HPD (Version: 3.50.150)
netbrdg (Version: 6.02.0001.0001)
Nikon Message Center 2 (Version: 2.0.1)
Nikon Movie Editor (Version: 2.2.4)
Notifier (Version: 6.02.0001.0001)
OfotoXMI (Version: 6.02.0001.0001)
PhotoGallery (Version: 43.1.5.000)
PHOTORECOVERY LE (Version: 1.0.0)
Photosmart 320,370,7400,8100,8400 Series (Version: 2.0)
Picasa 3 (Version: 3.9)
Picture Control Utility (Version: 1.4.1)
Picture Perfect
PrintScreen (Version: 43.1.5.000)
PS2
PSPrinters06 (Version: 1.00.0000)
Python 2.2 combined Win32 extensions
Python 2.2.1 (Version: 2.2.1)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Safari (Version: 5.34.57.2)
Scan (Version: 4.1.0.0)
Segoe UI (Version: 14.0.4327.805)
SFR (Version: 6.02.0001.0001)
SHASTA (Version: 6.02.0001.0001)
SKIN0001 (Version: 6.02.0001.0001)
SkinsHP1 (Version: 43.1.5.000)
SkinsHP2 (Version: 5.35.0.043)
SKINXSDK (Version: 6.02.0001.0001)
Skype Click to Call (Version: 6.11.13307)
Skype™ 6.1 (Version: 6.1.130)
Sonic RecordNow! (Version: 7.22)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 5.03.0000.0001)
swMSM (Version: 12.0.0.1)
tooltips (Version: 6.02.0001.0001)
TrayApp (Version: 43.1.5.000)
Unload (Version: 4.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
ViewNX 2 (Version: 2.2.5)
VPRINTOL (Version: 6.02.0001.0001)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Windows Defender Signatures (Version: 1.20.1459.12)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 6.02.0001.0001)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 447.48 MB
Available physical RAM: 251.82 MB
Total Pagefile: 1406.93 MB
Available Pagefile: 1177.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.09 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:180.5 GB) (Free:86.05 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:5.79 GB) (Free:0.75 GB) FAT32

========================= Users: ========================================

User accounts for \\

ASPNET                   Guest                    HelpAssistant            
HP_Owner                 Jero                     SUPPORT_388945a0         
SUPPORT_fddfa904         


**** End of log ****


 



#5 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 14 January 2014 - 05:52 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by HP_Owner on 14/01/2014 at 14:38:11.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\regwork"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\sparktrust"
Successfully deleted: [Folder] "C:\Documents and Settings\HP_Owner\Application Data\sparktrust"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"



~~~ FireFox

Emptied folder: C:\Documents and Settings\HP_Owner\Application Data\mozilla\firefox\profiles\fduzq3oc.default\minidumps [7 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/01/2014 at 14:44:06.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 14 January 2014 - 09:11 PM

Good jero, we have malware that was fighting back against removal

In Control Panel uninstall these and reboot

Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 2 Runtime Environment, SE v1.4.2_06 (Version: 1.4.2_06)
Java™ 6 Update 11 (Version: 6.0.110)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)



Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Now try TdssKiller again.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 14 January 2014 - 09:26 PM

I just finished doing the eset scan and this is what was reported ~

C:\Documents and Settings\HP_Owner\Local Settings\Temp\DM\parent.txt    a variant of Win32/DomaIQ.AK application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Local Settings\Temp\DM\setup.exe    a variant of MSIL/DomaIQ.H application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Local Settings\Temp\DM\software\Cloud_Backup_Setup.exe    Win32/MyPCBackup.A application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Local Settings\Temp\DM\software\SaltarSmart_tg.exe    Win32/BrowseFox.C application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\Local Settings\Temp\{538C65FF-8BDB-47A0-A160-84B6096E0153}\setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\My Documents\Brothersoft_downloader_For_PicturePerfect.exe    a variant of Win32/BSDownloader application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\My Documents\ccsetup326.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\My Documents\Java7.exe    a variant of Win32/DomaIQ.AK application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\My Documents\MailNotifierCASetup.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\My Documents\ManyCam.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\My Documents\ManyCam_v.2.4.69.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\HP_Owner\My Documents\RegistryQuick_setup.exe    a variant of Win32/Adware.RegistryQuick application    cleaned by deleting - quarantined
C:\Program Files\Uninstaller\Uninstall.exe    a variant of MSIL/DomaIQ.A application    cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-4126973408-279577956-110893553-1009\Dc153.exe    Win32/Systweak.B application    cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-4126973408-279577956-110893553-1009\Dc163.exe    a variant of Win32/InstallBrain.AP application    cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-4126973408-279577956-110893553-1009\Dc165.exe    multiple threats    cleaned by deleting - quarantined
 

Would you still like me to delete the java files as mentioned above or has this fixed the problem - Thank you so much for helping me - I did run the "Killer" program and there were no threats found - however, I could not copy and paste the file and somehow I can not find it on my hard drive ~ I will re-run this if you would like me to. 

 

I looked over your forums and changed the "Administrator" name to Jero because of the problem I was having with passwords - ie: change passwords2 and went in that way -  Should that be changed back or left as it is now? 

 

Thank you so much for helping me - I do appreciate this - and all the time you are taking.  I also assume that you are the only one reading the text document/reports from my pc - I find that I am very private and don't like all this information (text etc.) in open forum - the questions are GREAT - The ANSWERS explicit and  detailed - I am new so am not sure .... Thanks!



#8 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 14 January 2014 - 09:56 PM

I can not get the Kaspersky Report to copy and paste - I have the icon on my desktop to rerun if required - please let me know how to copy and paste this report - OR - how to save to my C: directory -

 

Thanks  - jen



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 14 January 2014 - 10:08 PM

Does the last few lines say and list infections or say Zero infections?

You need to delete those old javas, they can be exploited. Reboot after. We can install the latest Java.


There really is not any truly personally identifiable info there anyway..
The router IP given provides this info
http://192.168.0.103.ipaddress.com/#ipinfo


Edit,, you're most welcome jen

Edited by boopme, 14 January 2014 - 10:09 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 15 January 2014 - 02:18 AM

It says zero infections -



#11 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 15 January 2014 - 02:37 AM

I did delete all the old javas - and rebooted - (it has been a long day) ~ sorry I did not say that earlier - If you tell me how to copy and paste that report I am more than willing to do that - Thanks again for all your help and patience.  It really is appreciated.  I will await your instructions for downloading the latest java ... :)



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 15 January 2014 - 03:23 PM

jen go here

http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

Install this one (4th from bottom)

Windows x86 Offline 27.79 MB........................... jre-7u51-windows-i586.exe

Edited by boopme, 15 January 2014 - 03:24 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 jero59

jero59
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 15 January 2014 - 06:23 PM

Thank you so much for all your help - I am installing the McAfee Security that comes with the Java ... and hopefully this works - It appears that I will no longer be able to use the XP after April - I will be reading all your forums etc. before then and see what is what. 

 

Huge thanks for your great service - The service you have provided is incredible!



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 15 January 2014 - 10:13 PM

Your welcome.. You will able to use it but they will no longer issue security patches or software updates. So yes you will need o eventually get a newer OS. Sad as I always liked XP.

If you want a good free AV in the meantime use

Avira Antivir

Avast Free


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users