Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slows, previous wareout infection not cleared?


  • Please log in to reply
9 replies to this topic

#1 punkieys17

punkieys17

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 25 February 2014 - 03:05 PM

My desktop Pentium4 3.6Ghz with 3Gb ram on Win xp slows down. A major problem was a conflict between Microsoft Net software and ATI Catalyst control centre  -  which i have deleted and am just running with the ATI drivers. The software is up to date (win, explorer, adobe, quicktime all done recently), the disk cleaned and defragmented with plenty of space remaining. From some remnants in start-up and explorer I think I had wareout at some time. I've changed from AVG free to Avast and from Adawre to Spybot S&D. Avast/AVG found nothin, Adware found nothing but Spybot found a raft that helped immensely when cleaned. However if I run Spybot after no activity its finding between 60 & 80 changes - all low risk. I suspect there is still something untowards. Can anyone help me to check please.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 AM

Posted 25 February 2014 - 10:38 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets. Do NOT use spoilers.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 27 February 2014 - 06:23 PM

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 
 avast! Free Antivirus   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java™ 6 Update 23 
 Java 7 Update 51 
 Java™ 6 Update 7 
 Adobe Flash Player  12.0.0.70 
 Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````
 

 

Farbar Service Scanner Version: 25-02-2014
Ran by Julian (administrator) on 27-02-2014 at 19:31:23
Running from "C:\Documents and Settings\Julian\Local Settings\Temporary Internet Files\Content.IE5\G5LBHGOE"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(11) Gpc(6) IPSec(4) MDC8021X(8) NetBT(5) PSched(7) Tcpip(3)
0x0B000000040000000100000002000000030000000B0000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Julian (administrator) on 27-02-2014 at 19:33:05
Running from "C:\Documents and Settings\Julian\Local Settings\Temporary Internet Files\Content.IE5\9IO5F5JR"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
0.0.0.0       localhost

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com

========================= IP Configuration: ================================

U.S. Robotics 802.11g Wireless USB Adapter = Wireless Network Connection 2 (Connected)
1394 Net Adapter = 1394 Connection 5 (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : mainbed

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-11-2F-7C-2A-58

 

Ethernet adapter Wireless Network Connection 2:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : U.S. Robotics 802.11g Wireless USB Adapter

        Physical Address. . . . . . . . . : 00-0C-41-D8-69-CD

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.18

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

        Lease Obtained. . . . . . . . . . : 27 February 2014 19:22:52

        Lease Expires . . . . . . . . . . : 28 February 2014 19:22:52

Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  212.56.71.229, 212.56.71.208, 212.56.71.212, 212.56.71.240
   212.56.71.216, 212.56.71.249, 212.56.71.245, 212.56.71.238, 212.56.71.219
   212.56.71.251, 212.56.71.241, 212.56.71.223, 212.56.71.218, 212.56.71.227
   212.56.71.234, 212.56.71.230

 

Pinging google.com [212.56.71.241] with 32 bytes of data:

 

Reply from 212.56.71.241: bytes=32 time=18ms TTL=60

Reply from 212.56.71.241: bytes=32 time=19ms TTL=60

 

Ping statistics for 212.56.71.241:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 18ms, Maximum = 19ms, Average = 18ms

Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

 

Reply from 98.139.183.24: bytes=32 time=112ms TTL=45

Reply from 98.139.183.24: bytes=32 time=112ms TTL=45

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 112ms, Maximum = 112ms, Average = 112ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 2f 7c 2a 58 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x10004 ...00 0c 41 d8 69 cd ...... U.S. Robotics 802.11g Wireless USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.18   25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      169.254.0.0      255.255.0.0     192.168.0.18    192.168.0.18   20
      192.168.0.0    255.255.255.0     192.168.0.18    192.168.0.18   25
     192.168.0.18  255.255.255.255        127.0.0.1       127.0.0.1   25
    192.168.0.255  255.255.255.255     192.168.0.18    192.168.0.18   25
        224.0.0.0        240.0.0.0     192.168.0.18    192.168.0.18   25
  255.255.255.255  255.255.255.255     192.168.0.18               2   1
  255.255.255.255  255.255.255.255     192.168.0.18    192.168.0.18   1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/27/2014 07:14:05 PM) (Source: TabletServiceWacom) (User: )
Description: Prefs: Failed to get user path

Error: (02/22/2014 06:17:24 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/22/2014 06:17:24 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/18/2014 05:25:55 PM) (Source: ESENT) (User: )
Description: wuauclt (3004) The logfile sequence in "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

Error: (02/18/2014 05:25:55 PM) (Source: ESENT) (User: )
Description: wuauclt (3004) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1022.

Error: (02/18/2014 05:25:55 PM) (Source: ESENT) (User: )
Description: wuauclt (3004) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" failed with system error 183 (0x000000b7): "Cannot create a file when that file already exists. ".  The move file operation will fail with error -1022 (0xfffffc02).

Error: (02/18/2014 05:25:55 PM) (Source: ESENT) (User: )
Description: wuauclt (2756) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

Error: (02/18/2014 05:25:55 PM) (Source: ESENT) (User: )
Description: wuauclt (3004) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00D9B.log" failed with system error 2 (0x00000002): "The system cannot find the file specified. ".  The move file operation will fail with error -1811 (0xfffff8ed).

Error: (02/18/2014 05:25:55 PM) (Source: ESENT) (User: )
Description: wuauclt (1520) Database recovery/restore failed with unexpected error -1811.

Error: (02/18/2014 05:25:55 PM) (Source: ESENT) (User: )
Description: wuauclt (1520) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (02/27/2014 07:22:43 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/27/2014 07:22:43 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (02/27/2014 07:22:43 PM) (Source: Service Control Manager) (User: )
Description: The MSI_WLAN_Service service failed to start due to the following error:
%%1053

Error: (02/27/2014 07:22:43 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the MSI_WLAN_Service service to connect.

Error: (02/27/2014 07:14:08 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/27/2014 07:14:08 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (02/27/2014 07:14:08 PM) (Source: Service Control Manager) (User: )
Description: The MSI_WLAN_Service service failed to start due to the following error:
%%1053

Error: (02/27/2014 07:14:08 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the MSI_WLAN_Service service to connect.

Error: (02/25/2014 05:52:14 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/25/2014 05:52:14 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Microsoft Office Sessions:
=========================
Error: (02/27/2014 07:14:05 PM) (Source: TabletServiceWacom)(User: )
Description: Prefs: Failed to get user path

Error: (02/22/2014 06:17:24 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (02/22/2014 06:17:24 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (02/18/2014 05:25:55 PM) (Source: ESENT)(User: )
Description: wuauclt3004C:\WINDOWS\SoftwareDistribution\DataStore\Logs\

Error: (02/18/2014 05:25:55 PM) (Source: ESENT)(User: )
Description: wuauclt3004-1022

Error: (02/18/2014 05:25:55 PM) (Source: ESENT)(User: )
Description: wuauclt3004C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.logC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1022 (0xfffffc02)183 (0x000000b7)Cannot create a file when that file already exists.

Error: (02/18/2014 05:25:55 PM) (Source: ESENT)(User: )
Description: wuauclt2756C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (02/18/2014 05:25:55 PM) (Source: ESENT)(User: )
Description: wuauclt3004C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.logC:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00D9B.log-1811 (0xfffff8ed)2 (0x00000002)The system cannot find the file specified.

Error: (02/18/2014 05:25:55 PM) (Source: ESENT)(User: )
Description: wuauclt1520-1811

Error: (02/18/2014 05:25:55 PM) (Source: ESENT)(User: )
Description: wuauclt1520C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

=========================== Installed Programs ============================

Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 4.0.0.1390)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Media Player (Version: 1.8)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player (Version: 10.1.3.18)
Adobe SVG Viewer (Version: 1.0)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 2.5.2.2)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5113)
ATI Display Driver (Version: 8.252-060503a-032464C-ATI)
avast! Free Antivirus (Version: 9.0.2013)
AVerTV (Version: 5.0.0000)
Battlefield 2142
Bonjour (Version: 1.0.106)
Company of Heroes - FAKEMSI (Version: 2.0.0.0)
Company of Heroes (Version: 1.0.0.99)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cypress USB Mass Storage Driver Installation
Dawn Of War - Winter Assault (Version: 1.4)
DawnOfWar (Version: 1.00.00000)
Dogz (remove only)
EA Download Manager (Version: 4.0.0.396)
EA Download Manager (Version: 5.0.0.288)
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Web-To-Page
Equestriad 2001 (Version: 1.0.0)
ESC45 Reference Guide
ESC45 Software Guide
FS Carrier Ops for FS2004
GameSpy Arcade
GameSpy Software
Google Earth (Version: 4.3.7284.3916)
Google SketchUp 6 (Version: 6.0.01313)
Google SketchUp 6 (Version: 6.4.112)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
IEEE802.11a/b/g Wireless LAN Software (Version: 2.1.2.11)
InterVideo FilterSDK
iPod for Windows 2005-10-12 (Version: 4.3.0)
iPod for Windows 2006-01-10 (Version: 4.7.0)
iTunes (Version: 8.2.1.6)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ 6 Update 7 (Version: 1.6.0.70)
KeyMaestro Input Device Driver V2.0.AF-131AU MUL
Logitech Legacy USB Camera Driver Package
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Flight Simulator 2004 A Century of Flight (Version: 9.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Rise Of Nations
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MP3 Player Utilities 3.13 (Version: 3.13)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
My Horse and Me Demo (Version: 1.00.0000)
My Pony Stables 1.04
Napster (Version: 2.5.1.8)
Nero Media Player
Nero OEM
NeroVision Express 2
On2 VP3 Video for Windows Codec
Packard Bell Magic Movie
Packard Bell Magic Picture
Pawly Pets: My Animal Hospital (Version: Pawly Pets: My Animal Hospital)
PDF Settings CS5 (Version: 10.0)
Pensoft
PhotoFiltre Studio
Picasa 2 (Version: 2.0)
PIF DESIGNER2.1
Pippa Funnell (Version: 1.00.000)
Pippa Funnell 2 - Take The Reins
Pippa Funnell 3
PowerDVD
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.74.80.86)
Railroad Tycoon 3 (Version: 1.0)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.10)
Realtek High Definition Audio Driver
Riding Star (Version: 1.0.0)
Rise Of Legends (Version: 1.00.0000)
Rise of Nations Thrones and Patriots
Roll
RollerCoaster Tycoon 3 (Version: 1.00.000)
Roxio Burn Engine (Version: 2.5.0000)
ScanToWeb
Sid Meier's SimGolf
SimCity 4 Deluxe
Smart Link 56K Voice Modem
SpielMaschine 1.0 (Version: 1.0)
SPORE™ (Version: 1.00.0000)
Spotify (Version: 0.3.14)
Spybot - Search & Destroy (Version: 2.2.25)
Star Wars Galaxies: The Total Experience (Version: 1.00.000)
Steinberg Cubase SE 3
Syncrosoft's License Control
The Battle for Middle-earth ™ II
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 3 (Version: 1.11.7)
Total Annihilation
U.S. Robotics 802.11g USB Adapter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Storage Adapter FX (SM1)
User Profile Hive Cleanup Service (Version: 1.6.36)
Vietnam Carrier Ops for FS2004
Virtual Railroad 3.0 (Version: 1.00 English)
Wacom Tablet (Version: 6.1.6-7)
WarBirds III
WebFldrs XP (Version: 9.50.6513)
WebTablet IE Plugin (Version: 1.1.0.7)
WebTablet Netscape Plugin (Version: 1.1.0.5)
Wild Life! (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows XP Service Pack 3 (Version: 20080414.031525)
WingMan Software (Version: 4.20)
Wings of Power
WWII Carrier Ops

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 3071.29 MB
Available physical RAM: 2412.88 MB
Total Pagefile: 4450.07 MB
Available Pagefile: 3924.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.15 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:108.92 GB) NTFS
3 Drive d: () (Fixed) (Total:232.88 GB) (Free:232.49 GB) NTFS

========================= Users: ========================================

User accounts for \\MAINBED

Administrator            Alex                     ASPNET                  
Christopher              Guest                    HelpAssistant           
Jacqueline               Julian                   Sophie                  
SUPPORT_388945a0        

**** End of log ****

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Julian :: MAINBED [administrator]

27/02/2014 19:36:26
mbam-log-2014-02-27 (19-36-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 427954
Time elapsed: 43 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Julian\Local Settings\Temp\CT3324066 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: MAINBED [administrator]

27/02/2014 21:56:43
mbar-log-2014-02-27 (21-56-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 394551
Time elapsed: 59 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/27/2014 11:07:19 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost
  0.0.0.0       localhost
  127.0.0.1 activate.adobe.com
  127.0.0.1 practivate.adobe.com
  127.0.0.1 ereg.adobe.com
  127.0.0.1 activate.wip3.adobe.com
  127.0.0.1 wip3.adobe.com
  127.0.0.1 3dns-3.adobe.com
  127.0.0.1 3dns-2.adobe.com
  127.0.0.1 adobe-dns.adobe.com
  127.0.0.1 adobe-dns-2.adobe.com
  127.0.0.1 adobe-dns-3.adobe.com
  127.0.0.1 ereg.wip3.adobe.com
  127.0.0.1 activate-sea.adobe.com
  127.0.0.1 wwis-dubc1-vip60.adobe.com
  127.0.0.1 activate-sjc0.adobe.com

Program finished at: 02/27/2014 11:08:57 PM
Execution time: 0 hours(s), 1 minute(s), and 38 seconds(s)



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 AM

Posted 27 February 2014 - 08:00 PM

Please don't post in a such small font because my old eyes can't take it anymore.

Thanks :)

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 01 March 2014 - 03:28 AM

Temp file cleaner found huge raft in the kids logins - totaling over 1.2GB....

After adware ran PC shut down then refused to start wireless, or respond to task manager. Waited long time with no disc activity and then hard reset. PC restarted properly.

# AdwCleaner v3.020 - Report created 28/02/2014 at 19:37:13
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Julian - MAINBED
# Running from : C:\Documents and Settings\Julian\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\WINDOWS\Uninstall.exe
Folder Found C:\Program Files\AVG SafeGuard toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\and
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKLM\Software\TENCENT
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [4015 octets] - [28/02/2014 19:37:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4075 octets] ##########

 

Before running JRT tool is I was unable to stop Spybot S&D - coudln't work out how - not in settings.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Julian on 28/02/2014 at 20:00:13.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/02/2014 at 20:07:02.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ran ESET and it reported nothing and did not produce a TXT file



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 AM

Posted 01 March 2014 - 01:00 PM

How is computer doing?

 

p22002970.gif Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

 

p22002970.gif We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 01 March 2014 - 03:44 PM

Computer much better. didn't like the adobe update though, froze on the US robotics wifi process. After forcing shutdown all is fine. It seems clear. If we are then many thanks for your help. One final question - which programs should i keep - I was running Avast and Spybot. Should I delete those downloaded during the clean-up?



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 AM

Posted 01 March 2014 - 07:01 PM

See below...

 

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly ((you need to redownload these tools since they were removed by DelFix))

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 02 March 2014 - 09:06 AM

Many thanks  - compuetr running great.



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:54 AM

Posted 02 March 2014 - 12:56 PM

You're very welcome p22002759.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users