Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp infected with malware


  • Please log in to reply
17 replies to this topic

#1 superqaz

superqaz

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 28 July 2014 - 07:09 PM

hi

 

would appreciate some assistance from anyone with the time. my xp is still infected with ad related malware after at least 6 scans with reputable software

 

is slowing FF down and causing unwanted ads

 

thanks mark


Edited by superqaz, 28 July 2014 - 07:14 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 28 July 2014 - 07:34 PM

Hello, I don't know what you ran but please do these.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 28 July 2014 - 07:45 PM

will get on it in morning

 

thanks



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 28 July 2014 - 07:57 PM

Ok, I'll Look back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 28 July 2014 - 08:00 PM

fMiniToolBox by Farbar  Version: 21-07-2014
Ran by m (administrator) on 29-07-2014 at 01:59:05
Running from "C:\Documents and Settings\m\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : m-aacf7807e0104

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : default



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : default

        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-0D-87-DC-8C-7A

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : 29 July 2014 01:54:04

        Lease Expires . . . . . . . . . . : 31 July 2014 01:54:04

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  173.194.41.97, 173.194.41.98, 173.194.41.102, 173.194.41.100
      173.194.41.96, 173.194.41.110, 173.194.41.105, 173.194.41.104, 173.194.41.103
      173.194.41.101, 173.194.41.99



Pinging google.com [173.194.41.99] with 32 bytes of data:



Reply from 173.194.41.99: bytes=32 time=15ms TTL=56

Reply from 173.194.41.99: bytes=32 time=14ms TTL=56



Ping statistics for 173.194.41.99:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 14ms, Maximum = 15ms, Average = 14ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=176ms TTL=45

Reply from 206.190.36.45: bytes=32 time=179ms TTL=45



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 176ms, Maximum = 179ms, Average = 177ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 87 dc 8c 7a ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2      20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2      20
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2      20
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS.0\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS.0\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS.0\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS.0\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS.0\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/28/2014 06:07:43 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/27/2014 05:07:17 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 30.0.0.5269, faulting module mozalloc.dll, version 30.0.0.5269, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (07/25/2014 09:34:47 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5634, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/24/2014 05:00:12 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5634, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/16/2014 05:14:57 PM) (Source: Application Hang) (User: )
Description: Hanging application FSViewer.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/16/2014 05:04:30 PM) (Source: Application Hang) (User: )
Description: Hanging application FSViewer.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/29/2014 01:58:07 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86

Error: (07/29/2014 01:57:01 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (07/29/2014 01:57:00 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/29/2014 01:56:03 AM) (Source: Service Control Manager) (User: )
Description: The AOMEI Backupper Scheduler Service service failed to start due to the following error:
%%1053

Error: (07/29/2014 01:56:00 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the AOMEI Backupper Scheduler Service service to connect.

Error: (07/29/2014 01:55:57 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Supporter service to connect.

Error: (07/28/2014 11:57:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86

Error: (07/28/2014 11:57:15 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (07/28/2014 11:57:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (07/28/2014 09:00:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86


Microsoft Office Sessions:
=========================
Error: (07/28/2014 06:07:43 PM) (Source: Application Error)(User: )
Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b

Error: (07/27/2014 05:07:17 PM) (Source: Application Error)(User: )
Description: plugin-container.exe30.0.0.5269mozalloc.dll30.0.0.52690000141b

Error: (07/25/2014 09:34:47 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5634hungapp0.0.0.000000000

Error: (07/24/2014 05:00:12 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5634hungapp0.0.0.000000000

Error: (07/16/2014 05:14:57 PM) (Source: Application Hang)(User: )
Description: FSViewer.exe0.0.0.0hungapp0.0.0.000000000

Error: (07/16/2014 05:04:30 PM) (Source: Application Hang)(User: )
Description: FSViewer.exe0.0.0.0hungapp0.0.0.000000000



=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 (HKLM\...\{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}) (Version: 3.6.1 - Adobe)
AM-DeadLink 4.6 (HKLM\...\aignesamdeadlink_is1) (Version: 4.6 - www.aignes.com)
Anti-Twin (Installation 05/01/2014) (HKLM\...\Anti-Twin 2014-01-05 17.11.15) (Version:  - Joerg Rosenthal, Germany)
AOMEI Backupper (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.14.15.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM\...\EOS Utility 2) (Version: 2.14.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 0.9.52.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.14.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Do It Again (HKLM\...\{85BF0E64-6ABB-4EA1-A026-A3DEA6554A60}) (Version: 1.6.0 - spacetornado software)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Easy2Convert RAW to TIFF 1.4.1 (HKLM\...\{5A7C92FB-7061-480C-818E-8B2F38E51FE6}_is1) (Version: 1.4.1 - Easy2Convert Software)
EMCO MoveOnBoot 2.3 (HKLM\...\{F7F59C2E-35A6-47EF-A41F-487BCE6A5A56}) (Version: 2.3.3.3507 - EMCO Software)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
EOSInfo (HKLM\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
Evernote v. 5.1 (HKLM\...\{9DF852CA-6831-11E3-AD73-00163E98E7D6}) (Version: 5.1.0.2217 - Evernote Corp.)
Everything 1.2.1.371 (HKLM\...\Everything) (Version:  - )
FastStone Image Viewer 4.9 (HKLM\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
Flickr Uploadr 3.2.1 (HKLM\...\Flickr Uploadr) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Getleft v1.2 (HKLM\...\Getleft_is1) (Version:  - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.56.5183 - Gretech Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
JLC's Internet TV (HKLM\...\JLC's Internet TV) (Version:  - )
Kana Clip 1.1 (HKLM\...\Kana Clip_is1) (Version: 1.1 - Kana Solution)
Kana Launcher 3.0 (HKLM\...\Kana Launcher_is1) (Version: 2.0 - Kana Solution)
Kana Reminder 1.5 (HKLM\...\Kana Reminder_is1) (Version: 1.5 - Kana Solution)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
MakeitOne - MP3AlbumMaker (HKLM\...\{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}) (Version: 1.0.0 - MakeitOne)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Converter Pack (HKLM\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.2.0 (x86 en-GB)) (Version: 24.2.0 - Mozilla)
Multi Reminders 3.12 (HKLM\...\Multi Reminders) (Version: 3.12 - Kevin Solway)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
NetVisualize Favorites Organizer 1.5.0 (HKLM\...\NetVisualizeFavoritesOrganizer_is1) (Version:  - Lucid Step Software)
NotesHolder 2.3 (HKLM\...\NotesHolder_is1) (Version: 2.3 - A!K Research Labs)
PhraseExpress v10.0.132 (HKLM\...\PhraseExpress_is1) (Version: 10.0.132 - Bartels Media GmbH)
ProStockMaster (HKLM\...\ProStockMaster) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SaveClicker (HKLM\...\{1E092842-7999-DA0B-FC97-9FCE3FB05A56}) (Version: 1.1.0.1195 - SaveClicker)
Search Protection (HKCU\...\Search Protection) (Version: 9.5.0.3 - Spigot, Inc.)
Shrink Pic (remove) (HKLM\...\Shrink Pic) (Version:  - )
Solway's Desktop Icon Layout Saver 1.01 (HKLM\...\Solway's Desktop Icon Layout Saver) (Version: 1.01 - Kevin Solway)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1016 - SUPERAntiSpyware.com)
Supporter 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}) (Version:  - SaveClicker)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WordWeb (HKLM\...\WordWeb) (Version: 7 - WordWeb Software)
XnView 2.13 (HKLM\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1919.48 MB
Available physical RAM: 1089.5 MB
Total Pagefile: 3815.8 MB
Available Pagefile: 3018 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.88 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:114.48 GB) (Free:43.03 GB) NTFS
3 Drive d: (New Volume) (Fixed) (Total:111.79 GB) (Free:13.85 GB) NTFS

========================= Users: ========================================

User accounts for \\M-AACF7807E0104

Administrator            ASPNET                   Guest                    
HelpAssistant            m                        SUPPORT_388945a0         

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

30-06-2014 12:29:53 System Checkpoint
01-07-2014 12:28:30 Installed Adobe Photoshop Lightroom 3.5.
02-07-2014 13:04:11 System Checkpoint
03-07-2014 14:30:19 System Checkpoint
04-07-2014 18:23:32 System Checkpoint
05-07-2014 18:27:34 System Checkpoint
06-07-2014 19:07:29 System Checkpoint
07-07-2014 19:32:17 System Checkpoint
08-07-2014 20:06:33 System Checkpoint
09-07-2014 20:59:35 System Checkpoint
11-07-2014 09:37:48 System Checkpoint
12-07-2014 10:08:52 System Checkpoint
13-07-2014 11:13:26 System Checkpoint
14-07-2014 11:25:01 System Checkpoint
15-07-2014 11:45:34 System Checkpoint
16-07-2014 13:40:28 System Checkpoint
17-07-2014 13:54:43 System Checkpoint
18-07-2014 14:50:06 System Checkpoint
19-07-2014 15:50:04 System Checkpoint
20-07-2014 16:09:01 System Checkpoint
21-07-2014 10:49:16 Installed Adobe Photoshop Lightroom 3.2.
21-07-2014 11:01:20 Installed Adobe Photoshop Lightroom 3.6.
22-07-2014 11:09:17 System Checkpoint
23-07-2014 11:50:28 System Checkpoint
24-07-2014 12:12:37 System Checkpoint
25-07-2014 12:28:08 System Checkpoint
26-07-2014 12:49:24 System Checkpoint
26-07-2014 15:36:40 avast! antivirus system restore point
26-07-2014 18:12:44 TrueCrypt uninstallation
27-07-2014 07:36:22 Installed SpyHunter
27-07-2014 11:14:49 Removed SpyHunter
27-07-2014 17:47:03 Installed Java 7 Update 65
28-07-2014 19:27:10 System Checkpoint

**** End of log ****
 



#6 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 July 2014 - 04:50 AM

re tdsskiller report: nothing was found but mouse left click is disabled so cant copy it



#7 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 July 2014 - 05:01 AM

# AdwCleaner v3.301 - Report created 29/07/2014 at 10:54:27
# Updated 28/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : m - M-AACF7807E0104
# Running from : C:\Documents and Settings\m\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 40030ae4
Service Found : tStLibG

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\m\daemonprocess.txt
File Found : C:\WINDOWS.0\system32\drivers\tStLibG.sys
Folder Found : C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SaveClicker
Folder Found : C:\Documents and Settings\m\Application Data\GetPrivate
Folder Found : C:\Documents and Settings\m\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\m\Local Settings\Application Data\torch
Folder Found : C:\Program Files\GetPrivate
Folder Found : C:\Program Files\SaveClicker
Folder Found : C:\Program Files\supporter

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Found : C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.istart123.com/?type=sc&ts=1406477270&from=irs&uid=MaxtorX6Y120L0_Y3M93E2E )
Shortcut Found : C:\Documents and Settings\m\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.istart123.com/?type=sc&ts=1406477270&from=irs&uid=MaxtorX6Y120L0_Y3M93E2E )
Shortcut Found : C:\Documents and Settings\m\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.istart123.com/?type=sc&ts=1406477270&from=irs&uid=MaxtorX6Y120L0_Y3M93E2E )

***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\Software\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1E092842-7999-DA0B-FC97-9FCE3FB05A56}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E092842-7999-DA0B-FC97-9FCE3FB05A56}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}
Key Found : HKLM\Software\SupDp
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.calcitapp.info/
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istart123.com/web/?type=ds&ts=1406477270&from=irs&uid=MaxtorX6Y120L0_Y3M93E2E&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.calcitapp.info/

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\m\Application Data\mozilla\Firefox\Profiles\3u4ui2ts.default-1397326148031\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://websearch.calcitapp.info/");

[ File : C:\Documents and Settings\m\Application Data\mozilla\Firefox\Profiles\y55uamxj.default-1406569126625\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3628 octets] - [29/07/2014 10:54:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3688 octets] ##########
 



#8 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 July 2014 - 06:15 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by m on 29/07/2014 at 11:04:29.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-583907252-1547161642-1177238915-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6BC4825-32BF-11F6-63EB-62FBD648E448}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B6BC4825-32BF-11F6-63EB-62FBD648E448}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6BC4825-32BF-11F6-63EB-62FBD648E448}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\m\Local Settings\Application Data\torch"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\m\Application Data\mozilla\firefox\profiles\y55uamxj.default-1406569126625\extensions\firefox1@myibay.com.xpi
Successfully deleted: [Folder] C:\Documents and Settings\m\Application Data\mozilla\firefox\profiles\3u4ui2ts.default-1397326148031\extensions\staged
Successfully deleted the following from C:\Documents and Settings\m\Application Data\mozilla\firefox\profiles\3u4ui2ts.default-1397326148031\prefs.js

user_pref("browser.startup.homepage", "hxxp://websearch.calcitapp.info/");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/07/2014 at 12:12:00.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 July 2014 - 06:18 AM

here are the reports, eset scanner was acually running when i got ur first respone to this problem so i have not runit again ....yet. should i run it again now?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 29 July 2014 - 10:22 AM

Did ESE remove anything?

Lets remove what ADW found

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 July 2014 - 11:26 AM

i will run adwcleaner again now. eset remofgve a couple [here]

 

Emsisoft Anti-Malware - Version 9.0
Last update: 29/07/2014 13:10:27
User account: M-AACF7807E0104\m

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    29/07/2014 14:44:22
Value: HKEY_USERS\S-1-5-21-583907252-1547161642-1177238915-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-583907252-1547161642-1177238915-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
C:\System Volume Information\_restore{1EB9BB49-AA42-43C7-94F4-10C00A082427}\RP212\A0048156.exe     detected: Gen:Variant.Adware.Graftor.146103 (B)

Scanned    181190
Found    3

Scan end:    29/07/2014 16:42:39
Scan time:    1:58:17

C:\System Volume Information\_restore{1EB9BB49-AA42-43C7-94F4-10C00A082427}\RP212\A0048156.exe    Quarantined Gen:Variant.Adware.Graftor.146103 (B)
Value: HKEY_USERS\S-1-5-21-583907252-1547161642-1177238915-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-583907252-1547161642-1177238915-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    3
 



#12 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 July 2014 - 11:58 AM

 AdwCleaner v3.301 - Report created 29/07/2014 at 17:45:43
# Updated 28/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : m - M-AACF7807E0104
# Running from : C:\Documents and Settings\m\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 40030ae4
[#] Service Deleted : tStLibG

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SaveClicker
Folder Deleted : C:\Program Files\GetPrivate
Folder Deleted : C:\Program Files\supporter
Folder Deleted : C:\Program Files\SaveClicker
Folder Deleted : C:\Documents and Settings\m\Local Settings\Application Data\Chromatic Browser
Folder Deleted : C:\Documents and Settings\m\Application Data\GetPrivate
File Deleted : C:\WINDOWS.0\system32\drivers\tStLibG.sys
File Deleted : C:\Documents and Settings\m\daemonprocess.txt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\m\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Documents and Settings\m\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E092842-7999-DA0B-FC97-9FCE3FB05A56}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1E092842-7999-DA0B-FC97-9FCE3FB05A56}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\m\Application Data\mozilla\Firefox\Profiles\3u4ui2ts.default-1397326148031\prefs.js ]


[ File : C:\Documents and Settings\m\Application Data\mozilla\Firefox\Profiles\y55uamxj.default-1406569126625\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [3319 octets] - [29/07/2014 17:31:08]
AdwCleaner[R1].txt - [3379 octets] - [29/07/2014 17:36:18]
AdwCleaner[S0].txt - [2999 octets] - [29/07/2014 17:45:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3059 octets] ##########
 



#13 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 30 July 2014 - 11:49 AM

hope ur still around. [its vacation time so u really should be fishing by a lake, right :)] thats all u asked for, can u see anything remaining.

 

thanks mark



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:36 PM

Posted 30 July 2014 - 12:29 PM

Hi had to take my Dad to Hosp... Back now for a bit..
Cleaning was good.. how is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 superqaz

superqaz
  • Topic Starter

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 30 July 2014 - 12:52 PM

seems ok, will report tomorrow

 

[hope ur dads ok]

ta


Edited by superqaz, 30 July 2014 - 12:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users