Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP. and something 24/7help Malwarebytes found BUT....


  • Please log in to reply
12 replies to this topic

#1 maeflye63

maeflye63

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 08 August 2014 - 02:50 PM

Yes it is me again.... :bounce:  I am helping a older lady (kinda 2nd Mom) with her OLD computer which is running XP. I ran malwarebytes and it found 121 things PUP was at the begining of most of the file names, I quantined them all and a whole bunch red boxes popped up and wouldn't go away until I restarted so I don't think they all went away.  

 

So what should I start with to get rid of this?



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 08 August 2014 - 04:46 PM

Hi maeflye63 and :welcome: again!

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Please download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

 

Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop and paste the content here.

 

Thank you!


Edited by Alex&Vanko, 08 August 2014 - 04:48 PM.


#3 maeflye63

maeflye63
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 10 August 2014 - 11:41 AM

I will do it as soon as I get to her house again. I only go there a couple times a week for a few hours. So I will let you know, hopefully I will be going there on Tues. Thank you very much.



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 10 August 2014 - 11:57 AM

Ok no problems!



#5 maeflye63

maeflye63
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 14 August 2014 - 02:09 PM

 Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Me (administrator) on 14-08-2014 at 14:58:41
Running from "C:\Documents and Settings\Me\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/21/2014 04:03:56 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 - Update 'Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (04/21/2014 04:03:56 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (04/21/2014 04:03:43 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 - Update 'Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (04/21/2014 04:03:43 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (04/21/2014 04:03:36 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 - Update 'Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (04/21/2014 04:03:36 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (04/21/2014 04:03:29 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 - Update 'Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (04/21/2014 04:03:29 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (04/21/2014 04:00:29 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 - Update 'Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition ' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (04/21/2014 04:00:29 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2007 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
 
System errors:
=============
Error: (08/13/2014 00:00:35 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/12/2014 09:31:32 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/08/2014 03:27:59 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/08/2014 03:27:30 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (08/05/2014 00:32:15 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (08/04/2014 05:24:40 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.5.0216.0
 
Error: (08/04/2014 05:24:39 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.5.0216.0
 
Error: (08/04/2014 05:23:41 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.5.0216.0
 
Error: (08/04/2014 05:23:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.5.0216.0
 
Error: (08/04/2014 05:13:40 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.5.0216.0
 
 
Microsoft Office Sessions:
=========================
 
 
=========================== Installed Programs ============================
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (HKLM\...\Bejeweled 3) (Version:  - PopCap Games)
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Mahjongg XP Championship 2006 Platinum Edition (HKLM\...\Mahjongg Platinum) (Version: 1.00.05.08.16 - Selectsoft Publishing)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6602 - Realtek Semiconductor Corp.)
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Shockwave 7.0.3 Player (HKLM\...\Shockwave 7.0.3 Player) (Version:  - )
Ultimate Mahjongg 5 (HKLM\...\Ultimate Mahjongg 5) (Version: 5.0 - ValuSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 26%
Total physical RAM: 3574.42 MB
Available physical RAM: 2631.07 MB
Total Pagefile: 5456.67 MB
Available Pagefile: 4625.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.55 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:372.6 GB) (Free:356.9 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ME-QQ04GJMVP2YY
 
Administrator            Guest                    HelpAssistant            
Me                       SUPPORT_388945a0         
 
 
**** End of log ****
 
 
 
 

Farbar Service Scanner Version: 21-07-2014
Ran by Me (administrator) on 14-08-2014 at 15:02:23
Running from "C:\Documents and Settings\Me\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/14/2014
Scan Time: 2:17:21 PM
Logfile: malwarescanlog8-14-14.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.14.09
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Me
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 261499
Time Elapsed: 9 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 20 August 2014 - 12:45 PM

Hi maeflye63 and sorry for tha late reply!

I mean the log of Malwarebytes where the detection was.

Download and install this - Windows installer 4.5

For Windows XP Service Pack 2 and Windows XP Service Pack 3 (32-bit platforms):
x86 Platform: WindowsXP-KB942288-v3-x86.exe

Uninstall McAfee Security Scan Plus

Thank you!



#7 maeflye63

maeflye63
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 28 August 2014 - 01:35 PM

Finally got over her to do this again. Okay, I did those things. Now should I run another scan?



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 28 August 2014 - 01:52 PM

Is this Macromedia shockwave player - Shockwave 7.0.3 Player?No manufacturer.

whole bunch red boxes popped up and wouldn't go away until I restarted

 

Where do they appear?

 

Thank you!



#9 maeflye63

maeflye63
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 31 August 2014 - 10:37 PM

Right on the desktop and it is when I did malwarebytes. Don't know about the shockwave or ?



#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 01 September 2014 - 07:27 AM

Hi mayflye63!

I mean the log where detection of 121 things PUP`s was.

How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs.It is sorted by date and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop and paste here.

 

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

 

after that:

Download Delfix HERE to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

 

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish
The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

Note: Do not forget to re-enable your antivirus application after running the above scan!

 

Also do a full scan with Avast.

 

Thank you!
 



#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 01 September 2014 - 07:42 AM

Forgot to say.Were there any notofications from Avast?

I think Macromedia owned this Shockwave 7.0.3 Player before,now is Adobe.

http://get.adobe.com/shockwave/



#12 maeflye63

maeflye63
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 03 September 2014 - 02:10 PM

Only had time to do one file.  Will do more next week.
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/11/2014
Scan Time: 8:48:34 AM
Logfile: maleware8-11-14.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.11.02
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Me
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259589
Time Elapsed: 8 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 03 September 2014 - 02:20 PM

Ok.

Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users