Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First hacked...then PUP...don't know what I'm doing


  • Please log in to reply
8 replies to this topic

#1 Dixie29

Dixie29

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 September 2015 - 02:12 PM

Think computer illiterate...multiply by 5 and add 10 and you get me ! :hysterical:

 

My emails were hacked two days ago....and the pc was really slow so I ran Malwarebytes and it found PUP files. It wasn't great before the mail was hacked and I don't know what, or what to do with the PUP files. In fact I don't know where to start :(

 

Perhaps someone could help me and I could learn "how to" for myself next time. 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:35 PM

Posted 04 September 2015 - 02:21 PM

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by boopme, 04 September 2015 - 02:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dixie29

Dixie29
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 September 2015 - 06:14 PM

 
Hi,
 
I had trouble saving eset text doc -  so I hope it's in a readable format and there isn't a JTR.text document saved on the computer.
 
I'm so sorry...I'm probably doing something so basic wrong...I did follow your instructions... :blush:  :oopsign:
I'm grateful for the help...logs as follows...
 
I'll wait for any instructions
 
 
MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by User (administrator) on 04-09-2015 at 21:05:09
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dell DM051 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
TAP-Win32 Adapter V9 = Local Area Connection 2 (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : user-4700f4b9ea
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : lan
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : lan
 
        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
 
        Physical Address. . . . . . . . . : 00-12-3F-CE-6B-15
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.65
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        IP Address. . . . . . . . . . . . : ?
 
        Default Gateway . . . . . . . . . : 192.168.1.254
 
        DHCP Server . . . . . . . . . . . : 192.168.1.254
 
        DNS Servers . . . . . . . . . . . : 192.168.1.254
 
                                            ?
 
                                            ?
 
                                            ?
 
        Lease Obtained. . . . . . . . . . : 04 September 2015 14:55:07
 
        Lease Expires . . . . . . . . . . : 05 September 2015 14:55:07
 
 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
 
        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : ?
 
        Default Gateway . . . . . . . . . : 
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
Server:  dsldevice.lan
Address:  192.168.1.254
 
Name:    google.com
Addresses:  212.56.71.45, 212.56.71.30, 212.56.71.59, 212.56.71.39
 212.56.71.49, 212.56.71.34, 212.56.71.54, 212.56.71.29, 212.56.71.24
 212.56.71.20, 212.56.71.55, 212.56.71.25, 212.56.71.35, 212.56.71.50
 212.56.71.44, 212.56.71.40
 
 
 
Pinging google.com [212.56.71.25] with 32 bytes of data:
 
 
 
Reply from 212.56.71.25: bytes=32 time=19ms TTL=60
 
Reply from 212.56.71.25: bytes=32 time=11ms TTL=60
 
 
 
Ping statistics for 212.56.71.25:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 11ms, Maximum = 19ms, Average = 15ms
 
Server:  dsldevice.lan
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=164ms TTL=48
 
Reply from 206.190.36.45: bytes=32 time=157ms TTL=48
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 157ms, Maximum = 164ms, Average = 160ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f ce 6b 15 ...... Intel® PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.65  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0     192.168.1.65    192.168.1.65  20
     192.168.1.65  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255     192.168.1.65    192.168.1.65  20
        224.0.0.0        240.0.0.0     192.168.1.65    192.168.1.65  20
  255.255.255.255  255.255.255.255     192.168.1.65    192.168.1.65  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/12/2015 02:55:21 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
Error: (08/12/2015 02:02:42 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
Error: (08/12/2015 12:31:02 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
Error: (07/26/2015 07:52:51 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
Error: (07/26/2015 07:48:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Cannot install the component C:\Documents and Settings\User\Desktop\SWPRV.DLL into the COM+ application 'MS Software Shadow Copy Provider' [0x80110401].
 
Error: (07/26/2015 07:41:51 AM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODEL.MOF while recovering repository file.
 
Error: (07/26/2015 07:41:51 AM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF while recovering repository file.
 
Error: (07/26/2015 07:41:51 AM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF while recovering repository file.
 
Error: (07/26/2015 07:41:51 AM) (Source: WinMgmt) (User: )
Description: Failed to load MOF C:\6418403709157462D34C4E7DFD\I386\LICWMI.MOF while recovering repository file.
 
Error: (07/26/2015 07:23:11 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed
 
 
System errors:
=============
Error: (08/12/2015 02:55:22 AM) (Source: Service Control Manager) (User: )
Description: The Software Updater Service service failed to start due to the following error: 
%%3
 
Error: (08/12/2015 02:55:22 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
Error: (08/12/2015 02:55:22 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
 
Error: (08/12/2015 02:55:22 AM) (Source: 0) (User: )
Description: 
 
Error: (08/12/2015 02:04:05 AM) (Source: Service Control Manager) (User: )
Description: The IPv6 Helper Service service hung on starting.
 
Error: (08/12/2015 02:02:45 AM) (Source: 0) (User: )
Description: 
 
Error: (08/12/2015 02:02:43 AM) (Source: Service Control Manager) (User: )
Description: The Software Updater Service service failed to start due to the following error: 
%%3
 
Error: (08/12/2015 02:02:43 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
Error: (08/12/2015 02:02:43 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
 
Error: (08/12/2015 02:02:10 AM) (Source: Service Control Manager) (User: )
Description: The AdvancedSystemCareAntivirus service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/02/2013 09:46:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (HKLM\...\{B20A5104-24DD-4435-B965-ED84BE258F59}) (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 8 (HKLM\...\Advanced SystemCare Ultimate_is1) (Version: 8.1.0 - IObit)
Business Plan Pro UK Edition (HKLM\...\{17A36798-500B-4DAB-A20C-2FDD7177B4A0}) (Version: 12.01.0018 - Palo Alto Software, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Driver Booster 2.2 (HKLM\...\Driver Booster_is1) (Version: 2.2 - IObit)
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Emoticons (HKLM\...\PC Gizmos 137133) (Version: 83 - PC Gizmos LTD)
Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.4 - IObit)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.13 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
HMA! Pro VPN 2.7.1.7 (HKLM\...\HMA! Pro VPN) (Version: 2.7.1.7 - )
HP Color LaserJet CP2020 Series 2.0 (HKLM\...\{A5F39441-3414-4db2-9A71-0BA8AB3CB16A}) (Version: 2.0 - HP)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Support Solutions Framework (HKLM\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppFonts (HKLM\...\{995F2783-8311-49BF-833E-DB659774B4F6}) (Version: 001.001.00061 - Hewlett-Packard) Hidden
hppQFolderCP2020 (HKLM\...\{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppusgCP2020 (HKLM\...\{2D130C13-D6F7-4AAA-866D-17B825456D2D}) (Version: 000.000.00011 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
iFreeUp Beta 3.0 (HKLM\...\iFreeUp Beta_is1) (Version: 1.0.3 - IObit)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.2 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.1.65.20 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (HKLM\...\{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
QFolder (HKLM\...\{8777AC6D-89F9-4793-8266-DE406F343E89}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Quick PDF Converter v4.1 (HKLM\...\Quick PDF Converter v4.1) (Version: 4.1.0.0 - QuickPDFtoWord)
RegCure Pro (HKLM\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.1.7.0 - ParetoLogic, Inc.)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
Smart Defrag 4 (HKLM\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TuneUp Utilities 2014 (en-GB) (HKLM\...\{504F08E9-C70E-4B70-917E-382141CAC326}) (Version: 14.0.1000.90 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}) (Version: 14.0.1000.90 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{CCB9B81A-167F-4832-B305-D2A0430840B3}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 67%
Total physical RAM: 1526.07 MB
Available physical RAM: 496.16 MB
Total Virtual: 3422.57 MB
Available Virtual: 2036.71 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:149.04 GB) (Free:110.07 GB) NTFS
2 Drive d: (HP_CP2020) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\USER-4700F4B9EA
 
Administrator            Guest                    HelpAssistant            
SUPPORT_388945a0         User                     
 
 
**** End of log ****
 
 
# AdwCleaner v5.005 - Logfile created 04/09/2015 at 21:19:34
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : User - USER-4700F4B9EA
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
 
***** [ Files ] *****
 
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gkcefkcdkepgkpbgncjchhbjgoanleod
File Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{534C64AF-347A-4D26-AA5A-DE7355DA2F9A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {534C64AF-347A-4D26-AA5A-DE7355DA2F9A}
Key Found : HKU\S-1-5-21-1060284298-412668190-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{534C64AF-347A-4D26-AA5A-DE7355DA2F9A}
Data Found : HKU\S-1-5-21-1060284298-412668190-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {534C64AF-347A-4D26-AA5A-DE7355DA2F9A}
 
***** [ Web browsers ] *****
 
[C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : kbfnbcaeplbcioakkpcpgfkobkghlhen
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2552 bytes] ##########
 
 
 
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe.vir a variant of Win32/SpeedUpMyPC.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir multiple threats deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\IObit\ASCDownloader\Driver Booster.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\asc-setup-v5.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\ccsetup319.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\iLividSetupV1.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\pcmechanicpm.exe a variant of Win32/UniBlue.F potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\34047-673542-youtube-downloader.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\57D2.tmp a variant of Win32/UniBlue.F potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\asc-setup(3).exe Win32/Toolbar.Conduit.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\asc-setup-pro(2).exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\asc-setup-pro.exe Win32/Toolbar.Conduit.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Candy Crush Saga Hack v1.25 (1).zip a variant of MSIL/FakeTool.GJ trojan deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Candy Crush Saga Hack v1.25.zip a variant of MSIL/FakeTool.GJ trojan deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\cbbleepingregistrybooster.exe a variant of Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\cbsidlm-tr1_13-Blumind-ORG-75532636.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\cbsidlm-tr1_13-Edraw_Mind_Map-ORG-197599.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup406 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup500pro (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Firefox_Setup_17.0.exe a variant of Win32/InstallCore.AY potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\flashplayer (1).exe a variant of Win32/InstallCore.OL potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\flashplayer.exe a variant of Win32/InstallCore.PK potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\FreeYouTubeDownloaderInstallerIC.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\gimp.exe a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ICE-1.4.4-for___32-bit-Windows.msi.exe a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\installer_youtube-downloader_English.exe a variant of Win32/InstallCore.BY potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\InstantSpywareRemoval_Setup.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\InstantSpywareRemover(2).exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\InstantSpywareRemover.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\nero7PremiumReloaded.exe Win32/Toolbar.AskSBar potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\registrybooster(2).exe a variant of Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\registryboosterplb.exe a variant of Win32/RegistryBooster potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\setupscreenhunterfree.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\SoftonicDownloader_for_emoticons-mail.exe Win32/SoftonicDownloader.G potentially unwanted application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\speedupmypc3plc.exe Win32/SpeedUpMyPC potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Unconfirmed 168450.crdownload Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\Candy Crush Saga Hack v1.25 (1)\Candy Crush Saga Hack v1.25.exe a variant of MSIL/FakeTool.GJ trojan cleaned by deleting - quarantined
C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:35 PM

Posted 04 September 2015 - 07:16 PM

OK looks like the SET log.
Is your Iobit a legit copy? I am not scolding but I see strange files that may be causing issues.

In Control Panel you should Un install these.....
RegCure Pro (HKLM\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.1.7.0 - ParetoLogic, Inc.)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)

TuneUp Utilities 2014 (en-GB) (HKLM\...\{504F08E9-C70E-4B70-917E-382141CAC326}) (Version: 14.0.1000.90 - TuneUp Software

Restart your machine.


Remove what ADWCleaner found.
Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Dixie29

Dixie29
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 September 2015 - 10:45 PM

Hi

 

Yes paid for and registered - have email receipts for the last 3 years and have had direct contact with them and have it on multiple computers.

 However...ASC keeps showing an out of date database and I have to keep fixing it....and come to think of it...it hasn't automatically updated to the newest version or told me to download it...which it usualy does, but it is a Registered copy.

 

I'll follow your further instructions

 

Thanks again



#6 Dixie29

Dixie29
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 05 September 2015 - 12:28 AM

Hi

 

Done....

 

but....

 

TuneUp Utilities 2014 or any other  TuneUp file doesn't show in the program list -  I searched for it and it exists - so I wasn't sure what to do....so I did everything without removing it as not sure how to !

 

I'm sorry...I'm going to have to this bit again aren't I ?       :oopsign:  again!

 

# AdwCleaner v5.005 - Logfile created 05/09/2015 at 06:11:35
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : User - USER-4700F4B9EA
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
 
***** [ Files ] *****
 
[-] File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen
[-] File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\gkcefkcdkepgkpbgncjchhbjgoanleod
[-] File Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{534C64AF-347A-4D26-AA5A-DE7355DA2F9A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-1060284298-412668190-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{534C64AF-347A-4D26-AA5A-DE7355DA2F9A}
[-] Data Restored : HKU\S-1-5-21-1060284298-412668190-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
 
***** [ Web browsers ] *****
 
[-] [C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kbfnbcaeplbcioakkpcpgfkobkghlhen
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2774 bytes] ##########


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:35 PM

Posted 07 September 2015 - 09:08 PM

OK look up your ASC key, Then in Control Panel uninstall it.
Reboot the machine and reinstall...

See how it is.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Dixie29

Dixie29
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 11 September 2015 - 01:41 PM

Hi

 

Sorry I've been working away from home so couldn't continue.

 

I've followed the instructions  and for the first few minutes it was great,  and then it became unresponsive and opens random pages.  It keeps 'stopping' and I have to kill whatever I was doing.  Any advice on what next :killcomp:  :deadhorse:

Type hangs as well...so a delay from typing to text appearing.

 

Thanks



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:35 PM

Posted 11 September 2015 - 02:10 PM

This is happeng when removing ASC?

Try going back to a Restore point before all this started .

https://support.microsoft.com/en-us/kb/306084
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users