Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

smss .exe


  • Please log in to reply
5 replies to this topic

#1 amateur4014

amateur4014

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 13 July 2016 - 01:29 PM

A computer at work (Win XP) was running slow so I opened the task manager to see if anything was hogging the CPU. Nothing was, and the computer went back to normal, but I saw that "smss .exe" was a loaded process.

 

Is it normal for there to be a space in between the smss and the .exe?  I know smss.exe is a legit process, and we do have multiple users logged into the computer. 

 

smss.exe is a file in WINDOWS\system32 and smss .exe is a file in WINDOWS\system32\Event Agent\Bin  It looks weird to me, but I am no expert! I am a bit paranoid though - this computer was infected with malware a few years ago. We are only running XP because of some ancient software with lost discs.

 

Thanks for the help!

 

*I forgot to mention before - I have AVG running, and have run scans with Malwarebytes, SuperAntiSpyware, and Spybot. 


Edited by amateur4014, 14 July 2016 - 08:51 AM.
moved from Windows XP to Am I Infected for a malware check


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:58 AM

Posted 14 July 2016 - 09:57 AM

The original smss.exe from Microsoft is an important part of Windows, but often causes problems. The file smss.exe is located in the C:\Windows\System32 folder. Known file sizes on Windows 10/8/7/XP are 50,688 bytes (79% of all occurrences), 69,632 bytes and 10 more variants. http://www.file.net/process/smss.exe.html ..see File.NET


3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 amateur4014

amateur4014
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 14 July 2016 - 12:49 PM

Thanks! Here is the requested log texts:

 

MiniToolBox

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Office Manager (administrator) on 14-07-2016 at 11:13:34
Running from "C:\Documents and Settings\Office Manager\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
127.0.0.2    activate.adobe.com

========================= IP Configuration: ================================
1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce 10/100/1000 Mbps Ethernet  = Local Area Connection 2 (Connected)
# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

        Host Name . . . . . . . . . . . . : beer-lover

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : westell.com


Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . : westell.com

        Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet

        Physical Address. . . . . . . . . : 00-24-8C-0D-5E-E0

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.0.0.29

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.0.0.1

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 10.0.0.1

        Lease Obtained. . . . . . . . . . : Thursday, July 14, 2016 8:01:41 AM

        Lease Expires . . . . . . . . . . : Friday, July 15, 2016 8:01:41 AM

Server:  dslrouter.westell.com
Address:  10.0.0.1

Name:    google.com
Address:  172.217.2.206


Pinging google.com [172.217.2.206] with 32 bytes of data:

Reply from 172.217.2.206: bytes=32 time=47ms TTL=57

Reply from 172.217.2.206: bytes=32 time=48ms TTL=57

Ping statistics for 172.217.2.206:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 47ms, Maximum = 48ms, Average = 47ms

Server:  dslrouter.westell.com
Address:  10.0.0.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=68ms TTL=52

Reply from 98.139.183.24: bytes=32 time=66ms TTL=52

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 66ms, Maximum = 68ms, Average = 67ms


Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 8c 0d 5e e0 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.29      20
         10.0.0.0    255.255.255.0        10.0.0.29       10.0.0.29      20
        10.0.0.29  255.255.255.255        127.0.0.1       127.0.0.1      20
   10.255.255.255  255.255.255.255        10.0.0.29       10.0.0.29      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
        224.0.0.0        240.0.0.0        10.0.0.29       10.0.0.29      20
  255.255.255.255  255.255.255.255        10.0.0.29       10.0.0.29      1
Default Gateway:          10.0.0.1

 

===========================================================================
Persistent Routes:
  None

 

========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 02 C:\WINDOWS\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 03 C:\WINDOWS\system32\nvLsp.dll [270336] (NVIDIA)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\nvLsp.dll [270336] (NVIDIA)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/13/2016 12:36:48 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2016/07/13 12:36:48.984]: [00002984]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/13/2016 12:35:25 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2016/07/13 12:35:25.453]: [00002984]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/13/2016 12:31:57 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2016/07/13 12:31:57.156]: [00002984]: CUsbScnDev: DeviceIoControl Illegal response [0x0]

Error: (07/07/2016 11:49:56 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
Context:  Application, SystemIndex Catalog

Error: (07/07/2016 11:43:41 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/07/2016 11:43:41 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/07/2016 11:43:41 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/07/2016 11:34:29 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 22.0.4001.2206, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/07/2016 11:30:44 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/07/2016 11:30:44 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (07/14/2016 10:06:33 AM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/14/2016 10:06:33 AM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/14/2016 10:06:33 AM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/14/2016 10:06:33 AM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/14/2016 10:06:33 AM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/14/2016 10:06:33 AM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/13/2016 11:43:47 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

Error: (07/13/2016 04:34:51 PM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/13/2016 04:34:51 PM) (Source: 0) (User: )
Description: \Device\TermddX.224

Error: (07/13/2016 04:34:51 PM) (Source: 0) (User: )
Description: \Device\TermddX.224


Microsoft Office Sessions:
=========================
Error: (05/12/2016 10:49:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 1123716 seconds with 23220 seconds of active time.  This session ended with a crash.

Error: (04/29/2016 10:40:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 669687 seconds with 14040 seconds of active time.  This session ended with a crash.

Error: (11/05/2015 10:56:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 789 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (07/13/2015 02:39:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 449682 seconds with 13500 seconds of active time.  This session ended with a crash.

Error: (01/15/2015 11:53:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1051 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (08/22/2014 05:01:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23506 seconds with 4260 seconds of active time.  This session ended with a crash.

Error: (05/28/2014 04:48:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18213 seconds with 2700 seconds of active time.  This session ended with a crash.

Error: (05/21/2014 11:58:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5869 seconds with 1140 seconds of active time.  This session ended with a crash.

Error: (04/11/2014 11:37:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5735 seconds with 2160 seconds of active time.  This session ended with a crash.

Error: (04/08/2014 09:54:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86650 seconds with 3900 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat XI Standard (HKLM\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM\...\{5AF4B3C4-C393-48D7-AC7E-8E7615579548}) (Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Anchor Service CS4 (HKLM\...\{1618734A-3957-4ADD-8199-F973763109A8}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (HKLM\...\{83877DB1-8B77-45BC-AB43-2BAC22E093E0}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (HKLM\...\{94D398EB-D2FD-4FD1-B8C4-592635E8A191}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (HKLM\...\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (HKLM\...\{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (HKLM\...\{0D6013AB-A0C7-41DC-973C-E93129C9A29F}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (HKLM\...\{098A2A49-7CF3-4F08-A38D-FB879117152A}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (HKLM\...\{63C24A08-70F3-4C8E-B9FB-9F21A903801D}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (HKLM\...\{0F723FC1-7606-4867-866C-CE80AD292DAF}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (HKLM\...\{C52E3EC1-048C-45E1-8D53-10B0C6509683}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (HKLM\...\{67F0E67A-8E93-4C2C-B29D-47C48262738A}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\{E68EADA6-63A4-F6D3-FE12-968B879F7AD6}) (Version: 1.2.9 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Drive CS4 (HKLM\...\{16E16F01-2E2D-4248-A42F-76261C147B6C}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (HKLM\...\{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (HKLM\...\{054EFA56-2AC1-48F4-A883-0AB89874B972}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Fonts All (HKLM\...\{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (HKLM\...\{AF37176A-78CA-545B-34EF-8B6A21514DD1}) (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Linguistics CS4 (HKLM\...\{931AB7EA-3656-4BB7-864D-022B09E3DD67}) (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (HKLM\...\{BB4E33EC-8181-4685-96F7-8554293DEC6A}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (HKLM\...\{F93C84A6-0DC6-42AF-89FA-776F7C377353}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\{E4848436-0345-47E2-B648-8B522FCDA623}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 Support (HKLM\...\{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Search for Help (HKLM\...\{F0E64E2E-3A60-40D8-A55D-92F6831875DA}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (HKLM\...\{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (HKLM\...\{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (HKLM\...\{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (HKLM\...\{05308C4E-7285-4066-BAE3-6B50DA6ED755}) (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM\...\{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}) (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (HKLM\...\{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (HKLM\...\{68243FF8-83CA-466B-B2B8-9F99DA5479C4}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (HKLM\...\{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Any Video Converter 3.1.0 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AVG (HKLM\...\{F9087B1B-2D68-4843-B2AD-87FAE1002E8A}) (Version: 16.91.7688 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.72.2.24716 - AVG Technologies)
AVG 2016 (HKLM\...\{F511A6EF-76D9-45A1-A9B7-72193F36E2CD}) (Version: 16.0.4627 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.91.7688 - AVG Technologies)
AVG Zen (HKLM\...\{289B4A0D-C36E-4B46-A15B-1FF97FACC542}) (Version: 1.72.1 - AVG Technologies) Hidden
Backblaze (HKLM\...\Backblaze) (Version:  - Backblaze, Inc)
Brother MFL-Pro Suite MFC-L2700DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 2.35 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Connect (HKLM\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
doPDF 6.2  printer (HKLM\...\doPDF 6  printer_is1) (Version:  - Softland)
Dropbox (HKLM\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.35.3 - Dropbox, Inc.) Hidden
FMW 1 (HKLM\...\{24C87FAC-EF2F-4624-9566-491C46B9DAF8}) (Version: 1.102.4 - AVG Technologies) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.1.71.14 - Oracle, Inc.) Hidden
KompoZer 0.8b3 (HKLM\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
kuler (HKLM\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
LibreOffice 4.2.4.2 (HKLM\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft MapPoint North America 2006 (HKLM\...\{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}) (Version: 13.00.15.2800 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection  (HKLM\...\{8B562F87-8385-4B95-A8C2-13C008872D6C}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.6793 - NVIDIA Corporation)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS4 (HKLM\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
pdfsam (HKCU\...\pdfsam) (Version: 2.2.1 - )
Photoshop Camera Raw (HKLM\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Python 2.7.11 (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
QuickBooks (HKLM\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4001.2206 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2012 (HKLM\...\{2181214D-1954-4C60-91FD-EEA7EBB32022}) (Version: 22.0.4001.2206 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5680 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.88 (HKLM\...\Revo Uninstaller) (Version: 1.88 - VS Revo Group)
Safari (HKLM\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Suite Shared Configuration CS4 (HKLM\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
Update for Windows Internet Explorer 7 (KB976749) (HKLM\...\KB976749-IE7) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (HKLM\...\KB980182-IE7) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden
XPS Essentials Pack (HKLM\...\{6A69D94E-C569-4154-9643-72E94D1DDFDA}) (Version: 1.0.6000 - Microsoft Corporation)
XPS Essentials Pack 1.0 (HKLM\...\XpsEP) (Version:  - Microsoft Corporation) Hidden

========================= Memory info: ===================================
Percentage of memory in use: 32%
Total physical RAM: 3455.1 MB
Available physical RAM: 2321.14 MB
Total Virtual: 5337.76 MB
Available Virtual: 3279.5 MB

========================= Partitions: =====================================
2 Drive c: () (Fixed) (Total:195.31 GB) (Free:112.86 GB) NTFS
3 Drive d: (Apps) (Fixed) (Total:195.31 GB) (Free:191.27 GB) NTFS
4 Drive e: (Data) (Fixed) (Total:195.31 GB) (Free:195.22 GB) NTFS

========================= Users: ========================================
User accounts for \\BEER-LOVER

Administrator            ASPNET                   Chad                     
Guest                    HelpAssistant            Jamie                    
Jody                     Joe                      Office Manager           
SUPPORT_388945a0         


**** End of log ****
 

 

 

AdwCleaner

# AdwCleaner v5.201 - Logfile created 14/07/2016 at 11:15:39
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-13.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Office Manager - BEER-LOVER
# Running from : C:\Documents and Settings\Office Manager\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKU\S-1-5-21-1004336348-1960408961-839522115-1003\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-1004336348-1960408961-839522115-1003\Software\Zugo

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1619 bytes] - [14/07/2016 11:15:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1692 bytes] ##########

 

 

 

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Microsoft Windows XP x64
Ran by Office Manager (Administrator) on Thu 07/14/2016 at 11:20:08.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Documents and Settings\Office Manager\Application Data\Mozilla\Firefox\Profiles\hibh72gp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\google.com_blog_search.xml (File)
Successfully deleted: C:\Documents and Settings\Office Manager\My Documents\add-in express (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)

Deleted the following from C:\Documents and Settings\Office Manager\Application Data\Mozilla\Firefox\Profiles\hibh72gp.default\prefs.js
user_pref(extensions.images@wink.su.yandex, false);



Registry: 3

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/14/2016 at 11:21:31.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ESET Scanner

C:\Documents and Settings\Office Manager\My Documents\Downloads\avc-free.exe    Win32/OpenCandy potentially unsafe application    deleted
C:\Documents and Settings\Office Manager\My Documents\Downloads\cbsidlm-sp1_0_150-Backblaze-SEO-10912832.dmg    a variant of OSX/Adware.Spigot.A application    deleted
D:\Program Files\Adobe\Photoshop CS\disable_activation.cmd    BAT/HostsChanger.A potentially unsafe application    cleaned by deleting
 


Edited by hamluis, 15 July 2016 - 10:43 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:58 AM

Posted 14 July 2016 - 01:50 PM

Good, now remove what ADWcleaner found and see how it's running.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 amateur4014

amateur4014
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 14 July 2016 - 02:29 PM

Here's the log after the Clean option in Adwcleaner

**I didn't let it delete the registry keys HKLM\SOFTWARE\AVG Secure Search and HKLM\SOFTWARE\AVG Security Toolbar as I intentionally installed those AVG options.

 

# AdwCleaner v5.201 - Logfile created 14/07/2016 at 15:03:33
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-14.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Office Manager - BEER-LOVER
# Running from : C:\Documents and Settings\Office Manager\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\Zugo
[x] Key Not Deleted : HKLM\SOFTWARE\AVG Secure Search
[x] Key Not Deleted : HKLM\SOFTWARE\AVG Security Toolbar
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1607 bytes] - [14/07/2016 15:03:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [1771 bytes] - [14/07/2016 11:15:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [1844 bytes] - [14/07/2016 15:00:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1826 bytes] ##########
 
Thanks again! 
 
I think I figured out why I have both smss.exe and smss .exe in my process list (not malware related). I checked it after the reboot and only smss.exe was there. Then a co-worker needed to login to their user account. Instead of logging out completely we used the switch user option, so we are both logged in. When I checked the process list smss .exe had appeared. Must be something to so with multiple sessions. So all is well, and thanks for helping me tidy up the computer!


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:58 AM

Posted 14 July 2016 - 03:55 PM

You're welcome and thanks for coming by!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users