Jump to content
Sign in to follow this  
terry1966

malware free?

Recommended Posts

just wanted to check a mates laptop is free of malware. i doubt it but would be nice if he surprised me for a change. don't have the time or patience to backup everything, wait for hrs while it scans and then probably having to do a clean install for him, so thought i'd come to the experts. ;)

 

DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by mickymick at 12:43:45 on 2013-11-01Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.628 [GMT 0:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ================.C:WINDOWSsystem32ibmpmsvc.exeC:WINDOWSsystem32Ati2evxx.exec:Program FilesMicrosoft Security ClientMsMpEng.exeC:Program FilesIntelWirelessBinEvtEng.exeC:Program FilesIntelWirelessBinS24EvMon.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exeC:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exeC:Program FilesBonjourmDNSResponder.exeC:WINDOWSsystem32dldncoms.exeC:Program Fileswrapper_instfile_to_run.exeC:Program FilesIntelWirelessBinRegSrvc.exeC:Program FilesCyberLinkShared filesRichVideo.exeC:Documents and SettingsAll UsersApplication DataSkypeToolbarsSkype C2C Servicec2c_service.exeC:Program FilesTomTom HOME 2TomTomHOMEService.exeC:Program FilesCommon FilesAuthentiumAntiVirus5vsedsps.exeC:WINDOWSsystem32SearchIndexer.exeC:Program FilesCommon FilesAuthentiumAntiVirus5vseamps.exeC:Program FilesCommon FilesAuthentiumAntiVirus5vseqrts.exeC:WINDOWSSystem32alg.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32wbemwmiprvse.exeC:WINDOWSsystem32RunDll32.exeC:Program FilesMicrosoft Security Clientmsseces.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesTomTom HOME 2TomTomHOMERunner.exec:Program FilesMicrosoft Security ClientMpCmdRun.exeC:WINDOWSsystem32wbemwmiprvse.exeC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSSystem32svchost.exe -k NetworkServiceC:WINDOWSSystem32svchost.exe -k LocalServiceC:WINDOWSSystem32svchost.exe -k LocalServiceC:WINDOWSSystem32svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - c:program filesvideodownloadconverter_4zbar1.bin4zbar.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dllBHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dllBHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - c:program filesvideodownloadconverter_4zbar1.bin4zSrcAs.dllBHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>TB: Radio TV 2.1 Toolbar: {4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF} -TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} -TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - c:program filesvideodownloadconverter_4zbar1.bin4zbar.dllTB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - c:program filesvideodownloadconverter_4zbar1.bin4zbar.dllEB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32shdocvw.dlluRun: [ctfmon.exe] c:windowssystem32ctfmon.exeuRun: [skype] "c:program filesskypephoneSkype.exe" /minimized /regrunuRun: [TomTomHOME.exe] "c:program filestomtom home 2TomTomHOMERunner.exe"mRun: [bMMGAG] RunDll32 c:progra~1thinkpadutilit~1pwrmonit.dll,StartPwrMonitormRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkeydRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXEdRunOnce: [AutoLaunch] c:program fileslavasoftad-awareAutoLaunch.exe monthlydRunOnce: [tscuninstall] c:windowssystem32tscupgrd.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-WindowsSystem: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exeTCP: Interfaces{15ADAE4A-D2BA-45AF-BF3E-FE96A8D2E478} : DHCPNameServer = 192.168.0.1TCP: Interfaces{8F933266-6AA3-4B5D-A6E3-F06CDDB1D99D} : DHCPNameServer = 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: ComPlusSetup - <no file>Notify: tpfnf2 - notifyf2.dllNotify: tphotkey - tphklock.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dllSEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication30.0.1599.101installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeHosts: 127.0.0.1 mpa.one.microsoft.com.================= FIREFOX ===================.FF - ProfilePath - c:documents and settingsmickymickapplication datamozillafirefoxprofiles1ocmbs25.default-1378662864610FF - plugin: c:documents and settingsmickymicklocal settingsapplication datafacebookvideoskypenpFacebookVideoCalling.dllFF - plugin: c:program filesadobereader 11.0readerairnppdf32.dllFF - plugin: c:program filesgoogleupdate1.3.21.165npGoogleUpdate3.dllFF - plugin: c:program filesmicrosoft silverlight5.1.20913.0npctrlui.dllFF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dllFF - plugin: c:windowssystem32adobedirectornp32dsw_1167637.dllFF - plugin: c:windowssystem32macromedflashNPSWF32_11_9_900_117.dllFF - ExtSQL: 2013-09-08 19:15; jid1-ZAdIEUB7XOzOJw@jetpack; c:documents and settingsmickymickapplication datamozillafirefoxprofiles1ocmbs25.default-1378662864610extensionsjid1-ZAdIEUB7XOzOJw@jetpack.xpiFF - ExtSQL: 2013-09-22 08:53; {12e57d18-f8f7-4b76-af63-605365ab88ec}; c:documents and settingsmickymickapplication datamozillafirefoxprofiles1ocmbs25.default-1378662864610extensions{12e57d18-f8f7-4b76-af63-605365ab88ec}FF - ExtSQL: 2013-09-23 10:20; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:documents and settingsmickymickapplication datamozillafirefoxprofiles1ocmbs25.default-1378662864610extensions{1122b43d-30ee-403f-9bfa-3cc99b0caddd}FF - ExtSQL: 2013-10-14 14:25; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:documents and settingsmickymickapplication datamozillafirefoxprofiles1ocmbs25.default-1378662864610extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2013-6-18 211560]R1 MpKsl6b993c0b;MpKsl6b993c0b;c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{df167245-c21f-4237-a043-1d820c75195a}MpKsl6b993c0b.sys [2013-11-1 40392]R1 TPPWR;TPPWR;c:windowssystem32driversTPPWR.SYS [2008-4-25 16384]R2 dldn_device;dldn_device;c:windowssystem32dldncoms.exe -service --> c:windowssystem32dldncoms.exe -service [?]R2 pcregservice;pcregservice Service;c:program fileswrapper_instfile_to_run.exe [2013-9-22 31344]R2 Skype C2C Service;Skype C2C Service;c:documents and settingsall usersapplication dataskypetoolbarsskype c2c servicec2c_service.exe [2013-10-9 3275136]R2 TomTomHOMEService;TomTomHOMEService;c:program filestomtom home 2TomTomHOMEService.exe [2013-7-2 93072]R2 vseamps;vseamps;c:program filescommon filesauthentiumantivirus5vseamps.exe [2010-4-8 117288]R2 vsedsps;vsedsps;c:program filescommon filesauthentiumantivirus5vsedsps.exe [2010-4-8 117288]R2 vseqrts;vseqrts;c:program filescommon filesauthentiumantivirus5vseqrts.exe [2010-4-8 154152]R2 WTclass;WTclass;c:windowssystem32driversWTCLASS.SYS [2011-6-7 24064]S1 aswSP;avast! Self Protection; [x]S1 Wacom;Wacom;c:windowssystem32driversWACOM.SYS [2011-6-7 36896]S2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswfsblk.sys --> c:windowssystem32driversaswFsBlk.sys [?]S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:windowssystem32spooldriversw32x863dldnserv.exe [2012-2-27 98984]S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:progra~1videod~2bar1.bin4zbarsvc.exe [2013-2-28 42504]S3 DCamUSBNW800;CIF USB Camera (2110);c:windowssystem32driversPCAM800.SYS [2011-11-27 238944]S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:windowssystem32driversrt2870.sys --> c:windowssystem32driversrt2870.sys [?]S4 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-2-28 161384].=============== Created Last 30 ================.2013-11-01 12:35:12 40392 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{df167245-c21f-4237-a043-1d820c75195a}MpKsl6b993c0b.sys2013-10-21 13:35:33 7796464 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{df167245-c21f-4237-a043-1d820c75195a}mpengine.dll2013-10-20 19:40:44 7796464 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updatesbackupmpengine.dll2013-10-14 11:09:29 -------- d-----w- c:program filesMicrosoft Security Client2013-10-10 07:25:44 25088 -c----w- c:windowssystem32dllcachehidparse.sys2013-10-10 07:25:44 14976 -c----w- c:windowssystem32dllcacheusbscan.sys2013-10-10 07:25:43 46848 -c----w- c:windowssystem32dllcacheirbus.sys2013-10-10 07:25:43 123008 -c----w- c:windowssystem32dllcacheusbvideo.sys2013-10-10 07:25:11 5376 -c----w- c:windowssystem32dllcacheusbd.sys2013-10-10 07:25:11 32384 -c----w- c:windowssystem32dllcacheusbccgp.sys2013-10-10 07:25:11 30336 -c----w- c:windowssystem32dllcacheusbehci.sys2013-10-10 07:25:11 144128 -c----w- c:windowssystem32dllcacheusbport.sys2013-10-09 09:58:02 4879744 ----a-w- c:program filesmozilla firefoxextensions{82af8dca-6de9-405d-bd5e-43525bdad38a}componentsSkypeFfComponent.dll2013-10-09 09:58:02 4879744 ----a-w- c:program filesmozilla firefoxbrowserextensions{82af8dca-6de9-405d-bd5e-43525bdad38a}componentsSkypeFfComponent.dll2013-10-04 16:50:01 5632 ----a-w- c:windowssystem32ptpusb.dll2013-10-04 16:49:59 159232 ----a-w- c:windowssystem32ptpusd.dll.==================== Find3M ====================.2013-10-10 08:21:09 692616 ----a-w- c:windowssystem32FlashPlayerApp.exe2013-10-10 08:21:08 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-09-23 18:33:58 920064 ----a-w- c:windowssystem32wininet.dll2013-09-23 18:33:57 43520 ------w- c:windowssystem32licmgr10.dll2013-09-23 18:33:57 1469440 ------w- c:windowssystem32inetcpl.cpl2013-09-23 18:33:56 18944 ----a-w- c:windowssystem32corpol.dll2013-09-23 18:06:48 385024 ----a-w- c:windowssystem32html.iec2013-09-20 13:45:34 389120 ----a-w- c:windowssystem32RegistryHelperLM.ocx2013-08-29 01:31:44 1878656 ----a-w- c:windowssystem32win32k.sys2013-08-09 01:56:45 386560 ----a-w- c:windowssystem32themeui.dll2013-08-09 00:55:08 144128 ----a-w- c:windowssystem32driversusbport.sys2013-08-09 00:55:07 32384 ----a-w- c:windowssystem32driversusbccgp.sys2013-08-09 00:55:06 5376 ----a-w- c:windowssystem32driversusbd.sys2013-08-05 13:30:32 1289728 ----a-w- c:windowssystem32ole32.dll2013-08-03 13:18:38 1543680 ------w- c:windowssystem32wmvdecod.dll.============= FINISH: 12:45:09.25 ===============

 

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 8/4/2012 1:33:05 PMSystem Uptime: 11/1/2013 12:34:30 PM (0 hours ago).Motherboard: IBM | | 23733HGProcessor: Intel® Pentium® M processor 1600MHz | None | 1594/400mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 57 GiB total, 28.836 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP279: 10/20/2013 8:40:22 PM - Software Distribution Service 3.0RP280: 10/21/2013 2:35:28 PM - Software Distribution Service 3.0.==== Installed Programs ======================.Acrobat.comAdobe Acrobat 4.0Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe PhotoDeluxe Home Edition 4.0Adobe Reader XI (11.0.03)Adobe Shockwave Player 11.6Agere Systems AC'97 ModemApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft PhotoImpressionArcSoft Software SuiteArcSoft TotalMedia 3.5ArcSoft VideoImpression 1.6ATI - Software Uninstall UtilityATI Control PanelATI Display DriverAVSDK5Bejeweled 2 DeluxeBejeweled 2 Deluxe 1.1Big Fish Games: Game ManagerBonjourCCleanerCCTV Player UninstallCIF USB Camera (2110)Dell V105ESET Online Scanner v3Facebook Video Calling 1.2.0.159Facebook Video Calling 1.2.0.287Google ChromeGoogle Update HelperHarry Potter IIHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)IBM ThinkPad Battery MaxiMiser and Power Management FeaturesIntel® PRO Network Connections DriversIntel® PROSet/Wireless SoftwareiTunesMalwarebytes Anti-Malware version 1.75.0.1300mCoremDriverMGI PhotoSuite 4 (Remove Only)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Office Word Viewer 2003Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161mMHouseMozilla Firefox 24.0 (x86 en-US)Mozilla Maintenance ServicemPfMgrmProSafeMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB933579)mWlsSafemXMLOGA Notifier 2.0.0048.0PowerDVDPowerDVD UltraQuickTimeRealPlayer BasicSamsung PC StudioScanSoft OmniPage SE 4Security Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSecurity Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB2862772)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB2879017)Security Update for Windows Media Player (KB2803821-v2)Security Update for Windows Media Player (KB2803821)Security Update for Windows Media Player (KB2834904-v2)Security Update for Windows Media Player (KB2834904)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2699988)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2847311)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2862330)Security Update for Windows XP (KB2862335)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2868038)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB2883150)Security Update for Windows XP (KB938464)Skype Click to CallSkype 6.3Software Update for Web FoldersSupervisionCamswMSMThinkPad Integrated 56K ModemThinkPad Power Management DriverThinkPad TrackPoint DriverThinkPad UltraNav DriverThinkPad UltraNav UtilityThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)TomTom HOMETomTom HOME Visual Studio Merge ModulesTrackPoint Accessibility FeaturesTRUST 120SPACEC@MUlead Photo Express 3.0 SEUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit EditionUpdate for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)VC 9.0 RuntimeVideo Download Converter version 1.0.0.0VideoDownloadConverter ToolbarViewpoint Media PlayerVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01WebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows Search 4.0Windows XP Service Pack 3.==== Event Viewer Messages From Past Week ========.11/1/2013 12:43:08 PM, error: Service Control Manager [7034] - The Logical Disk Manager Administrative Service service terminated unexpectedly. It has done this 1 time(s).11/1/2013 12:35:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.345.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYSYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.11/1/2013 12:35:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.345.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.10003.0&avdelta=1.161.345.0&asdelta=1.161.345.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved11/1/2013 12:35:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.345.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.10003.0&avdelta=1.161.345.0&asdelta=1.161.345.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITYNETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved11/1/2013 12:35:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi11/1/2013 12:35:10 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.11/1/2013 12:35:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldnCATSCustConnectService service to connect.11/1/2013 12:35:10 PM, error: Service Control Manager [7001] - The wacomkey service depends on the wintab32 service which failed to start because of the following error: The operation completed successfully.11/1/2013 12:35:10 PM, error: Service Control Manager [7000] - The dldnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/1/2013 12:35:10 PM, error: Service Control Manager [7000] - The avast! Standard Shield Support service failed to start due to the following error: The system cannot find the file specified.11/1/2013 12:35:10 PM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.11/1/2013 12:35:03 PM, error: Pcmcia [10] -.==== End Of File ===========================

 

many thanks in advance for your time and effort.

 

:b33r:

 

sorry for the edit but it seems some things don't paste into the reply that are in the report.

 

yet they don't show in my post even tho i selected and copied all then pasted the log here.

is that something to worry about?

 

 

for example first 2 line under Pseudo HJT Report are :-

 

there is a 3rd line missing too but didn't want to paste that in full here because it has a client id number that may be the reason it was omitted or something but it starts with this.

 

 

 

 

i'm confused.. :rofl3: even my edits won't post those lines?? thought everything should have been there for you to see.

Edited by terry1966

Share this post


Link to post
Share on other sites

You're confused.....ya ain't alone terry. :yikes: Don't think I ever saw a hjt log that big. :P I better get outta this Forum before Jacee catches me.... :mrgreen:

 

Regards,

 

Hawk :b33r:

Share this post


Link to post
Share on other sites

terry, what scans have you run and did you save logs..example:

Malwarebytes Anti-Malware?

 

Posted Image

Please download Junkware Removal Tool to your desktop.

[*]Shut down your protection software now to avoid potential conflicts.

[*]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete depending on your system's specifications.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message.

[*]~~~~~~~~~~~~~~~~~~~~~~~`

 

download AdwCleaner by Xplode and save to your Desktop.

[*]Double click on AdwCleaner.exe to run the tool.

Vista/Windows 7/8 users right-click and select Run As Administrator.

[*]Click on the Scan button.

[*]AdwCleaner will begin...be patient as the scan may take some time to complete.

[*]After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

[*]The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.

[*]Copy and paste the contents of that logfile in your next reply.

[*]A copy of all logfiles are saved in the C:AdwCleaner folder which was created when running the tool.

IF, you see items you know can be removed:

 

Using AdwCleaner v3: Scan & Clean:

Double click on AdwCleaner.exe to run the tool again.

[*]Click on the Scan button.

[*]AdwCleaner will begin to scan your computer like it did before.

[*]After the scan has finished...

[*]This time, click on the Clean button.

[*]Press OK when asked to close all programs and follow the onscreen prompts.

[*]Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

[*]Copy and paste the contents of that logfile in your next reply.

[*]A copy of that logfile will also be saved in the C:AdwCleaner folder.

Post these logs, use more then one page if you have to.

 

I see you Hawks!

Share this post


Link to post
Share on other sites

sorry juliet no i didn't run or save any scans on this laptop, just finished updating his router firmware and security and doing a clean install on another laptop for him that had trojans with possible backdoors.

so took this one off him to check it before letting it near his now clean network and systems, but he said there's things on this one that he wants so i thought it'd be easier for me to just let you clean it, instead of me trying to keep everything and maybe putting some malware back by accident.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.7 (10.15.2013:3)OS: Microsoft Windows XP x86Ran by mickymick on Fri 11/01/2013 at 18:37:16.07~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] videodownloadconverter_4zserviceSuccessfully deleted: [service] videodownloadconverter_4zservice~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}URLSuccessfully deleted [Registry Value] HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAboutURLsbProtectTabs~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOTAppID{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{13119113-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{33119133-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{9AFB8248-617F-460D-9366-D71CDEDA3179}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTCLSID{CC99A798-FD3D-4AB4-969E-6071612524F9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{23119123-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTInterface{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOTTypeLib{03119103-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareappgraffitiSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareconduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareconduitengineSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareconduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwarectoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwarefunwebproductsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwarepricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwaresearchprotectSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwaresearchqutoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwaresmartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwaresoftonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareAppDataLowsoftwareconduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtSettings{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtSettings{CC99A798-FD3D-4AB4-969E-6071612524F9}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats{8736C681-37A0-40C6-A0F0-4C083409151C}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats{CC99A798-FD3D-4AB4-969E-6071612524F9}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerInternetRegistryREGISTRYUSERS-1-5-21-448539723-1935655697-854245398-1005SoftwareSweetIMSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareconduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareconduitengineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwarefirstsearchSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwaresearchprotectSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesaxmetastream.metastreamctlSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesaxmetastream.metastreamctl.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesaxmetastream.metastreamctlsecondarySuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesaxmetastream.metastreamctlsecondary.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesconduit.engineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesimside1egate.application.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesprod.capSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesspeedupmypcSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.dynamicbarbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.dynamicbarbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.feedmanagerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.feedmanager.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.htmlmenuSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.htmlmenu.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.htmlpanelSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.htmlpanel.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.multiplebuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.multiplebutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.pseudotransparentpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.pseudotransparentplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.radioSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.radio.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.radiosettingsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.radiosettings.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.scriptbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.scriptbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.settingspluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.settingsplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.skinlauncherSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.skinlauncher.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.thirdpartyinstallerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.thirdpartyinstaller.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.urlalertbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.urlalertbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.xmlsessionpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesvideodownloadconverter_4z.xmlsessionplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallvideodownloadconverter_4zbar uninstallSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstallviewpointmediaplayerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT2438727Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT2645238Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT2830582Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT2953735Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT3084223Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT3176986Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareClassesToolbar.CT3298566Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{C861DEED-5A2E-46BD-AEB5-B7B6B4D5E60D}Successfully deleted: [Registry Key] "hkey_current_usersoftwareappdatalowaskbardis"~~~ FilesSuccessfully deleted: [File] "C:WINDOWSsystem32conduitengine.tmp"Successfully deleted: [File] "C:end"~~~ FoldersSuccessfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication datababylon"Successfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication databig fish games"Successfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication databoost_interprocess"Successfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication dataconduit"Successfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication dataviewpoint"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Dataalot"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Dataappgraffiti"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Datadrivercure"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Dataiwin"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Dataperformersoft"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Datarebateinformer"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Datasearchprotect"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Datasearchquband"Successfully deleted: [Folder] "C:Documents and SettingsmickymickApplication Datavideodownloadconverter_4z"Successfully deleted: [Folder] "C:Documents and Settingsmickymickappdatalocallowdatamngr"Successfully deleted: [Folder] "C:Documents and SettingsmickymickLocal SettingsApplication Datababylon"Successfully deleted: [Folder] "C:Documents and SettingsmickymickLocal SettingsApplication Dataconduit"Successfully deleted: [Folder] "C:Documents and SettingsmickymickLocal SettingsApplication Dataconduitengine"Successfully deleted: [Folder] "C:Documents and SettingsmickymickLocal SettingsApplication Datacre"Successfully deleted: [Folder] "C:Documents and SettingsmickymickLocal SettingsApplication Dataiac"Successfully deleted: [Folder] "C:Documents and SettingsmickymickLocal SettingsApplication Datailivid player"Successfully deleted: [Folder] "C:Program Filesalot"Successfully deleted: [Folder] "C:Program Filesconduit"Successfully deleted: [Folder] "C:Program Filesdictionaryboss"Successfully deleted: [Folder] "C:Program Filesmypc backup"Successfully deleted: [Folder] "C:Program Filessearchprotect"Successfully deleted: [Folder] "C:Program Filesvideo download converter"Successfully deleted: [Folder] "C:Program Filesvideodownloadconverter_4z"Successfully deleted: [Folder] "C:Program Filesviewpoint"Successfully deleted: [Folder] "C:Program Fileswindows ilivid toolbar"~~~ FireFoxSuccessfully deleted: [File] C:Documents and SettingsmickymickApplication Datamozillafirefoxprofiles1ocmbs25.default-1378662864610bprotector_extensions.sqliteSuccessfully deleted: [File] C:Documents and SettingsmickymickApplication Datamozillafirefoxprofiles1ocmbs25.default-1378662864610bprotector_prefs.jsSuccessfully deleted: [File] C:Documents and SettingsmickymickApplication Datamozillafirefoxprofiles1ocmbs25.default-1378662864610searchpluginsbabylon.xmlSuccessfully deleted: [File] C:Documents and SettingsmickymickApplication Datamozillafirefoxprofiles1ocmbs25.default-1378662864610searchpluginsconduit.xmlSuccessfully deleted: [Folder] C:Documents and SettingsmickymickApplication Datamozillafirefoxprofiles1ocmbs25.default-1378662864610extensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comSuccessfully deleted: [Folder] C:Documents and SettingsmickymickApplication Datamozillafirefoxprofiles1ocmbs25.default-1378662864610extensions{0113d088-8ed1-468c-b225-585a9c53b5e3}Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINESoftwareMozillaFirefoxExtensions4zffxtbr@videodownloadconverter_4z.comSuccessfully deleted the following from C:Documents and SettingsmickymickApplication Datamozillafirefoxprofiles1ocmbs25.default-1378662864610prefs.jsuser_pref("CT3298566.smartbar.homepage", "true");user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");user_pref("aoluk_toolbar.presethomepage", "holasearch.com");user_pref("aoluk_toolbar.presetsearch", "MixiDJ V30 Customized Web Search");user_pref("aoluk_toolbar.search.searchtype", "web");user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");user_pref("extensions.crossrider.bic", "1415e9c6f4f6e354a9351107af513725");user_pref("smartbar.addressBarOwnerCTID", "CT3298566");user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");user_pref("smartbar.homePageOwnerCTID", "CT3298566");user_pref("smartbar.machineId", "9G6OZ02X8XJWZTMMRTQ4GTJUC+TS1E4NUG6TXH1UIT5R2AVB7ZPRL8N0UEAQJQKPW87H6RIBCFQJMA4LBKIP9Q");~~~ ChromeSuccessfully deleted: [Folder] C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsgpdgdlcjhlbaphcjmagicjhhgfnkiihpSuccessfully deleted: [Folder] C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmiedaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareGoogleChromeExtensionsfagpjgjmoaccgkkpjeoinehnoaimnblaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareGoogleChromeExtensionsppdjnkblmcjfnlogjjhpigpdgpcgdpll~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 11/01/2013 at 18:42:55.29End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.010 - Report created 01/11/2013 at 18:47:05# Updated 20/10/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : mickymick - LAPPY# Running from : C:Documents and SettingsmickymickDesktopAdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610searchpluginsBitGuard.xmlFolder Found : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610Extensions{1122b43d-30ee-403f-9bfa-3cc99b0caddd}Folder Found : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610Extensions{1122b43d-30ee-403f-9bfa-3cc99b0caddd}Folder Found : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfdkednngfjmpnljkolbapdednncafhenFolder Found : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfdkednngfjmpnljkolbapdednncafhenFolder Found : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjefFolder Found C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataConduitFolder Found C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataConduitEngineFolder Found C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataRadio_TV_2.1Folder Found C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataZyngaFolder Found C:Documents and SettingsAll UsersApplication DataBitGuardFolder Found C:Documents and SettingsAll UsersApplication DataParetoLogicFolder Found C:Documents and SettingsdaveApplication DataSearchqutoolbarFolder Found C:Documents and SettingsdaveLocal SettingsApplication DataConduitFolder Found C:Documents and SettingsdaveLocal SettingsApplication DataKiwee ToolbarFolder Found C:Documents and SettingsLocalServiceApplication DataAGIFolder Found C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610CT3298566Folder Found C:Documents and SettingsmickymickApplication DataParetoLogicFolder Found C:Documents and SettingsmickymickLocal SettingsApplication DataPackageAwareFolder Found C:Documents and SettingsmickymickLocal SettingsApplication DataRadio_TV_2.1Folder Found C:Documents and SettingsmickymickStart MenuProgramsBitGuard***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCUSoftware5b6d6dfb46ab913Key Found : HKCUSoftwarealotKey Found : HKCUSoftwareBrowseFoxKey Found : HKCUSoftwareGoogleChromeExtensionsfdkednngfjmpnljkolbapdednncafhenKey Found : HKCUSoftwareGoogleChromeExtensionsfdkednngfjmpnljkolbapdednncafhenKey Found : HKCUSoftwareInstalledThirdPartyProgramsKey Found : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheDealPlyKey Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{201F27D4-3704-41D6-89C1-AA35E39143ED}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3041D03E-FD4B-44E0-B742-2D9B88305F98}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{30F9B915-B755-4826-820B-08FBA6BD249D}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{8736C681-37A0-40C6-A0F0-4C083409151C}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{B0DE3308-5D5A-470D-81B9-634FC078393B}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{DFF9B2DA-EF99-4B26-83CB-7058299999D8}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{201F27D4-3704-41D6-89C1-AA35E39143ED}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3041D03E-FD4B-44E0-B742-2D9B88305F98}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{30F9B915-B755-4826-820B-08FBA6BD249D}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{B0DE3308-5D5A-470D-81B9-634FC078393B}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DFF9B2DA-EF99-4B26-83CB-7058299999D8}Key Found : HKCUSoftwareParetoLogicKey Found : HKCUSoftwareRadio_TV_2.1Key Found : HKLMSOFTWARE5b6d6dfb46ab913Key Found : HKLMSoftwareAskBarDisKey Found : HKLMSoftwareBrowseFoxKey Found : HKLMSOFTWAREClassesCLSID{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Found : HKLMSOFTWAREClassesCLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Found : HKLMSOFTWAREClassesCLSID{2A1260C1-2964-453F-B0BA-FA429472EB5F}Key Found : HKLMSOFTWAREClassesCLSID{30F9B915-B755-4826-820B-08FBA6BD249D}Key Found : HKLMSOFTWAREClassesCLSID{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Found : HKLMSOFTWAREClassesCLSID{363D5C92-10DC-4287-93E5-1832EECC48EC}Key Found : HKLMSOFTWAREClassesCLSID{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}Key Found : HKLMSOFTWAREClassesCLSID{4128C64D-F0DD-4811-9405-D22294E8151F}Key Found : HKLMSOFTWAREClassesCLSID{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}Key Found : HKLMSOFTWAREClassesCLSID{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Found : HKLMSOFTWAREClassesCLSID{66292684-B2C2-4C7C-B3D2-BF446E30744C}Key Found : HKLMSOFTWAREClassesCLSID{69407823-3494-4400-8D49-612549E8F4EE}Key Found : HKLMSOFTWAREClassesCLSID{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}Key Found : HKLMSOFTWAREClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLMSOFTWAREClassesCLSID{8FCA5302-6D6D-4645-BF99-D43CF76CE474}Key Found : HKLMSOFTWAREClassesCLSID{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}Key Found : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLMSOFTWAREClassesCLSID{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Found : HKLMSOFTWAREClassesCLSID{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Found : HKLMSOFTWAREClassesCLSID{ED345812-2722-4DCA-9976-D01832DB44EE}Key Found : HKLMSOFTWAREClassesInterface{07B18EAC-A523-4961-B6BB-170DE4475CCA}Key Found : HKLMSOFTWAREClassesInterface{17B10E59-09E1-4C39-A738-6774D7AB7778}Key Found : HKLMSOFTWAREClassesInterface{1AD2049E-E483-4425-8555-8E0775ACB631}Key Found : HKLMSOFTWAREClassesInterface{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}Key Found : HKLMSOFTWAREClassesInterface{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Found : HKLMSOFTWAREClassesInterface{3E720453-B472-4954-B7AA-33069EB53906}Key Found : HKLMSOFTWAREClassesInterface{3E9469AF-E866-4476-B767-810630F1F6E7}Key Found : HKLMSOFTWAREClassesInterface{47700C35-9E3E-4DAD-934C-0CE28A87237C}Key Found : HKLMSOFTWAREClassesInterface{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}Key Found : HKLMSOFTWAREClassesInterface{716E443D-7CAA-44F1-866B-F45D00E712CC}Key Found : HKLMSOFTWAREClassesInterface{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}Key Found : HKLMSOFTWAREClassesInterface{7FC87AC5-FA93-476E-A32C-A941229DED0B}Key Found : HKLMSOFTWAREClassesInterface{BBABDC90-F3D5-4801-863A-EE6AE529862D}Key Found : HKLMSOFTWAREClassesInterface{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}Key Found : HKLMSOFTWAREClassesInterface{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}Key Found : HKLMSOFTWAREClassesInterface{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}Key Found : HKLMSOFTWAREClassesInterface{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}Key Found : HKLMSoftwareClassespopcaploader.popcaploaderctrl2Key Found : HKLMSoftwareClassespopcaploader.popcaploaderctrl2.1Key Found : HKLMSOFTWAREClassesTypeLib{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}Key Found : HKLMSOFTWAREClassesTypeLib{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}Key Found : HKLMSOFTWAREClassesTypeLib{886F93AD-3CBB-4424-8442-A7340243540F}Key Found : HKLMSOFTWAREClassesTypeLib{9DBB28C1-1925-11D3-A498-00104B6EB52E}Key Found : HKLMSOFTWAREClassesTypeLib{AA289DBC-59B6-40A5-AC7D-C90DF850289C}Key Found : HKLMSOFTWAREClassesTypeLib{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}Key Found : HKLMSOFTWAREClassesTypeLib{CA723163-6FAD-43D4-8B93-0D8C52BD9974}Key Found : HKLMSOFTWAREClassesTypeLib{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}Key Found : HKLMSOFTWAREClassesTypeLib{FB0E8A09-F08C-44CF-9E15-97ADAC016248}Key Found : HKLMSOFTWAREClassesTypeLib{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}Key Found : HKLMSOFTWAREGoogleChromeExtensionsfdkednngfjmpnljkolbapdednncafhenKey Found : HKLMSOFTWAREGoogleChromeExtensionsfdkednngfjmpnljkolbapdednncafhenKey Found : HKLMSoftwareInstalledThirdPartyProgramsKey Found : HKLMSoftwareMetaStreamKey Found : HKLMSOFTWAREMicrosoftActive SetupInstalled Components{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Found : HKLMSOFTWAREMicrosoftActive SetupInstalled Components{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerExtensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCachealotToolbarKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheBrowseFoxKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheconduitEngineKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheDealPlyKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheHola Chrome ToolbarKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheLyricsSay-1Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyPC BackupKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCachemywebsearch bar uninstallKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheSearchProtectKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheSearchqu ToolbarKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheVideoDownloadConverter_4zbar UninstallKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheViewpointMediaPlayerKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheWindows Searchqu ToolbarKey Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{5354D921-3F52-47C5-938D-77A2FB6DEFE7}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{71144427-1368-4D18-8DC9-2AE3CC4C4F83}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{ED345812-2722-4DCA-9976-D01832DB44EE}Key Found : HKLMSOFTWAREMozillaPlugins@checkpoint.com/FFApiKey Found : HKLMSOFTWAREMozillaPlugins@funwebproducts.com/PluginKey Found : HKLMSOFTWAREMozillaPlugins@mywebsearch.com/PluginKey Found : HKLMSOFTWAREMozillaPlugins@viewpoint.com/VMPKey Found : HKLMSoftwareParetoLogicKey Found : HKLMSoftwareRadio_TV_2.1Key Found : HKLMSoftwareViewpointValue Found : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]Value Found : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}]Value Found : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Value Found : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]Value Found : HKCUSoftwareMozillaFirefoxExtensions [{ED76C299-85BC-4891-9237-74A140C28832}]Value Found : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]***** [ Browsers ] *****- Internet Explorer v8.0.6001.18702- Mozilla Firefox v24.0 (en-US)[ File : C:Documents and SettingsdaveApplication DataMozillaFirefoxProfileswuhqd7u7.defaultprefs.js ][ File : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610prefs.js ][ File : C:Documents and SettingsAdministrator.LAPPYApplication DataMozillaFirefoxProfiles9su1f55z.defaultprefs.js ]Line Found : user_pref("plugin.blocklisted.npviewpoint", true);- Google Chrome v30.0.1599.101[ File : C:Documents and SettingsdaveLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences ][ File : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences ]Found : icon_urlFound : search_urlFound : keywordFound : homepageFound : urls_to_restore_on_startup*************************AdwCleaner[R0].txt - [17807 octets] - [01/11/2013 18:47:05]########## EOF - C:AdwCleanerAdwCleaner[R0].txt - [17868 octets] ##########

 

# AdwCleaner v3.010 - Report created 01/11/2013 at 18:50:47# Updated 20/10/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : mickymick - LAPPY# Running from : C:Documents and SettingsmickymickDesktopAdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:Documents and SettingsAll UsersApplication DataBitGuardFolder Deleted : C:Documents and SettingsAll UsersApplication DataParetoLogicFolder Deleted : C:Documents and SettingsLocalServiceApplication DataAGIFolder Deleted : C:Documents and SettingsdaveLocal SettingsApplication DataConduitFolder Deleted : C:Documents and SettingsdaveLocal SettingsApplication DataKiwee ToolbarFolder Deleted : C:Documents and SettingsdaveApplication DataSearchqutoolbarFolder Deleted : C:Documents and SettingsmickymickLocal SettingsApplication DataPackageAwareFolder Deleted : C:Documents and SettingsmickymickLocal SettingsApplication DataRadio_TV_2.1Folder Deleted : C:Documents and SettingsmickymickApplication DataParetoLogicFolder Deleted : C:Documents and SettingsmickymickStart MenuProgramsBitGuardFolder Deleted : C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataConduitFolder Deleted : C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataConduitEngineFolder Deleted : C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataZyngaFolder Deleted : C:Documents and SettingsAdministrator.LAPPYLocal SettingsApplication DataRadio_TV_2.1Folder Deleted : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610CT3298566Folder Deleted : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610Extensions{1122b43d-30ee-403f-9bfa-3cc99b0caddd}[!] Folder Deleted : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfdkednngfjmpnljkolbapdednncafhen[!] Folder Deleted : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef[!] Folder Deleted : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfdkednngfjmpnljkolbapdednncafhenFile Deleted : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610searchpluginsBitGuard.xml***** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKCUSoftwareMozillaFirefoxExtensions [{ED76C299-85BC-4891-9237-74A140C28832}]Key Deleted : HKCUSoftwareGoogleChromeExtensionsfdkednngfjmpnljkolbapdednncafhenKey Deleted : HKLMSOFTWAREGoogleChromeExtensionsfdkednngfjmpnljkolbapdednncafhenKey Deleted : HKLMSoftwareClassespopcaploader.popcaploaderctrl2Key Deleted : HKLMSoftwareClassespopcaploader.popcaploaderctrl2.1Key Deleted : HKLMSOFTWAREMicrosoftActive SetupInstalled Components{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLMSOFTWAREMicrosoftActive SetupInstalled Components{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLMSOFTWAREMozillaPlugins@checkpoint.com/FFApiKey Deleted : HKLMSOFTWAREMozillaPlugins@funwebproducts.com/PluginKey Deleted : HKLMSOFTWAREMozillaPlugins@mywebsearch.com/PluginKey Deleted : HKLMSOFTWAREMozillaPlugins@viewpoint.com/VMPKey Deleted : HKCUSoftware5b6d6dfb46ab913Key Deleted : HKLMSOFTWARE5b6d6dfb46ab913Key Deleted : HKLMSOFTWAREClassesCLSID{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLMSOFTWAREClassesCLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLMSOFTWAREClassesCLSID{2A1260C1-2964-453F-B0BA-FA429472EB5F}Key Deleted : HKLMSOFTWAREClassesCLSID{30F9B915-B755-4826-820B-08FBA6BD249D}Key Deleted : HKLMSOFTWAREClassesCLSID{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKLMSOFTWAREClassesCLSID{363D5C92-10DC-4287-93E5-1832EECC48EC}Key Deleted : HKLMSOFTWAREClassesCLSID{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}Key Deleted : HKLMSOFTWAREClassesCLSID{4128C64D-F0DD-4811-9405-D22294E8151F}Key Deleted : HKLMSOFTWAREClassesCLSID{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKLMSOFTWAREClassesCLSID{66292684-B2C2-4C7C-B3D2-BF446E30744C}Key Deleted : HKLMSOFTWAREClassesCLSID{69407823-3494-4400-8D49-612549E8F4EE}Key Deleted : HKLMSOFTWAREClassesCLSID{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}Key Deleted : HKLMSOFTWAREClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLMSOFTWAREClassesCLSID{8FCA5302-6D6D-4645-BF99-D43CF76CE474}Key Deleted : HKLMSOFTWAREClassesCLSID{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}Key Deleted : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLMSOFTWAREClassesCLSID{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKLMSOFTWAREClassesCLSID{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKLMSOFTWAREClassesCLSID{ED345812-2722-4DCA-9976-D01832DB44EE}Key Deleted : HKLMSOFTWAREClassesCLSID{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}Key Deleted : HKLMSOFTWAREClassesInterface{07B18EAC-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLMSOFTWAREClassesInterface{17B10E59-09E1-4C39-A738-6774D7AB7778}Key Deleted : HKLMSOFTWAREClassesInterface{1AD2049E-E483-4425-8555-8E0775ACB631}Key Deleted : HKLMSOFTWAREClassesInterface{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}Key Deleted : HKLMSOFTWAREClassesInterface{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLMSOFTWAREClassesInterface{3E720453-B472-4954-B7AA-33069EB53906}Key Deleted : HKLMSOFTWAREClassesInterface{3E9469AF-E866-4476-B767-810630F1F6E7}Key Deleted : HKLMSOFTWAREClassesInterface{47700C35-9E3E-4DAD-934C-0CE28A87237C}Key Deleted : HKLMSOFTWAREClassesInterface{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLMSOFTWAREClassesInterface{716E443D-7CAA-44F1-866B-F45D00E712CC}Key Deleted : HKLMSOFTWAREClassesInterface{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}Key Deleted : HKLMSOFTWAREClassesInterface{7FC87AC5-FA93-476E-A32C-A941229DED0B}Key Deleted : HKLMSOFTWAREClassesInterface{BBABDC90-F3D5-4801-863A-EE6AE529862D}Key Deleted : HKLMSOFTWAREClassesInterface{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}Key Deleted : HKLMSOFTWAREClassesInterface{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}Key Deleted : HKLMSOFTWAREClassesInterface{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}Key Deleted : HKLMSOFTWAREClassesInterface{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}Key Deleted : HKLMSOFTWAREClassesTypeLib{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}Key Deleted : HKLMSOFTWAREClassesTypeLib{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}Key Deleted : HKLMSOFTWAREClassesTypeLib{886F93AD-3CBB-4424-8442-A7340243540F}Key Deleted : HKLMSOFTWAREClassesTypeLib{9DBB28C1-1925-11D3-A498-00104B6EB52E}Key Deleted : HKLMSOFTWAREClassesTypeLib{AA289DBC-59B6-40A5-AC7D-C90DF850289C}Key Deleted : HKLMSOFTWAREClassesTypeLib{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}Key Deleted : HKLMSOFTWAREClassesTypeLib{CA723163-6FAD-43D4-8B93-0D8C52BD9974}Key Deleted : HKLMSOFTWAREClassesTypeLib{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}Key Deleted : HKLMSOFTWAREClassesTypeLib{FB0E8A09-F08C-44CF-9E15-97ADAC016248}Key Deleted : HKLMSOFTWAREClassesTypeLib{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{201F27D4-3704-41D6-89C1-AA35E39143ED}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3041D03E-FD4B-44E0-B742-2D9B88305F98}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{30F9B915-B755-4826-820B-08FBA6BD249D}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{B0DE3308-5D5A-470D-81B9-634FC078393B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DFF9B2DA-EF99-4B26-83CB-7058299999D8}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{201F27D4-3704-41D6-89C1-AA35E39143ED}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3041D03E-FD4B-44E0-B742-2D9B88305F98}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{30F9B915-B755-4826-820B-08FBA6BD249D}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{8736C681-37A0-40C6-A0F0-4C083409151C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{B0DE3308-5D5A-470D-81B9-634FC078393B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{DFF9B2DA-EF99-4B26-83CB-7058299999D8}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{5354D921-3F52-47C5-938D-77A2FB6DEFE7}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{71144427-1368-4D18-8DC9-2AE3CC4C4F83}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{ED345812-2722-4DCA-9976-D01832DB44EE}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerExtensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{4ADC4B13-B4C2-4946-835E-C5F61FA9D8BF}]Key Deleted : HKCUSoftwarealotKey Deleted : HKCUSoftwareBrowseFoxKey Deleted : HKCUSoftwareInstalledThirdPartyProgramsKey Deleted : HKCUSoftwareParetoLogicKey Deleted : HKCUSoftwareRadio_TV_2.1Key Deleted : HKLMSoftwareAskBarDisKey Deleted : HKLMSoftwareBrowseFoxKey Deleted : HKLMSoftwareInstalledThirdPartyProgramsKey Deleted : HKLMSoftwareMetaStreamKey Deleted : HKLMSoftwareParetoLogicKey Deleted : HKLMSoftwareViewpointKey Deleted : HKLMSoftwareRadio_TV_2.1Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheDealPlyKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCache{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCachealotToolbarKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheBrowseFoxKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheconduitEngineKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheDealPlyKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheHola Chrome ToolbarKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheLyricsSay-1Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyPC BackupKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCachemywebsearch bar uninstallKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheSearchProtectKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheSearchqu ToolbarKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheVideoDownloadConverter_4zbar UninstallKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheViewpointMediaPlayerKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheWindows Searchqu Toolbar***** [ Browsers ] *****- Internet Explorer v8.0.6001.18702- Mozilla Firefox v24.0 (en-US)[ File : C:Documents and SettingsdaveApplication DataMozillaFirefoxProfileswuhqd7u7.defaultprefs.js ][ File : C:Documents and SettingsmickymickApplication DataMozillaFirefoxProfiles1ocmbs25.default-1378662864610prefs.js ][ File : C:Documents and SettingsAdministrator.LAPPYApplication DataMozillaFirefoxProfiles9su1f55z.defaultprefs.js ]Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);- Google Chrome v30.0.1599.101[ File : C:Documents and SettingsdaveLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences ][ File : C:Documents and SettingsmickymickLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences ]Deleted : icon_urlDeleted : search_urlDeleted : keywordDeleted : homepageDeleted : urls_to_restore_on_startup*************************AdwCleaner[R0].txt - [17949 octets] - [01/11/2013 18:47:05]AdwCleaner[s0].txt - [17897 octets] - [01/11/2013 18:50:47]########## EOF - C:AdwCleanerAdwCleaner[s0].txt - [17958 octets] ##########

:b33r:

 

sorry just noticed he'd used his email address for user so had to edit both my posts to change that. :bang:

Edited by terry1966

Share this post


Link to post
Share on other sites

OK, glad we ran those tools.

 

I've seen a couple of items thats been somewhat hard to get off of a few systems, how is this computer running now?

Share this post


Link to post
Share on other sites

no idea juliet, i haven't let it anywhere near my internet until you say it's ok. :rofl3:

 

didn't want it reporting home or anything if there was some serious malware on it, been transfer programs and logs via usb stick between it and my linux machine to post them.

 

so you want me to do any other scans, checks or can i just clean up the logs and programs used, check for any updates and give it back to him?

 

:b33r:

Share this post


Link to post
Share on other sites

OK

 

What the previous scans showed were related to adware.

 

Do the below scan, since it's not connected to the internet to see if it goes bonkers kinda hard to know what to do next. You wont be able to update the program for the newest definitions tho.

My thinking is, infected, strange things happen to a computer connected or not?

 

Before you give it back:

Download WOT, and spywareblaster (I'll give info and links for those after you post the log from MBAM)cause support for windows xp has stopped.....

 

Do the MBAM scan and let's see what the results are. That would tell me if indeed an online scan is necessary too.

 

 

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

 

Double Click mbam-setup.exe to install the application.

[*]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

[*]If an update is found, it will download and install the latest version.

[*]Once the program has loaded, select "Perform Quick Scan", then click Scan.

[*]The scan may take some time to finish,so please be patient.

[*]When the scan is complete, click OK, then Show Results to view the results.

[*]Make sure that everything is checked, and click Remove Selected.

[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

[*]Copy&Paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Edited by Juliet

Share this post


Link to post
Share on other sites

ok ran the scan it found 1 item which i told to delete and saved the log to desktop then it told me to do an emergency restart which i did and on the restart it ran checkdisk or something only lasted a few seconds so not sure exactly what it checked because i'm more used to checkdisk taking much longer.

 

anyway it then booted into windows fine so ran another quick mbam scan that was clean.

 

should mention the laptop always seems to give a warning error beeb when i log into windows which i don't think is normal from what i remember running windows myself a long time ago, but might be wrong so will probably need to check out why it does that later too.

 

here's the scan results,

 

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.01.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702mickymick :: LAPPY [administrator]11/1/2013 7:54:28 PMmbam-log-2013-11-01 (19-54-28).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 301322Time elapsed: 14 minute(s), 34 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:Documents and SettingsGuestMy DocumentsDownloadsFlvPlayerSetup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.(end)

:b33r:

Share this post


Link to post
Share on other sites

 

restart it ran checkdisk or something only lasted a few seconds so not sure exactly what it checked because i'm more used to checkdisk taking much longer

terry, thats an old bios setting to run checkdisk at startup, came with XP and maybe windows 98.

wish I had a better memory here, go to start, tools, accessories, check disk?

Could be located somewhere in msconfig....grrrrrrrr, I can't remember.

The Beep, we'll have to ask someone in User to User for that.

 

OK, what MBAM found is not concerning.

 

What I need to know is what it's doing now?

Share this post


Link to post
Share on other sites

wouldn't have thought it was a bios setting because it doesn't usually run a check on normal start up so thought it must have been something mbam had scheduled.

 

hard for me to tell if everything runs ok or if there's anything weird going on or if it's slow (yes it is very slow compared to my pc. :rofl3: ),

i created a new admin account and connected to the internet to just do some general browsing and watch a youtube video to test some things and everything seems to be working ok but very slow, for example i changed the flash setting to not use hardware acceleration and there was a lot of disc activity and the box stayed on screen for about a minute before the change took place, but like i said that may just be because it's an old slow laptop. :mrgreen:

 

one thing i've just remembered tho was that whilst in the guest account he said sometimes mse would show in red and you were unable to do a scan or update it, in fact you were unable to make any changes sometimes to mse in guest account which i'd assumed was malware related but that seems to be working fine now can, can open it and do an update, bit weird tho because it download and installed updates yet i'd only done exactly the same thing in an admin account 20 minutes ago so wouldn't have thought there'd be anything for it to update.

 

it's funny things like that mse updating when i didn't think it should that make me question if everything is ok even tho it does seem to be working fine. :laughing:

 

i'll probably look into startup programs and things later to see if i can speed it up a bit, and check the error logs to find out why it gives a 2 beeb error when i log into his admin account yet it doesn't for the other admin account i created or the 2 guest/non admin accounts on it.

 

i'd have to say unless you can think of anything else that may might find problems this laptop is as good as it's likely to get and we just need to do some cleanup.

 

and thanks again for all your time and effort juliet. :Rose:

 

:b33r:

Share this post


Link to post
Share on other sites

Terry, about the only thing we can do now is an online....

With this old machine, could be outdated drivers...who knows.

 

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

reboot.

 

Let's try

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Please go here to run the scan.

http://www.eset.com/us/online-scanner/run

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

[*]Select the option YES, I accept the Terms of Use then click on: Posted Image

[*]When prompted allow the Add-On/Active X to install.

[*]Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

[*]Now click on Advanced Settings and select the following:

[*]

[*]Scan for potentially unwanted applications

[*]Scan for potentially unsafe applications

[*]Enable Anti-Stealth Technology

[*]Now click on: Posted Image

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: Posted Image

[*]Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Share this post


Link to post
Share on other sites

all i can say is WOW!! it cleaned nearly 3 GB of files.

unheard of in my experience to have that many temp files so they must have been malware related i'd guess.

 

running eset scan now but think that's going to take hours if i remember correctly from the last time i did it.

 

:b33r:

Share this post


Link to post
Share on other sites

eset results.

 

# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=8dfb5cb2bead9842b4b157a2a50c2830# engine=15727# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2013-11-02 12:29:29# local_time=2013-11-02 12:29:29 (+0000, GMT Standard Time)# country="United Kingdom"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5892 16777213 88 94 1495565 11763561 0 0# scanned=69054# found=43# cleaned=0# scan_time=3995sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins101_cortica_m.js"sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins102_dealply_m.js"sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins104_jollywallet_m.js"sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins105_corticas_m.js"sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins107_coupish_m.js"sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins119_similar_web_m.js"sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins120_luck_m.js"sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins123_intext_adv_m.js"sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins124_superfish_no_search_no_coupons_m.js"sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins125_arcadi2_m.js"sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins128_superfish_pricora_m.js"sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins129_widdit_m.js"sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins135_arcadi3_m.js"sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins138_getdeal_m.js"sh=DB51332A37F65FD4863EE1B8A5BA62A02DA885F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins155_ibario_pops_m.js"sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins159_cortica_rollover_m.js"sh=3DA0E458C1D4F5CECA7F012A2B0DA4CC1C7B63A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins170_icm1_5_m.js"sh=EDAF8A2B6318DD482F0BBDC2A96C109697D86E5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins171_arcadi2_sourceID_m.js"sh=2184DFBF93B03726607BF2C44682CF058FB2987B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestApplication DataMozillaFirefoxProfilesus59xodu.defaultextensions71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.comextensionDataplugins174_arcadi_serp_dynamic_id_m.js"sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins101_cortica_m.js"sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins102_dealply_m.js"sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins103_intext_5_m.js"sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins104_jollywallet_m.js"sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins105_corticas_m.js"sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins107_coupish_m.js"sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins108_icm_m.js"sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins116_ads_only_5_m.js"sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins117_coupons_intext_ads_5_m.js"sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins119_similar_web_m.js"sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins120_luck_m.js"sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins123_intext_adv_m.js"sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins124_superfish_no_search_no_coupons_m.js"sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins125_arcadi2_m.js"sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins126_revizer_ws_m.js"sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins127_revizer_p_m.js"sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins128_superfish_pricora_m.js"sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins129_widdit_m.js"sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins135_arcadi3_m.js"sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins138_getdeal_m.js"sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins155_ibario_pops_m.js"sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins158_50onred_ads_only_no_fb_m.js"sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:Documents and SettingsGuestLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionspbjcbkbcncfkoljakenekllbfdonhjef1.24.15_0extensionDataplugins159_cortica_rollover_m.js"sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:Program FilesMozilla Firefoxbrowsernsprotector.js"

:b33r:

Edited by terry1966

Share this post


Link to post
Share on other sites

all i can say is WOW!! it cleaned nearly 3 GB of files.

unheard of in my experience to have that many temp files so they must have been malware related i'd guess.

No one has done any maintenance.

 

What Eset found is related to gaming Java files. <--mostly

Didn't see any deleted?

 

Go to the control panel and delete Java.....

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

[*]Download the latest version of http://www.java.com/en/

[*]Clearing Java Cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)Posted Image

[*]On the General tab, under Temporary Internet Files, click the Settings button.

[*]Next, click on the Delete Files button

[*]There are two options in the window to clear the cache - Leave all Checked

[*]Applications and Applets

Trace and Log Files

[*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

[*]Click OK to leave the Temporary Files Window

[*]Click OK to leave the Java Control Panel.

Computer should be running good?

Edited by Juliet
typo

Share this post


Link to post
Share on other sites

no i didn't delete what eset found, you never told me to. :P

 

will manually find and delete them all now.

 

java isn't installed on this laptop, and don't really want to put it back on, unless i need to, to "Note: This deletes ALL the Downloaded Applications and Applets from the CACHE."

 

so will wait for your next reply before doing anything with java, like install it and follow your instructions from last post. :mrgreen:

 

:b33r:

Share this post


Link to post
Share on other sites

no i didn't delete what eset found, you never told me to. :P will manually find and delete them all now. java isn't installed on this laptop, and don't really want to put it back on, unless i need to, to "Note: This deletes ALL the Downloaded Applications and Applets from the CACHE." so will wait for your next reply before doing anything with java, like install it and follow your instructions from last post. :mrgreen::b33r:

You can delete the Java and the cache, and should be done daily.You don't have to download Java again, many are doing well without it but, I can see this machine was used for gaming....Don't know if it was for the gentleman who owned it or if it was for his grand children.IF, they decide to play the games again they would get an alert to install Java again.So...have to leave that open.How's the computer now?

Share this post


Link to post
Share on other sites

It's been a pleasure working with you terry.

 

Your good to go, good job!

 

 

Please take the time to read over a few of my preventive tips.

 

http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

[*]Green should be good to go

[*]Yellow for caution

[*]Red to stop

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

Scan your computer regularly for malware

Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-

Please note that these products can also be run as free without a licience as a scan on demand scanner.

 

Backup regularly

 

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

 

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

 

Avoid P2P

 

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

 

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

[*]FBI Cyber Education Letter

File sharing infects 500,000 computers

USAToday

infoworld

*********************************************

Please read the following safe computing articles..

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

Then consider a password keeper, to keep all your passwords safe.

 

Free Antivirus-AntiSpyware-Firewall Software

 

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html

http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

How did I get infected in the first place? by TonyKlein

http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place/

 

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Share this post


Link to post
Share on other sites

thank you very much for all your help juliet and i'll get onto those last few things.

 

been a pleasure for me to, have a nice day. :Rose:

 

:b33r:

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...