[RESOLVED] How to check if I have a Keylogger on my laptop - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 55

Thread: [RESOLVED] How to check if I have a Keylogger on my laptop

  1. #16
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Additional log 2 of 2 parts

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 13:00 - 2018-07-27 21:18 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1801674531-448539723-1606980848-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.1.254
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\eraser.exe -hide
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
    StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
    StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe] => Enabled:ST330 service
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
    StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson\ST330\service\st330service.exe] => Enabled:ST330 service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Antivirus\AvEmUpdate.exe] => Enabled:Antivirus Emergency Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
    StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
    StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabled:@xpsp2res.dll,-22007
    StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabled:@xpsp2res.dll,-22008

    ==================== Restore Points =========================

    17-07-2018 11:09:32 Automatic Restore Point
    17-07-2018 18:42:37 Automatic Restore Point
    17-07-2018 21:18:31 Automatic Restore Point
    17-07-2018 22:18:46 Automatic Restore Point
    17-07-2018 23:30:24 Automatic Restore Point
    18-07-2018 08:35:48 Automatic Restore Point
    18-07-2018 13:05:12 Automatic Restore Point
    18-07-2018 16:44:54 Automatic Restore Point
    18-07-2018 18:10:48 Automatic Restore Point
    19-07-2018 09:51:22 Automatic Restore Point
    19-07-2018 17:42:05 Automatic Restore Point
    19-07-2018 17:54:26 Automatic Restore Point
    19-07-2018 19:34:30 Automatic Restore Point
    19-07-2018 22:21:03 Automatic Restore Point
    20-07-2018 00:32:58 Automatic Restore Point
    20-07-2018 05:38:25 Automatic Restore Point
    20-07-2018 14:48:15 Automatic Restore Point
    21-07-2018 16:54:14 Automatic Restore Point
    22-07-2018 02:00:18 Restore Operation
    22-07-2018 02:10:34 Automatic Restore Point
    22-07-2018 02:18:04 Installed Windows XP Wdf01009.
    22-07-2018 02:23:47 Automatic Restore Point
    22-07-2018 16:10:43 Automatic Restore Point
    22-07-2018 16:21:37 Automatic Restore Point
    22-07-2018 17:23:24 Automatic Restore Point
    22-07-2018 21:00:34 Automatic Restore Point
    22-07-2018 21:25:09 Automatic Restore Point
    23-07-2018 22:08:27 Automatic Restore Point
    24-07-2018 01:23:18 Automatic Restore Point
    24-07-2018 03:11:33 Automatic Restore Point
    24-07-2018 03:25:34 Restore Operation
    24-07-2018 03:50:35 Restore Operation
    24-07-2018 04:15:46 Restore Operation
    24-07-2018 04:41:32 Restore Operation
    24-07-2018 04:45:09 Automatic Restore Point
    24-07-2018 04:50:53 Restore Operation
    24-07-2018 05:11:31 Automatic Restore Point
    24-07-2018 05:18:08 Installed Windows XP Wdf01009.
    24-07-2018 05:24:47 Installed Windows XP Wdf01009.
    24-07-2018 06:06:28 Automatic Restore Point
    24-07-2018 07:31:05 Automatic Restore Point
    24-07-2018 07:47:40 Installed Windows KB954550-v5.
    24-07-2018 07:47:58 Printer Driver Microsoft XPS Document Writer Installed
    24-07-2018 07:48:18 Printer Driver Microsoft XPS Document Writer Installed
    24-07-2018 08:02:23 Automatic Restore Point
    24-07-2018 09:04:58 Automatic Restore Point
    24-07-2018 10:30:16 Automatic Restore Point
    24-07-2018 18:11:38 Automatic Restore Point
    25-07-2018 08:27:50 Automatic Restore Point
    25-07-2018 09:35:24 Automatic Restore Point
    25-07-2018 10:24:16 Automatic Restore Point
    25-07-2018 10:35:25 Revo Uninstaller's restore point - SpyShelter Premium 11.1
    25-07-2018 10:45:09 Automatic Restore Point
    25-07-2018 11:16:31 Automatic Restore Point
    25-07-2018 13:29:00 Automatic Restore Point
    25-07-2018 18:52:21 Installed Keylogger Detector
    25-07-2018 19:01:39 Revo Uninstaller's restore point - Keylogger Detector
    25-07-2018 19:02:05 Removed Keylogger Detector
    25-07-2018 19:05:44 Installed Keylogger Detector
    25-07-2018 19:07:29 Revo Uninstaller's restore point - Keylogger Detector
    25-07-2018 19:07:54 Removed Keylogger Detector
    25-07-2018 19:15:58 Automatic Restore Point
    25-07-2018 21:03:50 Automatic Restore Point
    26-07-2018 11:42:08 Automatic Restore Point
    26-07-2018 18:39:26 Automatic Restore Point
    26-07-2018 19:37:19 Automatic Restore Point
    26-07-2018 21:12:30 Automatic Restore Point
    27-07-2018 12:58:46 Automatic Restore Point
    27-07-2018 19:53:26 Automatic Restore Point
    27-07-2018 21:14:40 Automatic Restore Point
    27-07-2018 21:34:09 Installed Windows KB954550-v5.
    27-07-2018 21:34:25 Printer Driver Microsoft XPS Document Writer Installed
    27-07-2018 21:34:44 Printer Driver Microsoft XPS Document Writer Installed
    27-07-2018 21:49:55 Automatic Restore Point

    ==================== Faulty Device Manager Devices =============

    Name: IrDA Fast Infrared Port
    Description: IrDA Fast Infrared Port
    Class Guid: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
    Manufacturer: National Semiconductor
    Service: NSCIRDA
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/27/2018 09:57:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/27/2018 09:50:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (07/27/2018 08:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application frst.exe, version 21.7.2018.0, faulting module frst.exe, version 21.7.2018.0, fault address 0x0002129e.
    Processing media-specific event for [frst.exe!ws!]

    Error: (07/26/2018 06:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (07/25/2018 08:45:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (07/25/2018 08:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
    Processing media-specific event for [drwtsn32.exe!ws!]

    Error: (07/25/2018 08:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04155a21.
    Processing media-specific event for [explorer.exe!ws!]

    Error: (07/25/2018 08:01:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
    Processing media-specific event for [plugin-container.exe!ws!]


    System errors:
    =============
    Error: (07/27/2018 09:50:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TfFsMon
    TfSysMon

    Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.

    Error: (07/27/2018 09:15:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    TfFsMon
    TfSysMon

    Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
    The system cannot find the path specified.

    Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz
    Percentage of memory in use: 53%
    Total physical RAM: 2038.07 MB
    Available physical RAM: 944.46 MB
    Total Virtual: 3406.3 MB
    Available Virtual: 2397.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:200.19 GB) (Free:126.69 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive d: (New Volume) (Fixed) (Total:265.57 GB) (Free:137.06 GB) NTFS


    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B4B9B3EC)
    Partition 1: (Active) - (Size=200.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=265.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  2. #17
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    jdc2000 - totally there are 4 posts - 2 for the First log and 2 for the Additional log. Hope they are received in good order. Please let me know if there is any problem. Once again, thanks for your kind help to forward them to Broni
    Last edited by slickcondo; July 27th, 2018 at 07:26 PM.

  3. #18
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ============================================

    This is a known scam so you shouldn't worry about that email at all.
    However since you're here we can check if your computer is healthy.

    Uninstall following unwanted program:

    Registry Drill

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  4. #19
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Quote Originally Posted by Broni View Post
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ============================================

    This is a known scam so you shouldn't worry about that email at all.
    However since you're here we can check if your computer is healthy.

    Uninstall following unwanted program:

    Registry Drill

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
    Hi Broni - thanks for the quick response. A few questions please:
    1) you mean from the scan log, there is no keylogger in my laptop ? Then how did this sender knows one of my password even though it is not longer used on the scam email sent to me ?
    2) how do I find Registry Drill to delete it ?
    3) The malwarebite is the popular one ? I am already using it for few years already - the free version and I update it regularly. After I received the email, I ran it and it came up with 4 PUP that I delted. The next day I ran it again and nothing showed up
    I also ran my AVG antivirus - free version and nothing showed up also.

    But I would still like to go through all the steps you mentioned. Thanks for your help
    Last edited by slickcondo; July 27th, 2018 at 08:02 PM.

  5. #20
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please don't quote my replies because it creates unnecessary clutter. Thank you

    1. So far I don't see much there. As for the scam: https://www.bleepingcomputer.com/new...n-adult-sites/
    2. How to uninstall program in Windows XP: https://www.pcrisk.com/how-to-remove...rogram-windows
    3. Go ahead with scans I asked for in my previous reply.

  6. #21
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Bronti - Thanks for the 2 links. Actually I did not see Registry Drill on my Add Remove Program, and I thought is was created somewhere else. But now on second look, I can see it and will remove it. Thanks.

    Regarding the scans, actually I have just finished running RoughKiller, but have not deleted any thing yet as I need to ask you a couple of things.
    When I looked at the finished scaned result, it says Remove Selected. But I notice
    1) some were not selected and some were selected for removal. Why were some selected and some not ? Is this correct or should I also select all that appeared with a tick that were not at the present ?
    2) I also noticed that a couple of selected ones are programs that I have installed and used for years without problems, especially the System Restore Point at start up which was highlighted in red and PUP for Zone Alarm which is a firewall. If I delete these, does that mean these programs will no longer work ?

    Looking forward for your clarifications as the scan results are waiting for removal as I hope I don't have to re-run the scan again because it too a lont timg. Thanks

  7. #22
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You only do Remove Selected. Do not checkmark anything else.

  8. #23
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Broni - what about the second question in my previous message ? You did not reply to that.

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    You may uncheck those entries you're 100% sure they're legit.

  10. #25
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Broni - thanks. If that is the case, then it is everyone marked after the scan today as they all relates to AVG antivirus and Zone Alarm. For some reasons, today's scan did not show the Restore Point as Start Up. Today's scan shows 29, yesterday was 49. Strange ? Anyway, here is the scan report for today. Malwarebyte scan report on the next post

    RogueKiller V12.12.28.0 [Jul 23 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller.exe
    Mode : Scan -- Date : 07/29/2018 21:51:42 (Duration : 00:56:17)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 18 ¤¤¤
    [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} (C:\Program Files\Common Files\System\ado\msado15.dll) -> Found
    [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} ("C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe") -> Found
    [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Check Point Software Technologies LTD -> Found
    [PUP.Conduit|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Conduit -> Found
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Taronja -> Found
    [PUP.Auslogics] HKEY_USERS\.DEFAULT\Software\Auslogics -> Found
    [PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AVG Security Toolbar -> Found
    [PUP.Auslogics] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Auslogics -> Found
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Check Point Software Technologies LTD -> Found
    [PUP.Conduit|PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Conduit -> Found
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Headlight -> Found
    [PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\YahooPartnerToolbar -> Found
    [PUP.Auslogics] HKEY_USERS\S-1-5-18\Software\Auslogics -> Found
    [PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AVG Security Toolbar -> Found
    [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar -> Found
    [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
    [PUP.Gen0] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 10 ¤¤¤
    [PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\CheckPoint\ZoneAlarm LTD Toolbar -> Found
    [PUP.PCProtect][Folder] C:\Documents and Settings\Administrator\Application Data\TotalAV -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Secure Search -> Found
    [PUP.Gen1][Folder] C:\Program Files\Check Point Software Technologies LTD -> Found
    [PUP.Conduit|PUP.Gen1][Folder] C:\Program Files\Conduit -> Found
    [PUP.Gen1][Folder] C:\Program Files\Uninstaller -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD -> Found
    [PUP.PCProtect][Folder] C:\Documents and Settings\Administrator\Application Data\TotalAV -> Found
    [PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Secure Search -> Found

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BUCT-63LS5Y1 +++++
    --- User ---
    [MBR] 6f7b2b074d5c132030445c633c788dd7
    [BSP] b414baf153532c788ab49ee826819d40 : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 204993 MB [Windows XP Bootstrap | Windows XP Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419826645 | Size: 271944 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

  11. #26
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Go on...

  12. #27
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Here is the scan report just finished for Malwarebytes. By the way, how do I delet tthe FIRST software ? It does not appear on Add Remove Program on Control Panel ?

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 10/18/17
    Scan Time: 9:35 PM
    Log File: eeb7938a-b443-11e7-954f-001636b15235.json
    Administrator: Yes

    -Software Information-
    Version: 3.2.2.2029
    Components Version: 1.0.212
    Update Package Version: 1.0.3043
    License: Trial

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: HOME\Administrator

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 241932
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 23 min, 41 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)

    (end)

  13. #28
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Broni - sorry I sent you the wrong Malwarebytes report earlier...sorry. Here is the recent scan report.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 7/29/18
    Scan Time: 11:13 PM
    Log File: a8d41821-937c-11e8-8905-001636b15235.json
    Administrator: Yes

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.365
    Update Package Version: 1.0.6119
    License: Free

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: HOME\Administrator

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 189253
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 23 min, 29 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)

    (end)

  14. #29
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Don't worry about deleting anything now.

  15. #30
    Join Date
    Jun 2009
    Location
    London, UK
    Posts
    999
    Broni - I tried to run the adwcleaner given on the link you gave. But get the message ..."The application has failed to start because dwmap.dll was not found. Re-installing the application may fix the probelm"....

    I tried to do that but still get the same message. I download both versions. One is the Beta version and still got the same message. Is it because it is not for XP ? Seems to say for Vista and upwards, not XP.

    Alternatively. maybe I can send you the scan report of SuperAntispyware instead or do you have an alternative link or program ?

Thread Information

Users Browsing this Thread

There are currently 6 users browsing this thread. (0 members and 6 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •