-
July 27th, 2018, 06:25 PM
#16
Additional log 2 of 2 parts
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 13:00 - 2018-07-27 21:18 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1801674531-448539723-1606980848-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Eraser => C:\Program Files\Eraser\eraser.exe -hide
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ZoneLabs\vsmon.exe] => Enabled:vsmon
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe] => Enabled:ST330 service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\stInstall.exe] => Enabled:SpeedTouch Home Install Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Thomson\ST330\service\st330service.exe] => Enabled:ST330 service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Antivirus\AvEmUpdate.exe] => Enabled:Antivirus Emergency Update
StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNetisabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNetisabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
17-07-2018 11:09:32 Automatic Restore Point
17-07-2018 18:42:37 Automatic Restore Point
17-07-2018 21:18:31 Automatic Restore Point
17-07-2018 22:18:46 Automatic Restore Point
17-07-2018 23:30:24 Automatic Restore Point
18-07-2018 08:35:48 Automatic Restore Point
18-07-2018 13:05:12 Automatic Restore Point
18-07-2018 16:44:54 Automatic Restore Point
18-07-2018 18:10:48 Automatic Restore Point
19-07-2018 09:51:22 Automatic Restore Point
19-07-2018 17:42:05 Automatic Restore Point
19-07-2018 17:54:26 Automatic Restore Point
19-07-2018 19:34:30 Automatic Restore Point
19-07-2018 22:21:03 Automatic Restore Point
20-07-2018 00:32:58 Automatic Restore Point
20-07-2018 05:38:25 Automatic Restore Point
20-07-2018 14:48:15 Automatic Restore Point
21-07-2018 16:54:14 Automatic Restore Point
22-07-2018 02:00:18 Restore Operation
22-07-2018 02:10:34 Automatic Restore Point
22-07-2018 02:18:04 Installed Windows XP Wdf01009.
22-07-2018 02:23:47 Automatic Restore Point
22-07-2018 16:10:43 Automatic Restore Point
22-07-2018 16:21:37 Automatic Restore Point
22-07-2018 17:23:24 Automatic Restore Point
22-07-2018 21:00:34 Automatic Restore Point
22-07-2018 21:25:09 Automatic Restore Point
23-07-2018 22:08:27 Automatic Restore Point
24-07-2018 01:23:18 Automatic Restore Point
24-07-2018 03:11:33 Automatic Restore Point
24-07-2018 03:25:34 Restore Operation
24-07-2018 03:50:35 Restore Operation
24-07-2018 04:15:46 Restore Operation
24-07-2018 04:41:32 Restore Operation
24-07-2018 04:45:09 Automatic Restore Point
24-07-2018 04:50:53 Restore Operation
24-07-2018 05:11:31 Automatic Restore Point
24-07-2018 05:18:08 Installed Windows XP Wdf01009.
24-07-2018 05:24:47 Installed Windows XP Wdf01009.
24-07-2018 06:06:28 Automatic Restore Point
24-07-2018 07:31:05 Automatic Restore Point
24-07-2018 07:47:40 Installed Windows KB954550-v5.
24-07-2018 07:47:58 Printer Driver Microsoft XPS Document Writer Installed
24-07-2018 07:48:18 Printer Driver Microsoft XPS Document Writer Installed
24-07-2018 08:02:23 Automatic Restore Point
24-07-2018 09:04:58 Automatic Restore Point
24-07-2018 10:30:16 Automatic Restore Point
24-07-2018 18:11:38 Automatic Restore Point
25-07-2018 08:27:50 Automatic Restore Point
25-07-2018 09:35:24 Automatic Restore Point
25-07-2018 10:24:16 Automatic Restore Point
25-07-2018 10:35:25 Revo Uninstaller's restore point - SpyShelter Premium 11.1
25-07-2018 10:45:09 Automatic Restore Point
25-07-2018 11:16:31 Automatic Restore Point
25-07-2018 13:29:00 Automatic Restore Point
25-07-2018 18:52:21 Installed Keylogger Detector
25-07-2018 19:01:39 Revo Uninstaller's restore point - Keylogger Detector
25-07-2018 19:02:05 Removed Keylogger Detector
25-07-2018 19:05:44 Installed Keylogger Detector
25-07-2018 19:07:29 Revo Uninstaller's restore point - Keylogger Detector
25-07-2018 19:07:54 Removed Keylogger Detector
25-07-2018 19:15:58 Automatic Restore Point
25-07-2018 21:03:50 Automatic Restore Point
26-07-2018 11:42:08 Automatic Restore Point
26-07-2018 18:39:26 Automatic Restore Point
26-07-2018 19:37:19 Automatic Restore Point
26-07-2018 21:12:30 Automatic Restore Point
27-07-2018 12:58:46 Automatic Restore Point
27-07-2018 19:53:26 Automatic Restore Point
27-07-2018 21:14:40 Automatic Restore Point
27-07-2018 21:34:09 Installed Windows KB954550-v5.
27-07-2018 21:34:25 Printer Driver Microsoft XPS Document Writer Installed
27-07-2018 21:34:44 Printer Driver Microsoft XPS Document Writer Installed
27-07-2018 21:49:55 Automatic Restore Point
==================== Faulty Device Manager Devices =============
Name: IrDA Fast Infrared Port
Description: IrDA Fast Infrared Port
Class Guid: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Manufacturer: National Semiconductor
Service: NSCIRDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/27/2018 09:57:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/27/2018 09:50:38 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (07/27/2018 08:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 21.7.2018.0, faulting module frst.exe, version 21.7.2018.0, fault address 0x0002129e.
Processing media-specific event for [frst.exe!ws!]
Error: (07/26/2018 06:45:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (07/25/2018 08:45:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (07/25/2018 08:37:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
Error: (07/25/2018 08:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04155a21.
Processing media-specific event for [explorer.exe!ws!]
Error: (07/25/2018 08:01:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.9.0.6746, faulting module mozglue.dll, version 52.9.0.6746, fault address 0x0000fb33.
Processing media-specific event for [plugin-container.exe!ws!]
System errors:
=============
Error: (07/27/2018 09:50:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon
Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/27/2018 09:48:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.
Error: (07/27/2018 09:15:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon
Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender Antivirus Free Edition service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/27/2018 09:13:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Bitdefender Antivirus Free Edition service to connect.
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz
Percentage of memory in use: 53%
Total physical RAM: 2038.07 MB
Available physical RAM: 944.46 MB
Total Virtual: 3406.3 MB
Available Virtual: 2397.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200.19 GB) (Free:126.69 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:265.57 GB) (Free:137.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B4B9B3EC)
Partition 1: (Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=265.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-
July 27th, 2018, 06:29 PM
#17
jdc2000 - totally there are 4 posts - 2 for the First log and 2 for the Additional log. Hope they are received in good order. Please let me know if there is any problem. Once again, thanks for your kind help to forward them to Broni
Last edited by slickcondo; July 27th, 2018 at 07:26 PM.
-
July 27th, 2018, 07:25 PM
#18
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
============================================
This is a known scam so you shouldn't worry about that email at all.
However since you're here we can check if your computer is healthy.
Uninstall following unwanted program:
Registry Drill
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
-
July 27th, 2018, 07:43 PM
#19
Originally Posted by Broni
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
============================================
This is a known scam so you shouldn't worry about that email at all.
However since you're here we can check if your computer is healthy.
Uninstall following unwanted program:
Registry Drill
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
Hi Broni - thanks for the quick response. A few questions please:
1) you mean from the scan log, there is no keylogger in my laptop ? Then how did this sender knows one of my password even though it is not longer used on the scam email sent to me ?
2) how do I find Registry Drill to delete it ?
3) The malwarebite is the popular one ? I am already using it for few years already - the free version and I update it regularly. After I received the email, I ran it and it came up with 4 PUP that I delted. The next day I ran it again and nothing showed up
I also ran my AVG antivirus - free version and nothing showed up also.
But I would still like to go through all the steps you mentioned. Thanks for your help
Last edited by slickcondo; July 27th, 2018 at 08:02 PM.
-
July 27th, 2018, 09:38 PM
#20
Please don't quote my replies because it creates unnecessary clutter. Thank you
1. So far I don't see much there. As for the scam: https://www.bleepingcomputer.com/new...n-adult-sites/
2. How to uninstall program in Windows XP: https://www.pcrisk.com/how-to-remove...rogram-windows
3. Go ahead with scans I asked for in my previous reply.
-
July 27th, 2018, 11:57 PM
#21
Bronti - Thanks for the 2 links. Actually I did not see Registry Drill on my Add Remove Program, and I thought is was created somewhere else. But now on second look, I can see it and will remove it. Thanks.
Regarding the scans, actually I have just finished running RoughKiller, but have not deleted any thing yet as I need to ask you a couple of things.
When I looked at the finished scaned result, it says Remove Selected. But I notice
1) some were not selected and some were selected for removal. Why were some selected and some not ? Is this correct or should I also select all that appeared with a tick that were not at the present ?
2) I also noticed that a couple of selected ones are programs that I have installed and used for years without problems, especially the System Restore Point at start up which was highlighted in red and PUP for Zone Alarm which is a firewall. If I delete these, does that mean these programs will no longer work ?
Looking forward for your clarifications as the scan results are waiting for removal as I hope I don't have to re-run the scan again because it too a lont timg. Thanks
-
July 28th, 2018, 06:25 PM
#22
You only do Remove Selected. Do not checkmark anything else.
-
July 29th, 2018, 01:19 PM
#23
Broni - what about the second question in my previous message ? You did not reply to that.
-
July 29th, 2018, 03:46 PM
#24
You may uncheck those entries you're 100% sure they're legit.
-
July 29th, 2018, 06:06 PM
#25
Broni - thanks. If that is the case, then it is everyone marked after the scan today as they all relates to AVG antivirus and Zone Alarm. For some reasons, today's scan did not show the Restore Point as Start Up. Today's scan shows 29, yesterday was 49. Strange ? Anyway, here is the scan report for today. Malwarebyte scan report on the next post
RogueKiller V12.12.28.0 [Jul 23 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 07/29/2018 21:51:42 (Duration : 00:56:17)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 18 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} (C:\Program Files\Common Files\System\ado\msado15.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} ("C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe") -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Check Point Software Technologies LTD -> Found
[PUP.Conduit|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Conduit -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Taronja -> Found
[PUP.Auslogics] HKEY_USERS\.DEFAULT\Software\Auslogics -> Found
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AVG Security Toolbar -> Found
[PUP.Auslogics] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Auslogics -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Check Point Software Technologies LTD -> Found
[PUP.Conduit|PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Conduit -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\Headlight -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\Software\YahooPartnerToolbar -> Found
[PUP.Auslogics] HKEY_USERS\S-1-5-18\Software\Auslogics -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AVG Security Toolbar -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-1801674531-448539723-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 10 ¤¤¤
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\CheckPoint\ZoneAlarm LTD Toolbar -> Found
[PUP.PCProtect][Folder] C:\Documents and Settings\Administrator\Application Data\TotalAV -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\Program Files\Check Point Software Technologies LTD -> Found
[PUP.Conduit|PUP.Gen1][Folder] C:\Program Files\Conduit -> Found
[PUP.Gen1][Folder] C:\Program Files\Uninstaller -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD -> Found
[PUP.PCProtect][Folder] C:\Documents and Settings\Administrator\Application Data\TotalAV -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\All Users\Application Data\AVG Secure Search -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BUCT-63LS5Y1 +++++
--- User ---
[MBR] 6f7b2b074d5c132030445c633c788dd7
[BSP] b414baf153532c788ab49ee826819d40 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 204993 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419826645 | Size: 271944 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
-
July 29th, 2018, 06:23 PM
#26
-
July 29th, 2018, 07:10 PM
#27
Here is the scan report just finished for Malwarebytes. By the way, how do I delet tthe FIRST software ? It does not appear on Add Remove Program on Control Panel ?
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 10/18/17
Scan Time: 9:35 PM
Log File: eeb7938a-b443-11e7-954f-001636b15235.json
Administrator: Yes
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3043
License: Trial
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HOME\Administrator
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 241932
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 23 min, 41 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
-
July 29th, 2018, 07:19 PM
#28
Broni - sorry I sent you the wrong Malwarebytes report earlier...sorry. Here is the recent scan report.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 7/29/18
Scan Time: 11:13 PM
Log File: a8d41821-937c-11e8-8905-001636b15235.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.6119
License: Free
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HOME\Administrator
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 189253
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 23 min, 29 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
-
July 29th, 2018, 07:31 PM
#29
Don't worry about deleting anything now.
-
July 29th, 2018, 07:44 PM
#30
Broni - I tried to run the adwcleaner given on the link you gave. But get the message ..."The application has failed to start because dwmap.dll was not found. Re-installing the application may fix the probelm"....
I tried to do that but still get the same message. I download both versions. One is the Beta version and still got the same message. Is it because it is not for XP ? Seems to say for Vista and upwards, not XP.
Alternatively. maybe I can send you the scan report of SuperAntispyware instead or do you have an alternative link or program ?
Thread Information
Users Browsing this Thread
There are currently 7 users browsing this thread. (0 members and 7 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|