Jump to content

PUM.Optional.Proxyhijacker


Recommended Posts

So, I've not been able to get rid of this.  It will say that it has, but will show up again later.  I see from other threads that it can be difficult to remove, so help please.  This is an older laptop running Windows XP that I use daily for work.  There are several work specialty software programs installed.

Here are my scan logs.  Included is a morning and afternoon Malwarebytes scan, and the two Farbar scans.

MBAMScan51216am.txt

MBAMScan51216pm.txt

FRST.txt

Addition.txt

Link to post
Share on other sites


Hello and :welcome:
If you've not already done so please start here and post back the 2 log files FRST.txt and Addition.txt

P2P/Piracy Warning:
 


If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.[/indent]


Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

Let's get started ....

First, I will reset your proxy to default OS settings.  IF you know that that should not be that way, please let me know and we will restore the settings.


Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

 

Fixlist.txt

Link to post
Share on other sites

Ok, here it is.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:14-05-2016
Ran by Owner (2016-05-14 11:32:03) Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll <==== ATTENTION
HKU\S-1-5-21-1614895754-507921405-839522115-1003\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE [1033728 2008-04-13] (Microsoft Corporation) <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50370
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:50370
Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\mswsock.dll"
CMD: netsh winsock reset
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-507921405-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/
SearchScopes: HKU\S-1-5-21-1614895754-507921405-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {A3BC75A2-1F87-4686-AA43-5347D756017C} -> No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1614895754-507921405-839522115-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 50370
FF NetworkProxy: "type", 4
FF Plugin: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin HKU\S-1-5-21-1614895754-507921405-839522115-1003: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [No File]
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 PTDUBus; system32\DRIVERS\PTDUBus.sys [X]
S3 PTDUMdm; system32\DRIVERS\PTDUMdm.sys [X]
S3 PTDUVsp; system32\DRIVERS\PTDUVsp.sys [X]
S3 PTDUWWAN; system32\DRIVERS\PTDUWWAN.sys [X]
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U1 WS2IFSL; no ImagePath
C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
C:\Windows\system32\DRIVERS\PTDUBus.sys
C:\Windows\system32\DRIVERS\PTDUMdm.sys
C:\Windows\system32\DRIVERS\PTDUVsp.sys
C:\Windows\system32\DRIVERS\PTDUWWAN.sys
C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
C:\Windows\system32\DRIVERS\UIUSYS.SYS
ZeroAccess:
C:\Windows\Installer\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8}
C:\Windows\Installer\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8}\L\1afb2d56
C:\Windows\Installer\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8}\L\201d3dde
ZeroAccess:
C:\Documents and Settings\Owner\Local Settings\Application Data\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8}
C:\Documents and Settings\Owner\Local Settings\temp\RtkBtMnt.exe
C:\Documents and Settings\Owner\Local Settings\temp\swt-win32-3347.dll
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> no filepath
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:99671BE2 [278]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C6070AC3 [362]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:FD34FE88 [222]
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\EarthPointFlyTo_213702.kml:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\EarthPointFlyTo_213702.kml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Documents and Settings\Owner\My Documents\Craftsman:com.dropbox.attributes [168]
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => value restored successfully
"HKU\S-1-5-21-1614895754-507921405-839522115-1003\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => key removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-1614895754-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}" => key removed successfully.
HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-1614895754-507921405-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
"HKCR\PROTOCOLS\Handler\avgsecuritytoolbar" => key removed successfully.
HKCR\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
Firefox Proxy settings were reset.
FF NetworkProxy: "http_port", 50370 => not found
FF NetworkProxy: "type", 4 => not found
"HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003\Software\MozillaPlugins\@macromedia.com/FlashPlayer9" => key removed successfully.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll => not found.
catchme => service removed successfully.
IntelIde => service removed successfully.
PTDUBus => service removed successfully.
PTDUMdm => service removed successfully.
PTDUVsp => service removed successfully.
PTDUWWAN => service removed successfully.
SMNDIS5 => service removed successfully.
UIUSys => service removed successfully.
WS2IFSL => service removed successfully.
"C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys" => not found.
"C:\Windows\system32\DRIVERS\PTDUBus.sys" => not found.
"C:\Windows\system32\DRIVERS\PTDUMdm.sys" => not found.
"C:\Windows\system32\DRIVERS\PTDUVsp.sys" => not found.
"C:\Windows\system32\DRIVERS\PTDUWWAN.sys" => not found.
"C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS" => not found.
"C:\Windows\system32\DRIVERS\UIUSYS.SYS" => not found.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Windows\Installer\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8} => moved successfully
"C:\Windows\Installer\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8}\L\1afb2d56" => not found.
"C:\Windows\Installer\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8}\L\201d3dde" => not found.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Documents and Settings\Owner\Local Settings\Application Data\{b2a8d161-e77f-f9a0-1d5a-d4b9edfe48b8} => moved successfully
C:\Documents and Settings\Owner\Local Settings\temp\RtkBtMnt.exe => moved successfully
C:\Documents and Settings\Owner\Local Settings\temp\swt-win32-3347.dll => moved successfully
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}" => key removed successfully.
"HKU\S-1-5-21-1614895754-507921405-839522115-1003_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" => key removed successfully.
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd => moved successfully
C:\Documents and Settings\All Users\Application Data\TEMP => ":99671BE2" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\TEMP => ":C6070AC3" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\TEMP => ":FD34FE88" ADS removed successfully..
C:\Documents and Settings\Owner\Desktop\EarthPointFlyTo_213702.kml => ":SummaryInformation" ADS removed successfully..
C:\Documents and Settings\Owner\Desktop\EarthPointFlyTo_213702.kml => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
C:\Documents and Settings\Owner\My Documents\Craftsman => ":com.dropbox.attributes" ADS removed successfully..

=========  ipconfig /flushdns =========

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========  netsh advfirewall reset =========

The following command was not found: advfirewall reset.

========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

The following command was not found: advfirewall set allprofiles state on.

========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


The operation completed successfully


========= End of Reg: =========


=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-1614895754-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-1614895754-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

EmptyTemp: => 322.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:33:17 ====

Link to post
Share on other sites

FIRST >>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  1. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console: You will see the following console:

    AdwCleaner_v5016_zpsf8ln0fea.png

  2. Click the Scan button and wait for the scan to finish.

  3. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.

  4. Click the Clean button.

  5. Everything checked will be deleted.

  6. When the program has finished cleaning a report appears.

  7. Once done it may ask to reboot (depending on what it found to remove): please allow this

    adwcleaner_delete_restart.jpg

  8. On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt


Optional: 
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

ALSO, how is your system running now?

Link to post
Share on other sites

JRT tool ran ok, but upon finishing a pop up came up saying that windows had detected a problem and closed Explorer.  Then a pop up came up about Dr Watson asking about sending a error message to Microsoft.  The mouse would move all over the screen, but I couldn't open, close or minimize anything.  I did a CTL ALT DEL to shut down the computer.

 

 

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Microsoft Windows XP x86
Ran by Owner (Administrator) on Sun 05/15/2016 at  8:22:16.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 8

Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2MI58RNM (Temporary Internet Files Folder)
Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B5I84MAZ (Temporary Internet Files Folder)
Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G82Y24AY (Temporary Internet Files Folder)
Failed to delete: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HL9PRI03 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2MI58RNM (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B5I84MAZ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G82Y24AY (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HL9PRI03 (Temporary Internet Files Folder)

 

Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/15/2016 at  8:23:45.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Link to post
Share on other sites

ADWCleaner ran and deleted many items.  Here is the txt file.

# AdwCleaner v5.116 - Logfile created 15/05/2016 at 09:10:16
# Updated 09/05/2016 by Xplode
# Database : 2016-05-13.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Owner - OWNER-5620
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\90d6715d-99f5-5299-d7c8-ebc07031704c
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Security Toolbar

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5727 bytes] - [15/05/2016 09:10:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [5958 bytes] - [15/05/2016 09:04:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5873 bytes] ##########

 

Link to post
Share on other sites

Well, that is good news so far.


Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the program has loaded, updated and the Settings are correct, select "Scan Now >>" to start the scan (from the Main Screen).
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

Link to post
Share on other sites

MBAM scan:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/16/2016
Scan Time: 7:36:11 AM
Logfile: MBAM5162016am.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.16.03
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321106
Time Elapsed: 27 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I've just scanned it again this morning, no threats found.  I still need to scan my external hard drive used for backups; I don't want to re-infect my computer from a backup.  I'll likely do that from another computer due to time / work / and safety.

Is there anything else that I should do?

 

And, thanks a bunch for your help.

MBAM Scan:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/17/2016
Scan Time: 7:37:32 AM
Logfile: MBAMScan51716am.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.17.04
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321184
Time Elapsed: 27 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

I've just scanned the external hard drive and no threats were found. I forgot to get a text file before exiting out of MBAM.  I went back into it to see if I could get it after closing out, but I couldn't see where to get it; however, this caused me to look at the history, and there are 46 files / items there, some dating back to 2012, but most are from this infection.

So, my question is, can I delete everything from the quarantine?

Thanks.

Link to post
Share on other sites

If you are referring to Malwarebytes' Anti-Malware > History > Quarantine, then yes please check all the items you want to delete (if you want to delete all quickly just select the top most check box and the click on Delete All) and click on Delete.  This will remove the items selected from MBAM's Quarantine folder and remove the items from your system completely (they can not be recovered any more).

After this, everything is running smoothly now?

 

Link to post
Share on other sites


All right!! :D Your logs are clean and you're good to go now!! :lol: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here or here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.


You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.


Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:


To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.


To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.


Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.


Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :D :D:D:D

Now some information on programs to help keep you safe:

Along with Malwarebytes Antimalware, use the following as a base level security:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!

Link to post
Share on other sites

Thanks for all of your help.

I ran the Delfix program, but the "Activate UAC" line was grayed out and would not let me select it.  But, everything else was selected.

I'm going to work my way through your other suggestions as I have time (behind @ work).  I especially think I'll find the Java section helpful.  I believe that I have several older versions still on the computer.

So, thanks again and if there is anything else you suggest, just let me know.

Here is the result text file:

# DelFix v1.013 - Logfile created 24/05/2016 at 07:29:33
# Updated 17/04/2016 by Xplode
# Username : Owner - OWNER-5620
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.exe
Deleted : C:\ComboFix.txt
Deleted : C:\rkill.log
Deleted : C:\TDSSKiller.2.4.4.0_30.10.2010_13.44.59_log.txt
Deleted : C:\TDSSKiller.2.4.4.0_30.10.2010_13.47.41_log.txt
Deleted : C:\TDSSKiller.2.4.4.0_30.10.2010_13.55.15_log.txt
Deleted : C:\TDSSKiller.2.4.4.0_30.10.2010_13.59.16_log.txt
Deleted : C:\TDSSKiller.2.4.4.0_30.10.2010_14.47.56_log.txt
Deleted : C:\Documents and Settings\Owner\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
Deleted : C:\Documents and Settings\Owner\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Owner\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Owner\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
Deleted : C:\Documents and Settings\Owner\Desktop\RogueKillerScan51216pm.txt
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Classes\.cfxxe
Deleted : HKLM\SOFTWARE\Classes\cfxxefile
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1289 [System Checkpoint | 02/24/2016 19:07:04]
Deleted : RP #1290 [System Checkpoint | 02/25/2016 19:18:36]
Deleted : RP #1291 [System Checkpoint | 02/26/2016 19:46:49]
Deleted : RP #1292 [System Checkpoint | 02/29/2016 13:41:29]
Deleted : RP #1293 [System Checkpoint | 03/01/2016 15:24:06]
Deleted : RP #1294 [System Checkpoint | 03/02/2016 16:36:40]
Deleted : RP #1295 [System Checkpoint | 03/03/2016 19:47:45]
Deleted : RP #1296 [System Checkpoint | 03/04/2016 20:46:31]
Deleted : RP #1297 [System Checkpoint | 03/07/2016 14:24:28]
Deleted : RP #1298 [System Checkpoint | 03/08/2016 15:01:24]
Deleted : RP #1299 [System Checkpoint | 03/09/2016 17:17:28]
Deleted : RP #1300 [Software Distribution Service 3.0 | 03/10/2016 12:54:34]
Deleted : RP #1301 [System Checkpoint | 03/11/2016 15:57:34]
Deleted : RP #1302 [System Checkpoint | 03/14/2016 13:44:31]
Deleted : RP #1303 [System Checkpoint | 03/15/2016 15:28:16]
Deleted : RP #1304 [System Checkpoint | 03/16/2016 16:14:02]
Deleted : RP #1305 [System Checkpoint | 03/17/2016 18:14:36]
Deleted : RP #1306 [System Checkpoint | 03/18/2016 18:16:36]
Deleted : RP #1307 [System Checkpoint | 03/21/2016 14:15:26]
Deleted : RP #1308 [System Checkpoint | 03/24/2016 13:41:44]
Deleted : RP #1309 [System Checkpoint | 03/25/2016 14:57:54]
Deleted : RP #1310 [System Checkpoint | 03/28/2016 13:32:00]
Deleted : RP #1311 [System Checkpoint | 03/31/2016 15:11:55]
Deleted : RP #1312 [System Checkpoint | 04/01/2016 15:12:11]
Deleted : RP #1313 [System Checkpoint | 04/04/2016 14:07:13]
Deleted : RP #1314 [Installed Windows XP KB958655-v2. | 04/04/2016 21:20:32]
Deleted : RP #1315 [Installed XactRemodel 3. | 04/05/2016 16:04:28]
Deleted : RP #1316 [System Checkpoint | 04/06/2016 16:43:14]
Deleted : RP #1317 [System Checkpoint | 04/07/2016 17:27:34]
Deleted : RP #1318 [System Checkpoint | 04/08/2016 17:30:44]
Deleted : RP #1319 [System Checkpoint | 04/11/2016 13:15:23]
Deleted : RP #1320 [System Checkpoint | 04/12/2016 14:07:29]
Deleted : RP #1321 [System Checkpoint | 04/13/2016 18:10:58]
Deleted : RP #1322 [System Checkpoint | 04/14/2016 19:37:04]
Deleted : RP #1323 [Software Distribution Service 3.0 | 04/15/2016 11:36:22]
Deleted : RP #1324 [System Checkpoint | 04/18/2016 12:49:04]
Deleted : RP #1325 [System Checkpoint | 04/19/2016 13:35:15]
Deleted : RP #1326 [System Checkpoint | 04/20/2016 14:26:44]
Deleted : RP #1327 [System Checkpoint | 04/21/2016 14:48:39]
Deleted : RP #1328 [System Checkpoint | 04/22/2016 16:08:12]
Deleted : RP #1329 [System Checkpoint | 04/25/2016 14:26:43]
Deleted : RP #1330 [System Checkpoint | 04/26/2016 14:55:46]
Deleted : RP #1331 [System Checkpoint | 04/27/2016 15:04:36]
Deleted : RP #1332 [System Checkpoint | 04/28/2016 15:10:38]
Deleted : RP #1333 [System Checkpoint | 04/29/2016 17:11:55]
Deleted : RP #1334 [System Checkpoint | 05/02/2016 12:58:23]
Deleted : RP #1335 [System Checkpoint | 05/03/2016 12:59:12]
Deleted : RP #1336 [System Checkpoint | 05/04/2016 13:28:00]
Deleted : RP #1337 [System Checkpoint | 05/05/2016 16:46:51]
Deleted : RP #1338 [System Checkpoint | 05/06/2016 17:48:19]
Deleted : RP #1339 [System Checkpoint | 05/09/2016 13:20:29]
Deleted : RP #1340 [Installed PRInit. | 05/10/2016 18:15:20]
Deleted : RP #1341 [Installed Sage Timberline Estimating | 05/10/2016 18:20:29]
Deleted : RP #1342 [Installed PRInit. | 05/10/2016 18:46:53]
Deleted : RP #1343 [Configured Sage Timberline Estimating | 05/10/2016 18:52:25]
Deleted : RP #1344 [Installed PRInit. | 05/10/2016 19:07:01]
Deleted : RP #1345 [Configured Sage Timberline Estimating | 05/10/2016 19:10:29]
Deleted : RP #1346 [Removed Sage Timberline Estimating | 05/10/2016 20:28:53]
Deleted : RP #1347 [Installed PRInit. | 05/11/2016 01:32:32]
Deleted : RP #1348 [Installed Sage Timberline Estimating | 05/11/2016 01:40:43]
Deleted : RP #1349 [Software Distribution Service 3.0 | 05/12/2016 11:26:57]
Deleted : RP #1350 [System Checkpoint | 05/13/2016 11:42:02]
Deleted : RP #1351 [Restore Point Created by FRST | 05/14/2016 15:32:10]
Deleted : RP #1352 [JRT Pre-Junkware Removal | 05/15/2016 12:22:23]
Deleted : RP #1353 [System Checkpoint | 05/16/2016 12:44:57]
Deleted : RP #1354 [System Checkpoint | 05/17/2016 13:46:33]
Deleted : RP #1355 [System Checkpoint | 05/18/2016 13:54:52]
Deleted : RP #1356 [System Checkpoint | 05/19/2016 16:28:28]
Deleted : RP #1357 [System Checkpoint | 05/20/2016 17:19:59]
Deleted : RP #1358 [System Checkpoint | 05/23/2016 13:04:43]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

Link to post
Share on other sites

User Account Control is used to limit automatic changes to your system by the current User account.  This is a feature added by Microsoft starting with Vista and above (sorry, not available in XP - my bad; I should have told you not to check that.)  You can read more about this feature here.

As to the Java versions, you may find this utility handy.


javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.