remove ads by borwse to save on windows xp

View previous topic View next topic Go down

remove ads by borwse to save on windows xp

Post by laguera16 on Thu Mar 21, 2013 5:59 pm

Hello,
I need help with removing ads by browse to save on my windows xp everywhere i go i see ads that i don't know how to remove them. Please help. Thanks

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Thu Mar 21, 2013 10:45 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Fri Mar 22, 2013 4:13 am

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 21:10:53
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - YOUR-DC3E0B8F38
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18372

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

-\\ Google Chrome v25.0.1364.172

*************************

AdwCleaner[R1].txt - [723 octets] - [21/03/2013 21:10:53]
AdwCleaner[S1].txt - [18896 octets] - [20/03/2013 19:23:06]

########## EOF - C:\AdwCleaner[R1].txt - [843 octets] ##########


Malwarebytes Anti-Malware 1.70.0.1100
[You must be registered and logged in to see this link.]

Database version: v2013.03.17.12

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18372
Owner :: YOUR-DC3E0B8F38 [administrator]

3/17/2013 12:37:03 PM
mbam-log-2013-03-17 (12-37-03).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 513305
Time elapsed: 5 hour(s), 50 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Fri Mar 22, 2013 11:20 pm

Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*****************************************
I would like to see the Security Check log.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Sat Mar 23, 2013 5:40 pm

adwcleaner log
# AdwCleaner v2.115 - Logfile created 03/23/2013 at 10:34:56
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - YOUR-DC3E0B8F38
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18372

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

-\\ Google Chrome v25.0.1364.172

*************************

AdwCleaner[R1].txt - [911 octets] - [21/03/2013 21:10:53]
AdwCleaner[S1].txt - [18896 octets] - [20/03/2013 19:23:06]
AdwCleaner[S2].txt - [849 octets] - [23/03/2013 10:34:56]

########## EOF - C:\AdwCleaner[S2].txt - [908 octets] ##########

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Sat Mar 23, 2013 6:25 pm

combofix log

ComboFix 13-03-21.02 - Owner 03/23/2013 10:49:52.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.888 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\SET297.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET29F.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2A7.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET4C6.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
.
.
2013-03-21 02:14 . 2013-03-21 02:16 -------- d-----w- c:\program files\ReQuick
2013-03-04 17:56 . 2013-03-04 17:56 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid
2013-03-04 17:56 . 2013-03-04 17:56 -------- d-----w- c:\program files\Coupons
2013-02-24 19:53 . 2013-03-21 02:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 18:27 . 2012-10-01 02:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 18:27 . 2011-05-13 01:02 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-16 05:01 . 2013-01-16 05:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 05:01 . 2013-01-16 05:02 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-16 05:00 . 2012-08-06 01:42 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-16 05:00 . 2011-12-04 20:17 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 16:28 . 2013-03-08 16:27 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-06 12:59 . 2013-03-08 16:27 192512 ----a-w- c:\program files\mozilla firefox\components\mhxpcom.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-11-04 296096]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RegistryQuick.exe"="c:\program files\ReQuick\RegistryQuick.exe" [2013-03-19 4019200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
c:\documents and settings\yanette\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\documents and settings\Lizette\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-8-21 147456]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2011-11-13 14:53 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-08-09 16:00 169984 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-06-23 19:33 438359 -c--a-w- c:\progra~1\verizon\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 -c--a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\verizon\\McciTrayApp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 12:03 PM 290832]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/30/2010 8:46 PM 64080]
S0 f78ff03f51f0c397;14jsro1hvs.exe;\SystemRoot\\SystemRoot\System32\Drivers\f78ff03f51f0c397.sys --> \SystemRoot\\SystemRoot\System32\Drivers\f78ff03f51f0c397.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [11/30/2010 8:44 PM 188272]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 11:38 AM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 8:48 AM 235216]
S4 55d69;14jsro1hvs.exe; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 03:31 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 18:27]
.
2013-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:32]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:32]
.
2013-03-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2745026236-3008155734-2019604869-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 22:27]
.
2013-03-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2745026236-3008155734-2019604869-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 22:27]
.
2013-03-23 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job
- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-23 17:28]
.
2013-03-23 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job
- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-23 17:28]
.
2013-03-23 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-23 17:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
Trusted Zone: dyndns.tv\ltp
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 71.109.175.243
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2013-02-10 12:37; [You must be registered and logged in to see this link.]; c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\51180b2d3d429@51180b2d3d461.com.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-{36E913EA-CEDD-4E82-B3A5-94A1287EDA77} - c:\documents and settings\All Users\Application Data\{22F0A19A-26CD-4BBE-B95C-B04446B69DDA}\ESC-Student-Setup.exe
AddRemove-{7CD6B202-CDCC-48CF-9B96-268A94BD97FB} - c:\documents and settings\All Users\Application Data\{93906220-8503-45CF-87CB-5A54C8DE1AB2}\Hawkes Update Service Manager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-03-23 10:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\55d69]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,0b,14,b2,d1,94,cf,42,82,cb,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs]
@DACL=(02 0000)
@="{571715D7-3395-4DF0-B43C-784836209E60}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
Completion time: 2013-03-23 11:19:35
ComboFix-quarantined-files.txt 2013-03-23 18:19
ComboFix2.txt 2011-10-01 18:46
ComboFix3.txt 2009-10-17 00:14
.
Pre-Run: 36,090,417,152 bytes free
Post-Run: 45,832,216,576 bytes free
.
- - End Of File - - EE2761A8D98786A3CAF39E36523D8470



laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Sat Mar 23, 2013 10:34 pm

P2P - I see you have P2P software installed on your machine. LimeWire and uTorrent. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************
I would like to see the Security Check log as I requested in my first post.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Sun Mar 24, 2013 9:03 pm

for some odd reason i run this log and it freezes and the new open never opens up. Don't know what i should do about this. I have tried numerous times and nothing.

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Mon Mar 25, 2013 12:43 am

Ok, give this one a try.

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Mon Mar 25, 2013 1:22 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2013/03/24 17:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\catchme.sys
Address: 0xBA3E0000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5C76000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA65E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xB283A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA622000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1CA5000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\owner.your-dc3e0b8f38\local settings\temp\etilqs_e65iurjcwcvbptm
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\owner.your-dc3e0b8f38\local settings\temp\etilqs_erhocgn3eo1swup
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\owner.your-dc3e0b8f38\local settings\temp\etilqs_nh0btxtyrojz4ne
Status: Allocation size mismatch (API: 131072, Raw: 65536)

Path: c:\documents and settings\owner.your-dc3e0b8f38\local settings\temp\etilqs_njdgqpv0hnyi1mi
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: C:\Program Files\Trend Micro\AMSP\module\10002\1.5.1381\7.0.1028\tsc.ptn.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\10009\2.5.1535\2.5.1535\tmlce.ptn.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\ha.ptn.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\tmsa.cfg.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\tmsa.cfg.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\resource\engine\c2t1073741888l1p1r1o1\1.3.1040\bspatch.exe
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\resource\engine\c2t1073741888l1p1r1o1\1.3.1040\bzip2.exe
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\resource\engine\c2t1073741888l1p1r1o1\1.3.1040\sym_perfiCrcPerfMonMgr.h
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\resource\engine\c2t679608320l1p1r1o1\6.6.1088\TmExtIns.exe
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Chrome\User Data\Local State
Status: Could not get file information (Error 0xc0000008)

Path: C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\RankData\bf_db_100k.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\RankData\hash_db_100.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\RankData\hash_db_1000.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\10011\1.0.1274\1.0.1274\RankData\hash_db_10k.cfg
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\resource\engine\c2t679608320l1p1r1o1\6.6.1088\firefoxextension\chrome.manifest
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\resource\engine\c2t679608320l1p1r1o1\6.6.1088\firefoxextension\install.rdf
Status: Locked to the Windows API!

Path: C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\firefoxextension\components\ITmFFExt.xpt.cfg
Status: Locked to the Windows API!

Path: c:\documents and settings\owner.your-dc3e0b8f38\local settings\application data\google\chrome\user data\default\extension state\log
Status: Allocation size mismatch (API: 152, Raw: 0)

Path: c:\documents and settings\localservice\application data\trend micro\amsp\data\10010\events\eventsdb\87e\f
Status: Size mismatch (API: 360782, Raw: 358556)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "" at address 0x89ee7720

#: 043 Function Name: NtCreateMutant
Status: Hooked by "" at address 0x89bee4a0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "" at address 0x89ee6520

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "" at address 0x89ee6820

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "" at address 0x89bee860

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0x89ee8fc0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "" at address 0x89ee7d20

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "" at address 0x89ee8620

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "" at address 0x89beea40

#: 097 Function Name: NtLoadDriver
Status: Hooked by "" at address 0x89bee1a0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x89ee6b20

#: 125 Function Name: NtOpenSection
Status: Hooked by "" at address 0x89ee8c00

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0x89ee6e20

#: 192 Function Name: NtRenameKey
Status: Hooked by "" at address 0x89ee8020

#: 204 Function Name: NtRestoreKey
Status: Hooked by "" at address 0x89ee8320

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "" at address 0x89bee680

#: 247 Function Name: NtSetValueKey
Status: Hooked by "" at address 0x89ee7a20

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0x89ee7120

#: 258 Function Name: NtTerminateThread
Status: Hooked by "" at address 0x89ee7420

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "" at address 0x89ee8de0

Shadow SSDT
-------------------
#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "" at address 0x89bf1b20

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "" at address 0x89bf1900

==EOF==

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Mon Mar 25, 2013 1:52 am

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Tue Mar 26, 2013 3:49 am

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\48\11724130-1795d326 Java/Exploit.Blacole.AN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\51180b2d3d429@51180b2d3d461.com.xpi Win32/Adware.MultiPlug.H application deleted - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\13\2d105fcd-68f850ac multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\22\24edf096-19127ba4 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\22\24edf096-2ecd122c a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\22\24edf096-4126e567 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\22\24edf096-4a6efda9 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\22\24edf096-6bd3dc0f a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\22\24edf096-6f34c00e a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sun\Java\Deployment\cache\6.0\6\7943cc6-714030fe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js JS/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\temp\is1590112554\yontoo-C4.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Temporary Internet Files\Content.IE5\2U498KQA\yontoosetup[1].exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\Downloads\RegistryQuick_setup.exe a variant of Win32/Adware.RegistryQuick application cleaned by deleting - quarantined
C:\Program Files\ReQuick\RegistryQuick.exe a variant of Win32/Adware.RegistryQuick application cleaned by deleting - quarantined
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Program Files\Yontoo\YontooLayers.crx JS/Adware.Yontoo.A application deleted - quarantined
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1901\A0218987.exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Tue Mar 26, 2013 5:45 pm

Please run this Security Check before we finish up. BTW, how's your computer running now?

Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Wed Mar 27, 2013 12:01 am

computer is running great now thanks no more ad popups.

Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 2 x86
[You must be registered and logged in to see this link.]
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.1
Java 7 Update 11
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.172
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro AMSP AMSP_LogServer.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Wed Mar 27, 2013 1:30 am

Why haven't you install Service Pack 3? You need to keep your programs up-to-date.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************
Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

****************************************
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
Please do not ignore the above warning and defrag your harddrive. If you need help with that let me know. SSD means Solid State Drive.
Once you've updated your programs we can do some cleanup.


Download this program and run it [You must be registered and logged in to see this link.] .It will remove ComboFix for you.
***********************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
******************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by laguera16 on Thu Apr 04, 2013 1:36 am

Thanks for all your help. I have updated my computer and i need to remove things off my computer so i can have more space. Thanks for everything.

laguera16
Intermediate
Intermediate

Posts Posts : 78
Joined Joined : 2009-03-05
OS OS : windows
Points Points : 28639
# Likes # Likes : 0

View user profile

Back to top Go down

Re: remove ads by borwse to save on windows xp

Post by Superdave on Thu Apr 04, 2013 1:51 am

[You must be registered and logged in to see this link.] wrote:Thanks for all your help. I have updated my computer and i need to remove things off my computer so i can have more space. Thanks for everything.
You're welcome. Windows requires at least 15% of your harddrive in free space in order to function properly.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum