|
How to uninstall Freecorder
|
|
|
bauld
Newbie
|
22. January 2013 @ 18:17 |
Link to this message
|
|
Hi
Firstly, sorry if theres another thread,I can't find one.
Laptop and internet running very slow,I think it's the Freecorder.i have uninstalled part of it but it won't let me uninstall it all.can somebody give any help on uninstalling it or recommend a programme to get rid of it and all its junk.
Many thanks in advance for any help and advice
Cheers
bauld
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
22. January 2013 @ 20:23 |
Link to this message
|
Hi bauld,
First, let?s do a little Pre-Cleaning and Post some Logs so I can see what we need to do. Then, I?ll help you get rid of the Crap?.
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
1.Double click to run it.
2.If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
3.When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
4.After Restart, log back in to your usual account.
Next:
Junkware Removal Tool
1. Please download jrt.exe ... and save it to your desktop. Alternate download here.
2. Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
3. If running Vista or Win7... right-click jrt.exe and select "Run as Administrator",
otherwise just double click it.
The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
On completion, a log file JRT.txt is saved to your desktop and will automatically open.
4. Please copy and paste the contents of JRT.txt and post in your next reply.
Next:
Security Application Check:
Please download and save SecurityCheck.exe to your Desktop from one of the links below.
Link 1 http://www.bleepingcomputer.com/download/securitycheck/
Link 2 http://screen317.spywareinfoforum.org/SecurityCheck.exe
? Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
? A Notepad document should open automatically called checkup.txt
? Please post the contents of the checkup.txt in your next reply.
Next:
Download and Run HijackThis.exe
Download TrendMicro HijackThis.exe and save it to your desktop.
? Double-click on HJTInstall.exe
? Click on the Install button.
? It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
? Upon install, HijackThis should open for you.
? Click on the Main Menu button
? Click on the Do a system scan and save a log file button
? Hijackthis will scan and then a log will open in notepad.
? Copy and then paste the entire contents of the log in your next post.
? Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Next:
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here in your next reply.
Please post the HijackThis log, JRT Log, Checkup Log and Uninstall list in your next reply.
That?s 4 Logs I need so that I may find your problem.
TNX
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 22. January 2013 @ 20:26
|
|
scorpNZ
AfterDawn Addict
4 product reviews
|
22. January 2013 @ 20:38 |
Link to this message
|
you might get some ides from the reviews on hot to get rid of it,you'll need to remove toolbars it would pay to install ccleaner to help remove any startup entries it would pay to run msconfig from run in start menu then select diagnostic startup this may help you get rid of any stuff that has trouble uninstalling
http://download.cnet.com/Freecorder/3000-2071_4-75286115.html
|
AfterDawn Addict
|
22. January 2013 @ 21:20 |
Link to this message
|
lol scorp, you should know that TFC works better and removes more temp files than ccleaner.
besides this is just the first round with a newbie to find out what he's holding.
you really think if he knew how to use msconfig, he would be here asking for help?
2oG 
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
ddp
Moderator
|
22. January 2013 @ 21:58 |
Link to this message
|
|
yes.
|
AfterDawn Addict
|
23. January 2013 @ 00:49 |
Link to this message
|
? yes, TFC is better than ccleaner or yes, they ask for help no matter what level they are..
2oG 
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
scorpNZ
AfterDawn Addict
4 product reviews
|
23. January 2013 @ 03:16 |
Link to this message
|
|
I figured you'd be along & decided he could make a start by helping himself
ps: wtf has team fortress classic (TFC)) got to do with malware :p
|
|
ddp
Moderator
|
23. January 2013 @ 10:38 |
Link to this message
|
|
yes on the latter part of your statement.
|
|
bauld
Newbie
|
23. January 2013 @ 16:25 |
Link to this message
|
|
Thank you very much for your replies,I did another uninstall and the last Freecorder seems to have been removed.I am a total technophobe so all help is greatly received,I will post the results once I have done the cleanup later,again thanks to all
Cheers
bauld
|
AfterDawn Addict
|
23. January 2013 @ 16:52 |
Link to this message
|
Originally posted by scorpNZ:
I figured you'd be along & decided he could make a start by helping himself
ps: wtf has team fortress classic (TFC)) got to do with malware :p
How do you expect me to make a living if you keep driving my customers away??
NOT! TFC Temporary File Cleaner by Old Timer. Clean your temp files with Ccleaner then clean whats left over with TFC. You can see it cleans more. Gets the spots that Malware likes to hide because most peeps use Ccleaner.....
2oG 
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
23. January 2013 @ 17:22 |
Link to this message
|
Originally posted by bauld:
Thank you very much for your replies,I did another uninstall and the last Freecorder seems to have been removed.I am a total technophobe so all help is greatly received,I will post the results once I have done the cleanup later,again thanks to all
Cheers
bauld
Glad you got rid of it.. The stuff I sent you is not really cleanup it does some but, mostly I need the logs to see what you have so that I can help you clean anything "Nasty" from your puter.
Cheers back to ya.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld
Newbie
|
24. January 2013 @ 15:05 |
Link to this message
|
Junkware RemovalTool (JRT) by Thisisu
Version: 4.5.0 (01.23.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by carol on 24/01/2013 at 19:42:38.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] ib updater
Successfully deleted: [Service] ib updater
Successfully stopped: [Service] ibupdaterservice
Successfully deleted: [Service] ibupdaterservice
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f9639e4a-801b-4843-aee3-03d9da199e77}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2545014225-4040687697-4202415592-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2545014225-4040687697-4202415592-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.incredibaresrvc.1
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_local_machine\software\incredibar.com
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\utorrentbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\i
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.dskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.dskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.incredibarhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibar.incredibarhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\incredibarapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2405725
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2438727
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2a59}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\dmwu.exe"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\ib updater"
Successfully deleted: [Folder] "C:\Program Files\incredibar.com"
Successfully deleted: [Folder] "C:\Program Files\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\yontoo"
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/01/2013 at 19:47:05.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message has been edited since posting. Last time this message was edited on 24. January 2013 @ 15:07
|
|
bauld
Newbie
|
24. January 2013 @ 15:35 |
Link to this message
|
Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 20
Java(TM) 6 Update 2
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 4.0 Firefox out of Date!
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
|
|
bauld
Newbie
|
24. January 2013 @ 15:42 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:05, on 24/01/2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe /scan
O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Iomega Product Registration.lnk = C:\Program Files\Iomega\Registration\Register.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://fubar.com/js/ImageUploader/ImageUploader6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update Service (gupdate1ca84ece659de30) (gupdate1ca84ece659de30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QSCopyEngine - Unknown owner - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10448 bytes
|
|
bauld
Newbie
|
24. January 2013 @ 15:52 |
Link to this message
|
|
Hi 2oldGeek,
Ran the TFC.EXE first but no logs came up,so i have posted results of others.
I think i've lost half the computer lol,thanks again and now you have some bed time reading.
Just let me know what/if i need to do next.
Cheers
bauld
This message has been edited since posting. Last time this message was edited on 24. January 2013 @ 16:08
|
AfterDawn Addict
|
24. January 2013 @ 17:42 |
Link to this message
|
@bauld,
Well, your HJT Log is clean.. But you have a barrel full of junkware lol
Update your Avast AV ->HERE
Download filehippo update checker ->HERE and update all your programs.
Download and update your Java ->HERE
Go to add/remove programs and uninstall these:
Java(TM) 6 Update 20
Java(TM) 6 Update 2
Now, let's clean out the Adware and froistware:
Please download AdwCleaner] and save it on your Desktop.
AdwCleaner is a reliable removal tool for:
Adware
Adware are programs that are usually free, otherwise known as Freeware, that have advertisements built into the software. That means when you run the software, it will pull down advertisements from the Internet and display them somewhere in the software. Most of these types of software allow you to register the software, by paying some fee, in order to remove the ads.
Foistware]
Foistware is a term used to describe software downloaded to a computer without the owner's knowledge, which puts hidden components on a system, and attempts to bait the unsuspecting into purchasing another software remedy.
Toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
? Adwares (software ads)
? PUP/LPI (Potentially Undesirable Program)
? Toolbars
? Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.
? Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
? Now click on the Search tab.
? Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.
Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 24. January 2013 @ 17:53
|
|
bauld
Newbie
|
24. January 2013 @ 21:10 |
Link to this message
|
|
# AdwCleaner v2.108 - Logfile created 01/25/2013 at 02:08:18
# Updated 24/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : carol - CAROL-PC
# Boot Mode : Normal
# Running from : C:\Users\carol\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\user.js
File Found : C:\Users\colin\Desktop\Uninstall.exe
File Found : C:\Windows\system32\ImhxxpComm.dll
Folder Found : C:\Users\ciara\AppData\LocalLow\Conduit
Folder Found : C:\Users\ciara\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\ciara\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\ciara\AppData\LocalLow\PriceGong
Folder Found : C:\Users\ciara\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\colin\AppData\LocalLow\Conduit
Folder Found : C:\Users\colin\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\colin\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\colin\AppData\LocalLow\PriceGong
Folder Found : C:\Users\colin\AppData\LocalLow\uTorrentBar
Folder Found : C:\Windows\system32\WNLT
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{126B3D7E-43AC-4AF2-8A0F-8FC92BA36AA8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA76B37A-9326-48BE-B10F-45C96FC7F505}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\uTorrentBar
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\Software\WNLT
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19088
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [9397 octets] - [25/01/2013 02:08:18]
########## EOF - C:\AdwCleaner[R1].txt - [9457 octets] ##########
|
|
bauld
Newbie
|
24. January 2013 @ 21:28 |
Link to this message
|
Hi 2oG,
Many thanks yet again for your help, above and beyond the call of duty.
There were several updates required all successful apart from Skype,Firefox(don't use anyway) and Flashplayer.
On the administrator page which isn't used because of a problem.Windows sidebar- Setting.ini is being used by another process,close other programme and click retry
is maybe the problem with Skype not updating,I will try and update on another page,mmy daughter uses skype with no probs.apologies if I have given you another problem,all the other pages seem to work ok.
again many thanks
Cheers
bauld
|
AfterDawn Addict
|
25. January 2013 @ 07:26 |
Link to this message
|
bauld,
Update your Windows.. you need SP2 on that Vista and IE 9..
Lots of adware found....lets clear it out.....
? Please re-run AdwCleaner.
? This time Click on Delete button.
? Confirm each time with OK if asked.
? Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Let?s run a Big Gun and see what else we can pick up.. maybe will help with other problems.
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Go to -> Here for your reference.
Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
"%userprofile%\desktop\combofix.exe" /killall
3. Combo will begin to run DO NOTHING while this is happening.
? Do not attempt to use the internet or anything else while it's running.
? Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
? This needs to be done so the program can work most efficiently for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld
Newbie
|
25. January 2013 @ 14:45 |
Link to this message
|
ComboFix 13-01-24.02 - carol 25/01/2013 19:06:33.1.2 - x86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.353.1033.18.2037.1044 [GMT 0:00]
Running from: c:\users\carol\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\carol\%appda~1
c:\users\carol\%appda~1\Microsoft\Windows\IETldCache\index.dat
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-12-25 to 2013-01-25 )))))))))))))))))))))))))))))))
.
.
2013-01-25 19:18 . 2013-01-25 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-25 19:18 . 2013-01-25 19:18 -------- d-----w- c:\users\ciara\AppData\Local\temp
2013-01-25 19:18 . 2013-01-25 19:18 -------- d-----w- c:\users\colin\AppData\Local\temp
2013-01-25 18:06 . 2013-01-25 18:06 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7990149-3B73-4D09-A1F8-E705F7BF2592}\offreg.dll
2013-01-25 09:27 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7990149-3B73-4D09-A1F8-E705F7BF2592}\mpengine.dll
2013-01-25 09:21 . 2013-01-25 09:21 -------- d-----w- c:\users\ciara\AppData\Roaming\RealNetworks
2013-01-25 01:19 . 2013-01-25 01:19 -------- d-----w- c:\program files\Common Files\Skype
2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\program files\RealNetworks
2013-01-25 01:13 . 2013-01-25 01:13 -------- d-----w- c:\programdata\RealNetworks
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-25 01:08 . 2013-01-25 01:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-01-25 01:07 . 2013-01-25 01:08 -------- d-----w- c:\program files\QuickTime
2013-01-25 00:59 . 2013-01-25 00:58 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-25 00:58 . 2013-01-25 00:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-25 00:53 . 2013-01-25 00:53 -------- d-----w- c:\program files\iPod
2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-25 00:53 . 2013-01-25 00:54 -------- d-----w- c:\program files\iTunes
2013-01-25 00:36 . 2013-01-25 00:36 388096 ----a-r- c:\users\colin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-25 00:26 . 2013-01-25 00:27 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-25 00:17 . 2013-01-25 00:17 -------- d-----w- c:\program files\FileHippo.com
2013-01-24 20:39 . 2013-01-24 20:39 -------- d-----w- c:\program files\Trend Micro
2013-01-24 19:42 . 2013-01-24 19:42 -------- d-----w- c:\windows\ERUNT
2013-01-24 19:42 . 2013-01-24 19:43 -------- d-----w- C:\JRT
2013-01-21 17:10 . 2013-01-21 17:10 -------- d-----w- c:\programdata\WindowsSearch
2013-01-21 17:05 . 2013-01-21 17:05 -------- d-----w- c:\windows\system32\Adobe
2012-12-29 21:21 . 2011-06-10 22:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-12-29 21:21 . 2011-06-10 22:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-12-29 21:21 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
2012-12-29 21:21 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2012-12-29 21:21 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
2012-12-29 21:21 . 2012-12-29 21:21 -------- d-----w- c:\windows\system32\ARFC
2012-12-29 21:19 . 2012-12-29 21:19 -------- d-----w- c:\program files\Gophoto.it
2012-12-29 21:19 . 2012-12-29 21:19 -------- d-----w- c:\program files\TornTV.com
2012-12-29 20:27 . 2012-12-29 20:27 -------- d-----w- c:\users\ciara\AppData\Local\Apps
2012-12-29 19:55 . 2012-12-29 19:55 -------- d-----w- c:\programdata\FileCure
2012-12-28 15:17 . 2012-12-28 19:11 -------- d-----w- c:\program files\Lame For Audacity
2012-12-28 13:46 . 2012-12-28 13:46 -------- d-----w- c:\program files\Audacity
2012-12-28 13:32 . 2012-12-28 13:57 -------- d-----w- c:\program files\RecordMateLP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-25 00:58 . 2010-06-27 10:36 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-08 22:54 . 2012-07-24 12:44 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 22:54 . 2012-07-24 12:44 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-30 22:51 . 2012-10-16 15:33 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-16 15:33 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-16 15:33 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2012-10-16 15:33 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-16 15:33 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-16 15:33 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-16 15:30 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-16 15:30 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-16 20:07 . 2011-04-20 11:35 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-26 39408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-01-25 295072]
"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2009-03-13 54504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Iomega Product Registration.lnk - c:\program files\Iomega\Registration\Register.exe [2004-2-4 16175104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-22 20:32 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 22:54]
.
2013-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002Core.job
- c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
.
2013-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2545014225-4040687697-4202415592-1002UA.job
- c:\users\ciara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-11 15:23]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 23:00]
.
2013-01-25 c:\windows\Tasks\User_Feed_Synchronization-{41A229B3-26F3-41BB-99AE-F97F3E9A2060}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://fubar.com/js/ImageUploader/ImageUploader6.cab
FF - ProfilePath - c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6PQUdDfV9l&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6PQUdDfV9l&&i=26&search=
FF - ExtSQL: 2012-12-06 14:52; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-12-18 21:06; plugin@yontoo.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2012-12-18 21:07; addon@freecorder.com; c:\users\colin\AppData\Roaming\Mozilla\Firefox\Profiles\j5v1bv04.default\extensions\addon@freecorder.com
FF - user.js: extentions.y2layers.installId - fbb1b449-08e1-49b1-aeee-1e011a17cd68
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQUdDfV9l&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 982fece0000000000000001fe15fada4
FF - user.js: extensions.incredibar_i.instlDay - 15703
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:22
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQUdDfV9l
FF - user.js: extensions.incredibar_i.upn2n - 92544181924925055
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-ErrorTeck - c:\program files\ErrorTeck\ErrorTeck.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - f:\malwarebytes' anti-malware\unins000.exe
AddRemove-VLC media player - c:\users\colin\Desktop\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-25 19:19
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-25 19:22:00
ComboFix-quarantined-files.txt 2013-01-25 19:21
.
Pre-Run: 30,680,940,544 bytes free
Post-Run: 31,689,908,224 bytes free
.
- - End Of File - - 1AEF1D18254966203787E3E603DA4EB2
|
|
bauld
Newbie
|
25. January 2013 @ 14:53 |
Link to this message
|
Hi 2oG,
Combo Fix went straight into a scan,not the window you described for me to paste into
I could not download SP2 or I E9 kept coming up windows defender and also followed instructions to find Vista type but couldnt find it.
apologies for my stupidity,
Many thanks for your kind help,hard work and patience
cheers
bauld
|
AfterDawn Addict
|
25. January 2013 @ 17:15 |
Link to this message
|
|
Hi bauld,
Don't worry about how you started Combofix, it worked.. lol
Combofix shows me that you have not run AdwCleaner and used the delete key yet. Do that!
You are looking better. Just keep trying to update your Vista with the "windows update" it should offer you SP2 and IE9.... and don't forget AdwCleaner "Delete". lol
let me know if you need anything else.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
bauld
Newbie
|
25. January 2013 @ 17:46 |
Link to this message
|
|
Hi 2oG,
I did run the adwcleaner on delete on the administrator page,and have just done it again, no log posted,is it meant to?Re the windows update, says i do not have the system requirements but I will keep trying,again many thanks for your time and your help
Cheers
bauld
ps would i be right to say I need to install windows 7 then upgrade to I E 9?
I think this is why it is not installing
This message has been edited since posting. Last time this message was edited on 25. January 2013 @ 18:11
|
AfterDawn Addict
|
25. January 2013 @ 18:13 |
Link to this message
|
|
Right click and choose "Run as Administrartor"
You can find the logfile at C:\AdwCleaner[Sn].txt - n is the order number.
2oG
ps I don't know for sure, but Win 7 is my favorite, I hate Vista!
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 25. January 2013 @ 18:18
|
|
Advertisement
|
|
|
|
bauld
Newbie
|
25. January 2013 @ 18:24 |
Link to this message
|
|
# AdwCleaner v2.108 - Logfile created 01/25/2013 at 17:59:41
# Updated 24/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : carol - CAROL-PC
# Boot Mode : Normal
# Running from : C:\Users\carol\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\user.js
File Deleted : C:\Users\colin\Desktop\Uninstall.exe
File Deleted : C:\Windows\system32\ImhxxpComm.dll
Folder Deleted : C:\Users\ciara\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ciara\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\ciara\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\ciara\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\ciara\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\colin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\colin\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\colin\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\colin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\colin\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Windows\system32\WNLT
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{126B3D7E-43AC-4AF2-8A0F-8FC92BA36AA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA76B37A-9326-48BE-B10F-45C96FC7F505}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{88F6BCAB-77CE-4461-BB6E-1CE2200D2DBB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19088
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [9526 octets] - [25/01/2013 02:08:18]
AdwCleaner[S2].txt - [9217 octets] - [25/01/2013 17:59:41]
########## EOF - C:\AdwCleaner[S2].txt - [9277 octets] ##########
|
