WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Silver Member
Posted 24 March 2014 - 11:38 AM
I have not done anything other than follow your instructions......Something has gone hay wire.......I might just do a restore to see if all get back to normal......I never turn off my PC, only turn off the monitor after logging off. When I return all I do is turn on the monitor and log in.....NO CURSOR in the log in space.......I have to reboot ot get a curson then I can log in using my password.
Edited by Lewg, 24 March 2014 - 11:39 AM.
Register to Remove
Beguilement Monitor
Posted 24 March 2014 - 11:51 AM
The only changes we have made was to remove SuperantiSpyware, and you shut off third party add-ons in Internet Explorer. That should not have made your soft keys quit working, or changed your log in.
Something "weird" is going on with your system... but I'm not seeing any sign of infection.
Let's run a different tool and see what it can find.
Please post: All RKreport.txt text files located on your desktop.
Silver Member
Posted 24 March 2014 - 06:39 PM
Don't see Rogue Killer. I see some D/load manager when I click on your entry "Rogue Killer".
Edited by Lewg, 24 March 2014 - 06:40 PM.
Beguilement Monitor
Posted 24 March 2014 - 06:43 PM
When you click on the provided link, you don't see RogueKiller in big giant letters?
Here... try a direct link: http://www.sur-la-to...RogueKiller.exe
Silver Member
Posted 24 March 2014 - 07:04 PM
RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Lew [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/24/2014 20:54:46
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 5 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[0]_SC_03242014_205446.txt >>
RKreport[0]_D_03242014_205337.txt;RKreport[0]_S_03242014_205232.txt
RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Lew [Admin rights]
Mode : Scan -- Date : 03/24/2014 20:52:32
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-001CA0 +++++
--- User ---
[MBR] 1e47df03fb239c0e2124f4f9c9035d58
[BSP] e4bf6df3666d1f680d9b89a0238c06ac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_03242014_205232.txt >>
RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Lew [Admin rights]
Mode : Remove -- Date : 03/24/2014 20:53:37
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-001CA0 +++++
--- User ---
[MBR] 1e47df03fb239c0e2124f4f9c9035d58
[BSP] e4bf6df3666d1f680d9b89a0238c06ac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_03242014_205337.txt >>
RKreport[0]_S_03242014_205232.txt
There is also a RK quarentine Folder on my Destop now.....with two Registry Files and 1 data file.....
Beguilement Monitor
Posted 24 March 2014 - 09:47 PM
The two registry files just show regedit set to defaults. The data file just shows that there is one hidden file in your My documents folder.
Nothing really showing there. System files are clean... MBR is clean. I'm assuming that you are not noticing any difference in operation?
How about giving me a new event viewer log per post #28.
Silver Member
Posted 25 March 2014 - 08:26 AM
For some reason I now cannot copy and paste anything on WTT. I turned on the pc this AM and found a new Icon next to my clock on my taskbar, Had to be malware. So I ran Malware Bytes and 123 Objects were dectected. I saved the Malware Bytes log and want to post it, but cannot do it....Not sure what's going on with this machine but something is happening that should not be......I am going to try to upload the logs by attaching the files.....Let me know if you get them.
Silver Member
Posted 25 March 2014 - 08:29 AM
Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/03/2014 9:17:35 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/03/2014 12:01:42 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00e60fef.
Log: 'Application' Date/Time: 23/03/2014 11:04:19 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x017c0fef.
Log: 'Application' Date/Time: 23/03/2014 10:07:43 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established
Log: 'Application' Date/Time: 23/03/2014 10:07:40 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established
Log: 'Application' Date/Time: 22/03/2014 9:20:57 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established
Log: 'Application' Date/Time: 22/03/2014 9:20:54 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established
Log: 'Application' Date/Time: 21/03/2014 1:06:35 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x028f78c8.
Log: 'Application' Date/Time: 21/03/2014 11:30:10 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 21/03/2014 11:15:35 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x028f78c8.
Log: 'Application' Date/Time: 21/03/2014 6:54:14 AM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x028f78c8.
Log: 'Application' Date/Time: 20/03/2014 11:52:34 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x028f78c8.
Log: 'Application' Date/Time: 20/03/2014 11:35:45 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 20/03/2014 11:34:59 PM
Type: error Category: 0
Event: 1001 Source: Application Error
Fault bucket -367089902.
Log: 'Application' Date/Time: 20/03/2014 11:34:43 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x028f78c8.
Log: 'Application' Date/Time: 20/03/2014 11:34:02 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 20/03/2014 11:33:22 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x029f78c8.
Log: 'Application' Date/Time: 20/03/2014 11:32:56 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 20/03/2014 11:32:23 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x029f78c8.
Log: 'Application' Date/Time: 20/03/2014 11:32:13 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Log: 'Application' Date/Time: 20/03/2014 11:31:31 PM
Type: error Category: 100
Event: 1000 Source: Application Error
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/03/2014 9:31:01 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 24/03/2014 9:30:55 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Log: 'Application' Date/Time: 23/03/2014 12:40:58 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 23/03/2014 11:28:52 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 22/03/2014 10:44:18 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 22/03/2014 9:22:56 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 21/03/2014 4:27:25 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 20/03/2014 11:34:44 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 19/03/2014 10:26:15 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 19/03/2014 10:26:10 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Log: 'Application' Date/Time: 18/03/2014 11:31:53 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 17/03/2014 12:43:38 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 16/03/2014 10:21:53 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 15/03/2014 10:10:56 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 14/03/2014 8:48:12 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 08/03/2014 10:08:11 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 05/03/2014 10:55:03 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 28/02/2014 10:26:40 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 27/02/2014 10:50:00 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Log: 'Application' Date/Time: 25/02/2014 9:31:18 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user LEW-0CCC0E88CE3\Lew registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2014 9:03:31 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 25/03/2014 9:03:31 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 24/03/2014 8:22:41 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 24/03/2014 8:22:41 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 24/03/2014 1:47:29 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 24/03/2014 1:47:29 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 24/03/2014 1:25:08 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Log: 'System' Date/Time: 24/03/2014 1:25:07 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 24/03/2014 1:25:07 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 23/03/2014 9:38:32 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 23/03/2014 9:38:32 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 23/03/2014 9:32:00 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 23/03/2014 9:32:00 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 23/03/2014 4:11:35 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 23/03/2014 4:11:35 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 23/03/2014 12:42:37 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 23/03/2014 12:42:37 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 23/03/2014 12:26:08 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 23/03/2014 12:26:08 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Log: 'System' Date/Time: 23/03/2014 12:09:30 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2014 9:00:37 AM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to reboot LEW-0CCC0E88CE3 failed
Log: 'System' Date/Time: 24/03/2014 1:53:22 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 24/03/2014 11:17:43 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
Log: 'System' Date/Time: 24/03/2014 8:40:49 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 23/03/2014 9:40:17 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 23/03/2014 12:25:30 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
Log: 'System' Date/Time: 22/03/2014 10:20:42 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 21/03/2014 6:00:41 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 20/03/2014 11:28:26 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 20/03/2014 7:54:54 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
Log: 'System' Date/Time: 19/03/2014 6:45:05 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 19/03/2014 9:09:07 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 18/03/2014 9:06:47 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 17/03/2014 12:43:39 PM
Type: warning Category: 2
Event: 57 Source: Ftdisk
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 17/03/2014 8:34:19 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 17/03/2014 12:49:16 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
Log: 'System' Date/Time: 16/03/2014 11:57:33 AM
Type: warning Category: 2
Event: 57 Source: Ftdisk
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 16/03/2014 11:34:28 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 16/03/2014 10:47:07 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Log: 'System' Date/Time: 14/03/2014 10:30:16 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
Silver Member
Posted 25 March 2014 - 08:30 AM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.25.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lew :: LEW-0CCC0E88CE3 [administrator]
3/25/2014 9:59:57 AM
MBAM-log-2014-03-25 (10-11-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237522
Time elapsed: 4 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E7C8B5A-96AB-438F-BF9B-782400655440} (PUP.Optional.Qwiklinx.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.condui...AB60FCD666=) Good: (http://www.google.com) -> No action taken.
Folders Detected: 19
C:\Program Files\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> No action taken.
Files Detected: 80
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\nse30.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\nsl33.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\nsm3B.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\nsu38.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\spstub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\verifier.exe (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\2eat48h\app_20496 (PUP.Optional.BesttoolBars) -> No action taken.
C:\Documents and Settings\Lew\Local Settings\temp\nsa28\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> No action taken.
(end)
Beguilement Monitor
Posted 25 March 2014 - 08:41 AM
Well... you picked up conduit and a nasty search protect infection since the previous log. Search protect is definitely the worse of the two and has been known to render some XP systems unbootable.
Step 1
Please download Junkware Removal Tool to your desktop.
Step 2
Please download AdwCleaner by Xplode onto your desktop.
In your next reply, post the following log files:
Register to Remove
Silver Member
Posted 25 March 2014 - 09:36 AM
The Adwcleaner d/load put a Zipsetup on my Desktop and a Norton Icon and some Optimizer program on my Desktop.....What's all this about....Where is the Adwcleaner program?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Lew on Tue 03/25/2014 at 10:58:05.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ae46c09-2ab8-4ee5-88fb-08cd0ff7f2df}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\Lew\Local Settings\Application Data\searchprotect"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/25/2014 at 11:01:47.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Beguilement Monitor
Posted 25 March 2014 - 10:15 AM
The description of AdwCleaner on the page I gave you the link to to download.
AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer. By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web.
Only one file should have been downloaded... AdwCleaner.exe. Nothing else.
Try this direct link: When you click on the link, the file should start downloading. You should not need to click on anything else except for agreeing to save the file.
Silver Member
Posted 25 March 2014 - 12:04 PM
Don't see a link in your last message......
Beguilement Monitor
Posted 25 March 2014 - 01:33 PM
You are correct. It's strange that it showed in the preview... but was stripped by the forum software.
Let's try again: http://www.bleepingc...cleaner/dl/125/
Silver Member
Posted 25 March 2014 - 02:39 PM
I forgot to answer you question.....It appears none of the web site are being blocked now......Also I want to talk to you about this Driver Update program that runs on reboot. Have no idea where it came from. Anyway it says I have 16 drivers out of date......I doubt that.....Also I want to chat with you about what directorys are not in my root directory....Some I have never seen before. Also thanks for hanging in there with me......
# AdwCleaner v3.022 - Report created 25/03/2014 at 16:30:57
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lew - LEW-0CCC0E88CE3
# Running from : C:\Documents and Settings\Lew\Local Settings\Temporary Internet Files\Content.IE5\S1RXJFBR\AdwCleaner[1].exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : BackupStack
[#] Service Deleted : ca82e1a5
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Mysearchdial
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Documents and Settings\Lew\Application Data\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Documents and Settings\Lew\Application Data\DigitalSites
Folder Deleted : C:\Documents and Settings\Lew\Application Data\Mysearchdial
Folder Deleted : C:\Documents and Settings\Lew\Application Data\Optimizer Pro
Folder Deleted : C:\Documents and Settings\Lew\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Documents and Settings\Lew\My Documents\Optimizer Pro
File Deleted : C:\Documents and Settings\Lew\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Documents and Settings\Lew\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Lew\Local Settings\temp\2eat48h\SpeedanAlysisSetup]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v33.0.1750.154
[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
[ File : C:\Documents and Settings\Lew\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R0].txt - [8234 octets] - [25/03/2014 16:29:42]
AdwCleaner[S0].txt - [7537 octets] - [25/03/2014 16:30:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7597 octets] ##########
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: What the Tech
This topic is locked
