Jump to content


Photo

A check up please, just to be sure


  • This topic is locked This topic is locked
34 replies to this topic

#1 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 08 February 2014 - 04:23 PM

I have read the FAQ and have the necessary scan results and logs for inspection please.

It's been a while since I've experienced any serious threats and received much appreciated guidance from here.

I was recently helping my daughter with homework help which required me to search for a nature scene through Google image search. After clicking on a web link for saving of a picture we needed I was then bombarded with a bunch of pop up ads. I quickly X'd out of everything as fast as I could and closed my browser (Firefox). I then immediately ran MBAM to which the results found a threat. After it finished I of course asked it to remove said threat. It did and asked to restart my pc to finish cleaning. I did so. To be safe, I ran another scan with MBAM after the restart, that scan found no threats. I wish I would have saved the initial scan result that listed what the threats were, but I did not. I do however remember the name being something like PUP.optional.safeinstall something or other and the word conduit.

I did notice upon launch of my browser the next time it said Firefox wasn't my default browser, which I thought was strange as it is the only browser I care to use. Also, upon loading my home page instead of my Yahoo home page it just simply said Sorry gone or something similar to that. I also found that strange as well. So, I updated MBAM again and ran a full scan again. No threats found yet again. I reset my home page and made sure FF was set as default browser and then decided I'd rather be safe then sorry and headed here for an experienced once over of my machine - Thank you in advance for the inspection and guidance :)

I'm running Windows XP on an Asus Eee Pc Netbook. I'm using Firefox 27.0 as my default browser. I use MBAM and Bit Defender Antivirus Free Edition.

I ran two other free online scans, Kaspersky and F Secure,  in addition to MBAM, DDS and Security Check by screen 317. 

 

Here is my latest MBAM log:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Beth Stokes :: BETHSEEEPC [administrator]

2/8/2014 3:06:22 PM
mbam-log-2014-02-08 (15-06-22).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229964
Time elapsed: 33 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#2 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 08 February 2014 - 04:25 PM

DDS txt as follows:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Beth Stokes at 16:20:06 on 2014-02-08
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.530 [GMT -5:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
FW:  *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\alg.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Documents and Settings\Beth Stokes\Application Data\Smilebox\SmileboxTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: <No Name>:  - LocalServer32 - <no file>
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [SmileboxTray] "c:\documents and settings\beth stokes\application data\smilebox\SmileboxTray.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4C1A4CDB-30E9-41B8-83F8-224EC60CBC45} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\beth stokes\application data\mozilla\firefox\profiles\53tk8n63.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-1-19 633344]
R1 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-1-19 164952]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-11 55152]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\bitdefender\antivirus free edition\gzserv.exe [2014-1-19 57520]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2014-1-19 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-1-19 486536]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-27 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-28 39040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-11 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\amustor.sys --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 CFcatchme;CFcatchme;\??\c:\combofix\cfcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-8-20 1015424]
.
=============== Created Last 30 ================
.
2014-02-08 14:09:36    --------    d-----w-    c:\program files\Kaspersky Lab
2014-02-08 14:09:36    --------    d-----w-    c:\documents and settings\all users\application data\Kaspersky Lab
2014-02-05 22:23:35    --------    d-----w-    c:\program files\IrfanView
2014-02-04 00:01:21    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-02-03 23:59:58    52312    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-03 22:12:56    --------    d-----w-    c:\windows\ERUNT
2014-02-03 13:25:13    --------    d-sha-r-    C:\cmdcons
2014-02-03 11:09:50    --------    d-----w-    c:\documents and settings\beth stokes\local settings\application data\Smilebox
2014-02-03 11:09:33    --------    d-----w-    c:\documents and settings\beth stokes\local settings\application data\Google
2014-02-03 11:05:29    --------    d-----w-    c:\documents and settings\beth stokes\application data\Smilebox
2014-02-02 17:05:59    --------    d-----w-    C:\My Stuff
2014-01-31 22:49:20    --------    d-----w-    c:\documents and settings\all users\application data\MumboJumbo
2014-01-31 22:35:10    --------    d-----w-    c:\documents and settings\all users\application data\BigFishCache
2014-01-30 22:10:51    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2014-01-26 18:58:31    --------    d-----w-    C:\Kathy Tags
2014-01-19 19:10:19    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2014-01-19 19:10:15    633344    ----a-w-    c:\windows\system32\drivers\avc3.sys
2014-01-19 19:10:15    486536    ----a-w-    c:\windows\system32\drivers\avckf.sys
2014-01-19 19:10:15    242504    ----a-w-    c:\windows\system32\drivers\avchv.sys
2014-01-19 19:09:45    --------    d-----w-    c:\documents and settings\beth stokes\application data\QuickScan
2014-01-19 19:09:32    --------    d-----w-    c:\program files\Bitdefender
2014-01-19 19:09:00    164952    ----a-w-    c:\windows\system32\drivers\gzflt.sys
2014-01-19 19:08:59    355744    ----a-w-    c:\windows\system32\drivers\trufos.sys
2014-01-18 18:48:31    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-18 18:48:30    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-17 11:24:46    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2014-01-17 11:04:06    --------    d-----w-    c:\documents and settings\beth stokes\application data\Malwarebytes
2014-01-17 11:03:47    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2014-01-17 11:03:45    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-17 11:03:45    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-01-16 13:53:24    --------    d-----w-    c:\windows\system32\MRT
2014-01-16 13:39:15    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2014-01-16 13:39:15    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2014-01-16 13:39:15    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2014-01-16 13:39:14    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2014-01-16 13:39:13    630272    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2014-01-16 13:39:12    11113472    -c----w-    c:\windows\system32\dllcache\ieframe.dll
2014-01-16 13:39:11    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2014-01-16 13:39:11    2006016    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2014-01-16 13:38:04    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2014-01-16 13:38:04    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2014-01-16 13:38:02    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2014-01-16 13:38:02    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2014-01-16 13:38:00    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2014-01-16 13:38:00    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2014-01-16 13:36:21    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2014-01-16 13:34:21    3072    -c----w-    c:\windows\system32\dllcache\iacenc.dll
2014-01-16 13:34:21    3072    ------w-    c:\windows\system32\iacenc.dll
2014-01-16 13:22:47    --------    d-----w-    c:\windows\system32\PreInstall
2014-01-16 13:19:30    --------    d-sh--w-    c:\documents and settings\beth stokes\IECompatCache
2014-01-16 13:18:13    --------    d-sh--w-    c:\documents and settings\beth stokes\PrivacIE
2014-01-16 13:18:08    --------    d-----w-    c:\windows\system32\SoftwareDistribution
.
==================== Find3M  ====================
.
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
.
============= FINISH: 16:20:55.59 ===============
 


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#3 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 08 February 2014 - 04:26 PM

checkup text as follows:

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Bitdefender Antivirus Free Edition   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     12.0.0.44  
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
 


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#4 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 08 February 2014 - 04:28 PM

Kaspersky results as follows:

 

 

Detailed report
Problems found
    Scanning date:

Database update date:


Product version:     02/08/2014 10:17 AM

02/08/2014 07:35 AM


12.0.1.340

Computer protection (0)

Information about anti-virus software and firewalls installed on the computer.

Malware (0)

Information about malware detected on the computer.

Vulnerabilities (0)

Information about applications and operating system components in which vulnerabilities have been detected.

Other issues (14)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

    "Autorun from hard drives is allowed"
    "Autorun from network drives is enabled"
    "CD/DVD autorun is enabled"
    "Removable media autorun is enabled"
    "Windows Explorer - show extensions of known file types"
    "Microsoft Internet Explorer: clear history of typed URLs"
    "Microsoft Internet Explorer - disable caching data received via protected channel"
    "Microsoft Internet Explorer: disable sending error reports"
    "Microsoft Internet Explorer: delete cookies"
    "Microsoft Internet Explorer: clear the list of trusted domains"
    "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
    "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
    "Windows Explorer: display of known file types extensions is disabled"
    "Microsoft Internet Explorer: start page reset"
 


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#5 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 08 February 2014 - 04:30 PM

F Secure did not produce a log or text file after scanning. It just stated: "The scan did not find any harmful applications."


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 09 February 2014 - 09:43 AM

Hi haleyscomett, and welcome back.
 

I do however remember the name being something like PUP.optional.safeinstall something or other and the word conduit.


PUP stands for potentially unwanted Program, a category of software that is often installed either without you knowledge, or often as an additional install where you may not notice the offer to install another software other than what you had intended to install as you click through the user agreement screens.

 

 

In just a few months (8 April) Windows XP will no longer be supported by Microsoft, which means no more security updates to fix identified vulnerabilities. I would seriously consider upgrading your operating system soon.

http://windows.micro...nd-support-help

http://windows.micro...of-support-mean
 

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Your version of Adobe Acrobat Reader is outdated and vulnerable. Go to Start > Control Panel > Add or Remove Programs and remove the following program:
Adobe Reader
Then go to to http://www.adobe.com and download and install the current version, When you download it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.

 

 

Please post the logs from AdwCleaner and ESET Online scanner, and note any errors encountered. How is the system running?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 09 February 2014 - 03:51 PM

Hello Joker and thank you for your assistance :)

 

In just a few months (8 April) Windows XP will no longer be supported by Microsoft, which means no more security updates to fix identified vulnerabilities. I would seriously consider upgrading your operating system soon.

 

Yep, I'm aware XP will soon no longer be supported. My desktop pc died about 7 months ago, so I'm left with only this little netbook and until I can save up enough $$ to buy a new pc with an updated operating system, this is all I have at the moment, unfortunately.

 

Okay, I was able to download and run the AdwCleaner and save the log file. However, I wasn't sure what to have it clean from the report. So, I didn't have it clean anything. I also noticed that the date on the scan is wrong, it says the date is 9/02/2014 - is that normal ???  If you could advise me as to what on this log needs cleaning/deleted/removed. Should I run the scan again to delete??

 

Here is the report from AdwCleaner:

 

# AdwCleaner v3.018 - Report created 09/02/2014 at 16:30:40
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Beth Stokes - BETHSEEEPC
# Running from : C:\Documents and Settings\Beth Stokes\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{937936AF-28CA-4973-B8AE-F250406149A2}
Key Found : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Key Found : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Key Found : HKLM\SOFTWARE\Classes\ToolBand.Localizer
Key Found : HKLM\SOFTWARE\Classes\ToolBand.Localizer.1
Key Found : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter
Key Found : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighter.1
Key Found : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics
Key Found : HKLM\SOFTWARE\Classes\ToolBand.NameHighlighterStatistics.1
Key Found : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Key Found : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Key Found : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy
Key Found : HKLM\SOFTWARE\Classes\ToolBand.SNameProxy.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Documents and Settings\Beth Stokes\Application Data\Mozilla\Firefox\Profiles\53tk8n63.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [1565 octets] - [09/02/2014 16:30:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1625 octets] ##########

 

 

 

 

Also, I downloaded the ESET to my desktop and double clicked to run. I'm afraid though that I never got to a screen where I would set advanced options. I accepted and clicked start, but the next screen said something about downloading an update. Then it said: "Can not get update. Is Proxy configured" ?????  How do I proceed with that?

 

Thank you Joker


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#8 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 09 February 2014 - 04:12 PM

I also uninstalled the Adobe Reader program through Add/Remove. If I need a pdf reader, I'll just install Sumatra instead :)


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#9 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 09 February 2014 - 04:49 PM

I was able to download and run the AdwCleaner and save the log file. However, I wasn't sure what to have it clean from the report. So, I didn't have it clean anything.


I would run the scan again, and you can clean everything that it found.
 

I also noticed that the date on the scan is wrong, it says the date is 9/02/2014 - is that normal ???


That is the current date. It's just in a different format (DD/MM/YYYY). Other countries use a different date format, and note that the domain you downloaded AdwCleaner from is in France.
 

I downloaded the ESET to my desktop and double clicked to run. I'm afraid though that I never got to a screen where I would set advanced options. I accepted and clicked start, but the next screen said something about downloading an update. Then it said: "Can not get update. Is Proxy configured" ?????

 

Go to Start > Control Panel > Internet Options.

Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Restart your system.

 

If you still have difficulty, if you were using Firefox (which I see you have installed), in Firefox, go to Tools > Options, click the Advanced tab, and then the Network tab, and in the Connections section click the Settings button.

Then in the Windows that opens, select No Proxy, and click OK and then OK again.

Does it work then?

 

Alternately, you could try using Internet Explorer instead.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#10 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 10 February 2014 - 05:51 PM

 

I would run the scan again, and you can clean everything that it found.

 

 

 

Okay, done. I ran the scan again and cleaned what it found, it deleted the previous keys found.

The only notation on the below scan results from AdwCleaner that I don't understand it this one:

[ File : C:\Documents and Settings\Beth Stokes\Application Data\Mozilla\Firefox\Profiles\53tk8n63.default\prefs.js ]

It didn't give me the option to clean that??

 

 

Results below.

 

 

# AdwCleaner v3.018 - Report created 10/02/2014 at 16:16:06
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Beth Stokes - BETHSEEEPC
# Running from : C:\Documents and Settings\Beth Stokes\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Documents and Settings\Beth Stokes\Application Data\Mozilla\Firefox\Profiles\53tk8n63.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [1705 octets] - [09/02/2014 16:30:40]
AdwCleaner[R2].txt - [1765 octets] - [10/02/2014 16:07:27]
AdwCleaner[R3].txt - [1003 octets] - [10/02/2014 16:13:48]
AdwCleaner[S1].txt - [1854 octets] - [10/02/2014 16:10:00]
AdwCleaner[S2].txt - [926 octets] - [10/02/2014 16:16:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [985 octets] ##########

 

 

 

Alternately, you could try using Internet Explorer instead.

 

Also done. I used IE to run the ESET scan. It found no infections so I didn't have an option to export a file and save to my desktop.


Edited by hayleyscomett, 10 February 2014 - 05:53 PM.

" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#11 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 10 February 2014 - 06:58 PM

The only notation on the below scan results from AdwCleaner that I don't understand it this one:

[ File : C:\Documents and Settings\Beth Stokes\Application Data\Mozilla\Firefox\Profiles\53tk8n63.default\prefs.js ]

It didn't give me the option to clean that??

 

Not sure why it didn't give a choice, possibly deleting a preferences setting file so Firefox recreates it from scratch next time the program is started.

 

Everything looks good, and we can now start cleanup. You can delete the following utilities that were downloaded, and any logs they created:

 

DDS
Security Check

AdwCleaner (run the program and click Uninstall)

 

Create a Restore Point

  • Go to Start > Programs > Accessories > System Tools > System Restore
  • Select Create a Restore Point and then Next.
  • In the box for "Restore point description", enter a descriptive name and press Create
  • When the "Restore Point Created" window appears, click Close

 

I recommend clearing all your TEMP files and Recycle Bin now:
Click on Start > Run
In the Run command line, type CLEANMGR
In the windows that opens, you can select a drive (C: is the default), Click OK
On the Disk Cleanup tab, check:

  • Downloaded Program Files
  • Temporary Internet Files and
  • Recycle Bin
  • Temporary Files

Click OK > Yes

 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

 

Does your problem appear resolved?

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#12 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 11 February 2014 - 06:41 AM

Okay, everything has been cleaned up.

There is still the notation with FF from the AdwCleaner. I ran that a second time to see if I could remove it. When it lists that it doesn't have a box for me to check or uncheck, so I highlighted it and then clicked clean. It's still there. Assuming it's harmless??

 

I have created the restore point as you instructed as well :)  One thing I noticed when my system reboots is that on the black screen that you see briefly during restart, the one where you would select Microsoft Windows XP or the recovery console option, I noticed that it said something like do not select this debugger enabled. What is that and why is that there??

 

 

Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.

 

This is good to know. I didn't know of those before and will keep that in mind.

 

 

  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.

 

I don't use any flash drives, so no worries there. I also do not use any p2p programs.

I rarely even use my email anymore, and when I do I never click links, especially from someone I don't know.

I haven't used an instant messenger in years, so safe there as well!

 

 

  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm

 

I use FF exclusively, have for years. However, I will go and get the AdBlock Plus and NoScript add ons for it, thanks!!

Even though I don't use IE, I will get the HOST file you suggested, just in case my daughter or anyone else use this netbook and use IE instead of FF.

 

My netbook is running fine, thank you! If I may ask for your recommendation as to what the best free antivirus is to have and a free firewall to use??

I used to use SpywareBlaster on my desktop pc, I will have to get that for this netbook. I actually forgot about that program!


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#13 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 11 February 2014 - 11:11 PM

There is still the notation with FF from the AdwCleaner. I ran that a second time to see if I could remove it. When it lists that it doesn't have a box for me to check or uncheck, so I highlighted it and then clicked clean. It's still there. Assuming it's harmless??


Yes.
 

 

One thing I noticed when my system reboots is that on the black screen that you see briefly during restart, the one where you would select Microsoft Windows XP or the recovery console option, I noticed that it said something like do not select this debugger enabled. What is that and why is that there??


I had not seen that come up before, here is some information on debugging mode:
http://support.microsoft.com/kb/315222
 

 

If I may ask for your recommendation as to what the best free antivirus is to have and a free firewall to use??


I think the best available free antivirus would be Avast! Free, available at http://www.avast.com/index (be sure after you click Go To Download that you select the Free version on the next page).

For a firewall, you might want to try Comodo Free Firewall (click the Continue Download button), or Private Firewall.

And remember, if something seems to good to be true, it probably is, and clicking there could be a bad idea.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#14 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 12 February 2014 - 07:02 AM

Thank you Joker for all the help and advice :) much appreciated!!

 

As for the debugging screen I noticed. I followed the link you supplied. However, I don't know that it cleared it up for me.

 

As per the info on that:

 

Debugging Mode: This option turns on debug mode in Windows. Debugging information can be sent across a serial cable to another computer that is running a debugger. This mode is configured to use COM2.

 

Umm, what???


Edited by hayleyscomett, 12 February 2014 - 07:07 AM.

" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 12 February 2014 - 08:20 PM

http://msdn.microsof...7(v=vs.85).aspx
http://support.microsoft.com/kb/151981
 

Determine the Need for the Kernel Debugger
The kernel debugger that comes with Windows provides information about the computer that is typically not available without the aid of the debugger. Windows can turn on the kernel debugger from the Windows Start-Up menu (Boot.ini). When you turn on the kernel debugger, Windows debugger can output debugging information to a remote debugger for a remote user to analyze. This is typically done at the request of a Microsoft support professional for analyzing a fatal error in Windows that cannot be diagnosed from the Memory.dmp file or when a Memory.dmp file is not produced.
About Remote Debugging
For our discussion the target computer is the computer that is being debugged and the host computer is the computer doing the debugging. The process of remote debugging occurs when two computers are connected by the serial communication ports. The target computer and the host computer are running the Windows kernel debuggers, which communicate using a special debug API and protocol. To download the Debugging Tools for Windows, visit the following Microsoft Web site:
http://www.microsoft...ng/default.mspx

 

So it could be used to send information from a system that is receiving a fatal error (blue screen) to another system so it can be analyzed to help determine what the problem is.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 13 February 2014 - 07:21 AM

 

So it could be used to send information from a system that is receiving a fatal error (blue screen) to another system so it can be analyzed to help determine what the problem is.

 

So my netbook is sending information somewhere? To whom? And, why? I don't understand. I didn't allow this or set it up.

This makes me feel uneasy and would like it to not be that way. How do I fix it?


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 13 February 2014 - 07:50 AM

I'm not sure why that option came up when you booted, but it's not sending information anywhere. It would need to be connected to another system by a COM cable to do that. It's for diagnostic purposes. Is that always showing as an option when you boot?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 13 February 2014 - 04:17 PM

Yep, it sure is. As you can see below....

 

pic1.jpg

 

Does this mean that my netbook is not booting up properly?


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 13 February 2014 - 07:20 PM

It's booting properly, that's just a boot option that is likely configured in MSCONFIG.

 

See this page:
http://www.techrepub...using-msconfig/

While logged in as Administrator, run MSCONFIG:
Go to Start > Run, enter MSCONFIG, and hit Enter.
Select the BOOT.INI tab.
Click the Advanced Options button.
Uncheck the box for /DEBUG if it's checked, Select OK to close the Advanced Options screen, and then Apply in the main window, and close MSCONFIG (System Configuration Utility).
Restart your system.
Does the Debug option still appear?
 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#20 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 14 February 2014 - 07:09 AM

When I went into the MSCONFIG, after clicking the BOOT.INI tab, I couldn't click on Advanced Options. It was greyed out. Screen shot below.

 

pic2.jpg


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#21 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 14 February 2014 - 09:59 AM

Were you logged in as Administrator? If not, the option will be grayed out and not accessible.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#22 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 15 February 2014 - 06:55 AM

No, I was not. I've never logged on as administrator on this netbook. I've never set a password to it.


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#23 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 15 February 2014 - 07:49 AM

While logged in as Administrator, run MSCONFIG:
Go to Start > Run, enter MSCONFIG, and hit Enter.
Select the BOOT.INI tab.
Click the Advanced Options button.
Uncheck the box for /DEBUG if it's checked, Select OK to close the Advanced Options screen, and then Apply in the main window, and close MSCONFIG (System Configuration Utility).
Restart your system.
Does the Debug option still appear?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#24 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 15 February 2014 - 12:07 PM

 

While logged in as Administrator, run MSCONFIG:
Go to Start > Run, enter MSCONFIG, and hit Enter.
Select the BOOT.INI tab.
Click the Advanced Options button.
Uncheck the box for /DEBUG if it's checked, Select OK to close the Advanced Options screen, and then Apply in the main window, and close MSCONFIG (System Configuration Utility).
Restart your system.
Does the Debug option still appear?

 

I did this. Logged in as administrator ran msconfig, selected the boot.ini tab. The advanced options was still greyed out. The only time it wasn't greyed out was if I scrolled down on the list (picture in previous post) and highlighted the last option. Then when I clicked on advanced options the debug box was not checked anyway.

Yes, the debug option is still there upon reboot.


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#25 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 15 February 2014 - 02:55 PM

Please follow the directions here to save a backup copy of your boot.ini file to a new folder:
http://support.microsoft.com/kb/289022

Save a Backup Copy of Boot.ini
  1. Right-click My Computer, and then click Properties.
    -or-
    Click Start, click Run, type sysdm.cpl, and then click OK.
  2. On the Advanced tab, click Settings under Startup and Recovery.
  3. Under System Startup, click Edit. This opens the file in Notepad ready for editing.
  4. In Notepad, click File on the Menu bar, and then click Save As.
  5. Right click in an empty area of the Save As dialog box, point to New in the context menu, and then click Folder.
  6. Type a name for the new folder, for example temp, and then press the ENTER key to create the folder named temp.
  7. Double-click the new folder named temp, and then click the Save button to save a backup copy of the Boot.ini file.

Be very careful to NOT edit the boot.ini file, you could render your system unbootable.

Please post a copy of the saved backup of boot.ini


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#26 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 15 February 2014 - 02:55 PM

I ran MBAM this afternoon and it found 1 threat again! Ugh!

 

I saved the notepad from the scan for you to see below:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Beth Stokes :: BETHSEEEPC [administrator]

2/15/2014 1:18:09 PM
MBAM-log-2014-02-15 (15-28-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274505
Time elapsed: 1 hour(s), 1 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\My Stuff\Smilebox_TSV23FDPZ.exe (PUP.Optional.Conduit.A) -> No action taken.

(end)
 

 

I then went to add/remove and uninstalled the Smilebox program. Then restarted my pc. Still seeing the debug notation.

I then downloaded and ran HiJackThis.

Here is the log for that as well:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:51:23 PM, on 2/15/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup:  SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6927 bytes
 

 

I'll await further instruction, thanks!!


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#27 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 15 February 2014 - 02:56 PM

I see we posted to one another at the exact same moment. I will now go and read the instructions you posted to me as I was posting to you......


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#28 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 15 February 2014 - 03:14 PM

Here is the saved backup of boot.ini as you requested: 

 

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
 


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#29 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 15 February 2014 - 03:33 PM

The line in the boot.ini file and that option showing up in your boot options is not a problem. By default, it boots into Windows. It will only boot into DEBUG mode if you select that option in the three seconds that the boot menu displays before it defaults to Windows (the default timeout is 30 seconds).

Do you really want to remove that line from the boot.ini file? It won't boot into DEBUG mode unless you select that option when booting. Since you can't access that option in MSCONFIG for some reason, the only way to remove it would be to manually edit that line out of the boot.ini file, which if not done properly, could result in an unbootable system until the boot.ini file is repaired.

Do you want to proceed or leave it as is (I would recommend leaving it)?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#30 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 15 February 2014 - 04:39 PM

 

Do you really want to remove that line from the boot.ini file? It won't boot into DEBUG mode unless you select that option when booting. Since you can't access that option in MSCONFIG for some reason, the only way to remove it would be to manually edit that line out of the boot.ini file, which if not done properly, could result in an unbootable system until the boot.ini file is repaired.

Do you want to proceed or leave it as is (I would recommend leaving it)?

 

Understood. I believe I will take your advice then and leave well enough alone :)  It still confuses/bugs me that it's there, but I can live with it as long as I know it's harmless.

 

Have you had a chance to review the 2 logs I posted to you in reply 26 here in this thread?


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#31 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 15 February 2014 - 04:54 PM

I then went to add/remove and uninstalled the Smilebox program. Then restarted my pc.


I would manually check to see that the following file was removed when you uninstalled it. If still there, delete the file:
C:\My Stuff\Smilebox_TSV23FDPZ.exe

Hijack this isn't particularly useful against today's infections, and isn't fully compatible with newer version of Windows (7/8), but for this empty Browser Helper Object entry and Windows XP, it will work fine.

Run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

As that item that MBAM found was Conduit related, I would run AdwCleaner again:

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Please post the new log from AdwCleaner, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#32 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 16 February 2014 - 08:01 AM

 

I would manually check to see that the following file was removed when you uninstalled it. If still there, delete the file:
C:\My Stuff\Smilebox_TSV23FDPZ.exe

 

It wasn't there. I checked there right after I uninstalled it. So it's gone.

 

 

 

Run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.!

 

Done, removed that!

 

I noticed on HiJack This additional BHO's relating to Windows Live Toolbar this and that, I don't use any toolbars, not do I want them. Are those safe to leave alone or should they also be removed?

 

I ran AdwCleaner again. The only thing that it finds is under the Firefox tab, and just as before, there's no box to check or uncheck next to it. I clicked Clean and followed the prompts and it restarted, but something tells me that it's probably still there.

When it lists it without a box to check or uncheck, it has the ### before and after it instead of a box. If that means anything. When I try to find the file manually I can't find application data folder??

 

pic3.jpg

 

 

Here is the notepad file....

 

# AdwCleaner v3.018 - Report created 16/02/2014 at 08:46:27
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Beth Stokes - BETHSEEEPC
# Running from : C:\Documents and Settings\Beth Stokes\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Beth Stokes\Application Data\Mozilla\Firefox\Profiles\53tk8n63.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [825 octets] - [16/02/2014 08:43:44]
AdwCleaner[S0].txt - [747 octets] - [16/02/2014 08:46:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [806 octets] ##########


 


Edited by hayleyscomett, 16 February 2014 - 08:14 AM.

" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#33 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 16 February 2014 - 09:44 AM

I noticed on HiJack This additional BHO's relating to Windows Live Toolbar this and that, I don't use any toolbars, not do I want them. Are those safe to leave alone or should they also be removed?


Windows Live Toolbar can either be disabled or uninstalled. See this page on how to do that:

 

http://www.ehow.com/...ve-toolbar.html

 

I ran AdwCleaner again. The only thing that it finds is under the Firefox tab, and just as before, there's no box to check or uncheck next to it.

 

The pref.js file is file located in the Mozilla Profiles > alpha-numberical.default folder (i.e. 53tk8n63.default) used by Firefox and other Mozilla-based programs to store setting changes made to the defaults:
About the prefs.js
A brief guide to Mozilla preferences

Some types of malware like to target preferences in Firefox so AdwCleaner checks it out as part of it's routine.

The file being there is normal if you have Firefox installed.

 

You can now delete or uninstall HijackThis. 

Is your problem resolved?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#34 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 16 February 2014 - 12:47 PM

Yes, I believe so. Thank you Joker for all your help!


" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#35 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,475 posts

Posted 16 February 2014 - 09:58 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button