The log you posted doesn't show it cleaned or deleted anything? I think maybe you posted the first log?, a second run would had produced another.
You can open the tool, look for the logs button, then look for todays date I think. At the moment I don't have it on my desktop to guide me but it should work something close to that.
The issues with TFC could possibly be from your onboard security. Not a big deal, could try again and use it in safe mode if you like.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
hi Juliet
the log I posted has today's date and time # AdwCleaner v3.023 - "Report created 02/04/2014 at 12:14:34"
the adwcleaner only showed the Pirrit to be cleaned. so I assume it has deleted that.
will try the old timer in safe mode.
Ok the oldtimers ran ok in safe mode. removed some 180 temp files.
the Icon still disappears when the computer is run up in normal mode.
Good to hear OTC ran in safe mode.
I need to make sure what AdwCleaner has found is being deleted.
Open AdwCleaner
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes AntiMalware recently had a program update.
You can download the newest version over the top of the one you have or download and install again.
http://www.malwarebytes.org/update/
Please get the new version and let's run another scan.
Please download Malwarebytes Anti-Malware to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/down...-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hi Juliet
as asked for the program did not highlight and problems. running new malwarebytes now
# AdwCleaner v3.023 - Report created 02/04/2014 at 15:54:49
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : millam - BOB-276AB2C0593
# Running from : C:\Documents and Settings\millam\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\prefs.js ]
Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1396434202099");
*************************
AdwCleaner[R0].txt - [6126 octets] - [02/04/2014 09:34:35]
AdwCleaner[R1].txt - [3330 octets] - [02/04/2014 12:14:34]
AdwCleaner[R2].txt - [1088 octets] - [02/04/2014 15:53:34]
AdwCleaner[S0].txt - [3368 octets] - [02/04/2014 12:15:41]
AdwCleaner[S1].txt - [1012 octets] - [02/04/2014 15:54:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1072 octets] ##########
Hi Juliet
have run malwarebytes it found four PUPS and removed them. for some reason I could not get the log to save to the desk top. if you know where to look I will find it for you.
I have to go out for a couple of hours, when I get back I will check your reply and rerun the malwarebytes anyway.
thanks for all the work so far. seems spybot, malwrebytes, and avera cant keep machines as clean as people think.
Open malwarebytes, click on the History tab
scroll to the latest log, should have a date by it.
They've changed the format of the interface and I've got to get used to it too.
Also, update me on how the computer is at the moment.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
hi Juliet
yes its there. copied it to clipboard then pasted it here.
the computer has been working fine all day, no more unwanted windows opening.
I am running malwarebytes again will post results log after this one.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 02/04/2014
Scan Time: 16:34:09
Logfile:
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.02.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: millam
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385731
Time Elapsed: 30 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [33cd8977ba4636ca6ca23cd1936f1ee2],
PUP.Optional.AppsHat.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Apps Hat Mini, Delete-on-Reboot, [27d93dc3718f7f81ae2a87dd07fbc43c],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Delete-on-Reboot, [e7197987649c24dc0b03cda1659dbc44],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.RegCleanPro, C:\Documents and Settings\millam\My Documents\Downloads\rcp_dcomnew_sec_300.exe, Quarantined, [bc44dc248d7345bb8ffba1932cd4b34d],
Physical Sectors: 0
(No malicious items detected)
(end)
-----------------
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 02/04/2014
Scan Time: 18:38:41
Logfile:
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.04.02.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: millam
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385702
Time Elapsed: 30 min, 37 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
clean.
Looking good now.
I want you to read over this article about Windows XP.
http://forums.whatthetech.com/index....owtopic=127901
**************
Now let's check for remnants.
The scanner below can take quite a while to run depending on full your hard drive is, and it is expected that it will find things. What I do think we will see are files already held in quarantine folders so don't be alarmed.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- http://www.eset.com/us/online-scanner/run
Online Virus Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
hi Juliet
results
C:\AdwCleaner\Quarantine\C\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\firefox@lemurleap.info.xpi.vir Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\extensions\firefox@lemurleap.info\chrome\content\overlay.js Win32/BrowseFox.B potentially unwanted application
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\millam\My Documents\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\millam\My Documents\Downloads\code_calculator_by_cybergsm_v5_4_rapidshare_downloader.exe Win32/DownWare.O potentially unwanted application
C:\FRST\Quarantine\C\Documents and Settings\millam\Application Data\Mozilla\Firefox\Profiles\nlv5wxzw.default\Extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
Posting Permissions
