Thanks I'll run the additional scans when I get home from work tonight.
I included the attach.txt. as an attachment on my first post, I think I've still got it at home.
Thanks I'll run the additional scans when I get home from work tonight.
I included the attach.txt. as an attachment on my first post, I think I've still got it at home.
Hello, kar1897.
No problem. I have located the attach.txt that you included in your first post. Thanks. I've looked for it several times and missed it each time. No need to resend it.
ADWCleanrer
# AdwCleaner v3.006 - Report created 08/10/2013 at 21:07:15
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM USER - IBM-DEA2D3B0EC7
# Running from : C:\Documents and Settings\IBM USER\Local Settings\Temporary Internet Files\Content.IE5\DOUJUZDE\AdwCleaner[1].exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
Folder Found C:\Documents and Settings\IBM USER\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\IBM USER\Local Settings\Application Data\Smartbar
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Minibar
Folder Found C:\WINDOWS\system32\WNLT
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\S
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [1059 octets] - [08/10/2013 21:07:15]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1119 octets] ##########
JRT Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by IBM USER on Tue 10/08/2013 at 21:21:31.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
~~~ Files
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\IBM USER\Local Settings\Application Data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\IBM USER\Local Settings\Application Data\smartbar"
Successfully deleted: [Folder] "C:\Program Files\minibar"
Successfully deleted: [Folder] "C:\WINDOWS\system32\wnlt"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/08/2013 at 21:28:40.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks again
Hello kar1897.
Thank you for your adwCleaner and JRT reports.
Please run the following scan
AdwCleaner
Double click on AdwCleaner.exe to run the tool again.
- Click on the Scan button.
- AdwCleaner will begin to scan your computer like it did before.
- After the scan has finished...
- This time, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleanerto restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that logfile in your next reply.
- A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Multiple Antivirus Programs
Your DDS log indicates you are currently running multiple antivirus programs (Webroot Client Security, avast! Internet Security, Microsoft Security Essentials, and Webroot SecureAnywhere).
I understand this is an older computer that was given to your daughter. Have you yourself uninstalled any of these programs? Can you please confirm which antivirus program you are using? Thank you.
AdwCleaner Log
# AdwCleaner v3.007 - Report created 09/10/2013 at 22:54:49
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IBM USER - IBM-DEA2D3B0EC7
# Running from : C:\Documents and Settings\IBM USER\Local Settings\Temporary Internet Files\Content.IE5\1QULVFA5\AdwCleaner[1].exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\IBM USER\Local Settings\Application Data\AVG Secure Search
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [1199 octets] - [08/10/2013 21:07:15]
AdwCleaner[R1].txt - [1461 octets] - [09/10/2013 22:53:37]
AdwCleaner[S0].txt - [1400 octets] - [09/10/2013 22:54:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1460 octets] ##########
As for the antivirus programs the only one I installed was Avast. The others were there from the previous owner, I planned to remove them but thats always complicated and we haven't had this computer very long. Apparently long enough to get some fun malware though. Thanks for the help.
Hello, kar1897.
Thank you for your AdwCleaner report and the information regarding your AV programs. The other AV programs that DDS is picking up do not show elsewhere in the log. They may have been deleted and left some registry files behind during the uninstall. Please run the following application. If any of these programs appear (Webroot Client Security, Microsoft Security Essentials, and Webroot SecureAnywhere), please delete them.
AppRemover
Please download AppRemover and save it to your desktop.
- Double click on AppRemover.exe to run it. There may be a short delay before it appears.
- Check the box to accept the licence agreement.
- Click the Start button to begin the scan.
- Please wait for the scan to complete. Once done, a list of your installed programs will appear.
- Choose the one or ones you want to uninstall and click Remove Selected Applications.
- Click the Confirm Product to be Removed button.
- Reboot if asked to do so.
Please run the following scan
Malwarebytes Anti-Malware
Please download Malwarebytes from Here or Here.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please.
In your next reply, please let me know how the computer is running now and what issues you are still experiencing, if any.
MalwareBytes Log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.11.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
IBM USER :: IBM-DEA2D3B0EC7 [limited]
10/10/2013 11:13:27 PM
mbam-log-2013-10-10 (23-13-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271830
Time elapsed: 27 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
The AppRemover only detected Avast
The system seems to be running better, it was also slow, but its not nearly as awful as it was and it's as odd either. Internet Explorer does also open to warning screen that says that the security setting put my computer at risk. and if I just ignore it then that warning appears as a yellow bar across the top on every page.
Thanks for the help
Hello, kar1897.
Good to know that the computer is running better.
Regarding Internet Explorer, see if the following will work for you. However, have you considered making Mozilla Firefox or Google Chrome the default browser? Reviews rank both of these browser's security, speed, compatibility, and overall performance higher than Internet Explorer.
To download either of these browsers:
Mozilla Firefox: HERE
Google Chrome: HERE
Internet Explorer: Disable Security Warning Message
To disable the security settings warning messages, you have to disable the Turn off the Security Settings Check feature. To do this:
- Open the Start Menu Search box.
- Type GPEDIT.MSC in the open field. Press Enter.
- The Local Group Policy Editor screen will open.
- Under Local Computer Policy (left side of screen), locate and click on the following: Computer Configuration > Administrative Templates > Windows Components > Internet Explorer.
- Double click on Turn off the Security Settings Check feature (right side of screen).
- Select Enabled.
- Click Apply > OK.
Please run the following scan
ESET Online Scanner
ESET Online ScannerNote:Run ESET Online Scanner from HERE.
- Disable any antivirus program and antispyware programs to avoid conflicts.
- Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
- Please do not surf the internet while your security programs are disabled.
- Let the scan run uninterrupted to avoid a stall.
- Remember to enable your security programs when the scan has finished.
Under Computer scan settings:
- Click the green ESET Online Scanner button.
- Read the End User License Agreement and check the box YES, I accept the Terms of Use.
- Click on the Start button next to it.
- If prompted, allow the Add-On/Active X to install.
- Do not check Remove found threats
- Check Scan Archives.
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
- Wait for the scan to finish. When the scan completes, click List of found threats.
- Click Export and save the file to your desktop using a unique name, such as ESETScan.
- Copy and paste the contents of this report in your next reply.
- Click the Back button.
- Click the Finish button.
In your next reply, please let me know if the Internet Explorer warning message has stopped.
Hello, kar1897.
Are you still with me? Have you been able to run the ESET Online Scanner?
Due to inactivity, this topic has been closed.
If you still need help, please start a new thread.
Last edited by tashi; 2013-11-19 at 04:52. Reason: Thank you fbfbfb :-)