best free anti virus for Windows XP

Microsoft Windows xp media centre editio...
January 22, 2015 at 12:32:35
Specs: windows XP, 1.70GHZ/503MB RAM
I have a friend who has an XP laptop. Somehow she got TuneUp Pro adn Optimizer PRO installed which told her she has viruses. Not surpising since she doesn't seem to have a virus scanner isntalled. I told her I would look at it. I ran Malware Bytes and it cleaned up an enormous amount of Malware.

Now I want to install some virus scanner software. MSE no longer works even though I found an article that said we have till mid 2015, but it rejected the OS when I tried to install.

An independt test of TEST AV said that Bitdefender ranked well so I installed it, but after 53 minutes it had only scanned 10 objects. Is this normal or can someone suggest something else I should try. The machine is as intel PM 1.7 mhz with 503MB of memory.


See More: best free anti virus for Windows XP

Report •


#1
January 22, 2015 at 12:42:45
MSE should definitely have been accepted. Most likely your computer is still not properly cleaned of malware. You probably need to do a whole lot more but for starters download this file which might help:
http://www.bleepingcomputer.com/dow...
(blue download button near top)
"Save" the file then double click the saved file to run the scan.
Keep all logs because they might be requested.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#2
January 22, 2015 at 13:09:28
Thanks Derek,

I also noticed theat BitDefender is causing the machine to run at 100% so I will try uninstall it for now.


Report •

#3
January 22, 2015 at 13:34:51
Derek,

I downloaded it an am running it. It is at a point where is says 'Pending. Please uncheck elements you don't want removed'. In the bottom excel type box it lists 'Reimage Real Time Protecter' as the Complete name and 'ReimageRealTimeProtector as the Service Name. It is currently checked.


Report •

Related Solutions

#4
January 22, 2015 at 14:20:47
"Somehow she got TuneUp Pro adn Optimizer PRO installed which told her she has viruses"

If you haven't already done so, remove TuneUp Pro & Optimizer Pro immediately. They are both malware.

BitDefender is an excellent free AV choice. It has very little overhead & is much better than MSE. Make sure you install the free edition downloaded directly from the BitDefender site. And make sure to register or it will only run for a 30-day trial period. I run it on all my systems & generally install it on all the systems I work on (if an AV program is needed). I find it hard to believe it's using 100% CPU on your friend's system.

http://www.bitdefender.com/solution...

message edited by riider


Report •

#5
January 22, 2015 at 14:27:04
bccamper, all you do is > Install > Scan > Clean.

Don't touch any settings.

Copy & Paste the contents of the log after cleaning in your reply please.


Report •

#6
January 22, 2015 at 14:34:00
Malwarebytes is another to run too. Freebie version here:

http://www.bleepingcomputer.com/dow...

You might also download and burn to a dvd the "free" Kaspersky rescue disk. It's a Linus based disk. It will load into RAM only, and regard the hard drive merely as a resource, which it will scan fully (if you opt to - and I would). You boot up with dvd, and then Kaspersky will go on-line to update its definitions, then scan.

http://tinyurl.com/373ojxb

Bitdefender can be "a little slow" when running a full scan, especially the first time. You might find it a little faster in sfae-mode? But if there is lot of junk running around in the background that will seriously impact on any virus scanner doing its stuff.

Adcleaner, malwarebytes -and ccleaner - will all do much to clean the system of junk.

And also Junkware Removal Tool (JRT) is another to use. It installs to the desktop, from where you run it. Observe the dos style window for instructions when click on the icon.

http://filehippo.com/download_cclea...

http://www.bleepingcomputer.com/dow...

All the above utilities are safe and free to use.


Report •

#7
January 22, 2015 at 14:37:48
Okay I rebooted the computer and that seemed to help. The computer is becoming usable. Maybe a reboot was required after the last malware Bytes was run, although tit didn't ask for one.

I was able to run an online Trend Micro scan. It came back with no issues.

Also I was able to run BitDefender and it came back with 0 issues as well but it only scanned 61 objects. When I did a google search I was told that it is because it only scans memory objects (http://quickscan.bitdefender.com/faq/)

QuickScan only detects viruses which are active in memory or present in files that are run at system startup. Inactive virus bodies are not scanned for and therefore not detected. To run a full system scan you can use Bitdefender Online Scanner or one of the Bitdefender security solutions

Is this true?


Report •

#8
January 22, 2015 at 14:38:55
I forgot to mention. I did remove the two programs (TunePro and OptimizerPro).

Report •

#9
January 22, 2015 at 14:41:24
I ran bitDefender again and this time it scanned 5891 items. Still seems very small if it is scanning the entire drive. Is there something required to get it to do a full scan?

Report •

#10
January 22, 2015 at 14:45:08
Johnw - I clicked the clean button and it is cleaning up the ReimageRealTimeProtector. It is now asking for a reboot which I will do.

Report •

#11
January 22, 2015 at 14:49:12
bccamper
"MSE no longer works even though I found an article that said we have till mid 2015, but it rejected the OS when I tried to install"
Ditto, I have found it will not install on any XP comps.

I use Baidu Antivirus
http://www.softpedia.com/get/Antivi...
http://www.freewarefiles.com/Baidu-...
http://www.freewarefiles.com/screen...
http://antivirus.baidu.com/en/

To properly remove Bitdefender, use their tool.
http://www.bitdefender.com/support/...

message edited by Johnw


Report •

#12
January 22, 2015 at 14:57:28
"Is there something required to get it to do a full scan?"
Don't worry about using any AV for the moment, that is to be sorted out, once we get you clean.

Report •

#13
January 22, 2015 at 15:09:05
Okay I ran AdwCleaner again it doesn't list anything. What's next?

Report •

#14
January 22, 2015 at 15:12:39
Need to see some logs of what you have deleted.

You can find the logfile at C:\AdwCleaner

Malwarebytes.
If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif
Or,
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
http://i.imgur.com/LNl3Sgw.gif
http://i.imgur.com/xGJgawB.gif

message edited by Johnw


Report •

#15
January 22, 2015 at 15:13:59
Well I found out I was still supposed to click clean which I have done and the computer is now rebooting again.

Report •

#16
January 22, 2015 at 15:20:25
Okay I am getting confused with multiple helping me. Am I suppose to stop running AdwCleaner now?

Report •

#17
January 22, 2015 at 15:22:28
" Am I suppose to stop running AdwCleaner now?"
Yes.

Just need the logs please.


Report •

#18
January 22, 2015 at 15:34:02
first adwCleaner log;

# AdwCleaner v4.108 - Report created 22/01/2015 at 13:10:44
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ACER-6BA9526CA7
# Running from : F:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ReimageRealTimeProtector

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
File Found : C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
File Found : C:\Documents and Settings\Owner\Desktop\Live PC Help.lnk
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.tanzuki.net_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\WINDOWS\Reimage.ini
File Found : C:\WINDOWS\system32\roboot.exe
Folder Found : C:\Documents and Settings\All Users\Application Data\Reimage Protector
Folder Found : C:\Documents and Settings\All Users\Application Data\Reimage Protector
Folder Found : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Found : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Found : C:\Documents and Settings\Owner\Application Data\Systweak
Folder Found : C:\Documents and Settings\Owner\My Documents\Optimizer Pro
Folder Found : C:\Program Files\Amazon\ABB
Folder Found : C:\Program Files\Reimage

***** [ Scheduled Tasks ] *****

Task Found : ReimageUpdater
Task Found : Reimage Reminder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Alexa Internet
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\distromatic
Key Found : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\RightSurf
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Tune
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Bar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Settings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Repair
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RightSurf
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Found : HKLM\SOFTWARE\Reimage
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tune
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7166 octets] - [22/01/2015 13:10:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7226 octets] ##########


Report •

#19
January 22, 2015 at 15:34:47
2nd AdwCleaner log;

# AdwCleaner v4.108 - Report created 22/01/2015 at 14:42:48
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ACER-6BA9526CA7
# Running from : F:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : ReimageRealTimeProtector

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Reimage Protector
Folder Deleted : C:\Program Files\Amazon\ABB
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Owner\My Documents\Optimizer Pro
File Deleted : C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Owner\Desktop\Live PC Help.lnk
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_static.tanzuki.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : ReimageUpdater
Task Deleted : Reimage Reminder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88BE1AA9-6740-461C-9E3E-F35EB8FA741C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\RightSurf
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Browser Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RightSurf
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Repair
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v

[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7306 octets] - [22/01/2015 13:10:44]
AdwCleaner[S0].txt - [7112 octets] - [22/01/2015 14:42:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7172 octets] ##########


Report •

#20
January 22, 2015 at 15:35:29
3rd AdwCleaner log;

# AdwCleaner v4.108 - Report created 22/01/2015 at 15:01:15
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ACER-6BA9526CA7
# Running from : F:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [7306 octets] - [22/01/2015 13:10:44]
AdwCleaner[R1].txt - [638 octets] - [22/01/2015 15:01:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [697 octets] ##########


Report •

#21
January 22, 2015 at 15:36:13
4th AdwCleaner log;

# AdwCleaner v4.108 - Report created 22/01/2015 at 15:13:04
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ACER-6BA9526CA7
# Running from : F:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk

***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [7306 octets] - [22/01/2015 13:10:44]
AdwCleaner[R1].txt - [776 octets] - [22/01/2015 15:01:16]
AdwCleaner[S1].txt - [829 octets] - [22/01/2015 15:13:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [888 octets] ##########


Report •

#22
January 22, 2015 at 15:45:21
MBAM log;

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/21/2015
Scan Time: 2:56:04 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: FAT32
User: Owner

Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 344200
Time Elapsed: 14 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe, 708, Delete-on-Reboot, [d6306dd16b113204c9e51280f0145fa1]
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\updateRightSurf.exe, 588, Delete-on-Reboot, [53b31f1ffc809a9cb9b450529a6a54ac]
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\utilRightSurf.exe, 1944, Delete-on-Reboot, [53b31f1ffc809a9cb9b450529a6a54ac]
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\AdvancedSystemProtector.exe, 2740, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75]

Modules: 5
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\aspsys.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\System.Data.SQLite.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Xceed.Compression.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Xceed.FileSystem.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Xceed.Zip.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],

Registry Keys: 22
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{b9a19c25-a741-47e5-91a2-0b62bef307ff}t, Quarantined, [10f60b335824ef47cd83192756ad52ae],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{58aaf827-6246-4d80-8213-f02005f6345c}t, Quarantined, [66a01a24dba158de6ae6360a1de6f40c],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\CLASSES\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151}, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8D03FA45-4B8C-4427-BE67-EE8885147151}, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon Browser Bar, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater Service for AMZN, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon Browser Settings, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.RightSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RightSurf, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ac225167-00fc-452d-94c5-bb93600e7d9a}, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update RightSurf, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util RightSurf, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AmazonTB.A, HKLM\SOFTWARE\Amazon Browser Bar, Quarantined, [7a8ccf6f3b413ff704ac365cba4a9e62],
PUP.Optional.RightSurf.A, HKLM\SOFTWARE\RightSurf, Quarantined, [d234e757027ab086a0ced9c9d62e619f],
Rogue.Multiple, HKLM\SOFTWARE\MICROSOFT\Software Notifier, Quarantined, [07ff85b95527f244e31fd81b08fbb749],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\SYSTWEAK\Advanced-System Protector, Quarantined, [c54178c6f488ce68132168de32d1b34d],
PUP.Optional.AmazonTB.A, HKU\S-1-5-21-304613304-1644426198-698232982-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET\ALEXA9\Amazon, Quarantined, [cc3a053948348aac76398e047f85659b],
PUP.Optional.AmazonTB.A, HKU\S-1-5-21-304613304-1644426198-698232982-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET\ALEXA9\Amazon, Quarantined, [66a0310d7a02df57bcf3f49ed33153ad],

Registry Values: 1
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Advanced-System Protector_startup, "C:\Program Files\ASP\AdvancedSystemProtector.exe" autolaunch, Quarantined, [c14516281d5f6ccae480f9b525df8b75]

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.AdvancedSystemProtector, C:\Documents and Settings\All Users\Start Menu\Programs\Advanced-System Protector, Quarantined, [fa0cc57989f38da9ff29281ff50e4fb1],
PUP.Optional.AmazonTB.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Amazon Browser Bar, Quarantined, [40c6f34bccb0d1658a23326072927b85],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar, Delete-on-Reboot, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf, Delete-on-Reboot, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin, Delete-on-Reboot, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\TEMP, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\clamunpack, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
Trojan.Agent, C:\Program Files\Microsoft Common, Quarantined, [967078c61d5fe056ff82af4eeb17c937],
PUP.Optional.RightSurf.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajjpgnlpolfpnebjjaciccmmjnmjfjkl, Quarantined, [42c4ab93106cee4880d4ea219f640ff1],
PUP.Optional.RightSurf.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajjpgnlpolfpnebjjaciccmmjnmjfjkl\1.0.1_0, Quarantined, [42c4ab93106cee4880d4ea219f640ff1],

Files: 155
PUP.Optional.Sanbreel.A, C:\WINDOWS\system32\drivers\{b9a19c25-a741-47e5-91a2-0b62bef307ff}t.sys, Quarantined, [10f60b335824ef47cd83192756ad52ae],
PUP.Optional.Sanbreel.A, C:\WINDOWS\system32\drivers\{58aaf827-6246-4d80-8213-f02005f6345c}t.sys, Quarantined, [66a01a24dba158de6ae6360a1de6f40c],
PUP.Optional.AdvancedSystemProtector, C:\Documents and Settings\All Users\Start Menu\Programs\Advanced-System Protector\Uninstall Advanced-System Protector.lnk, Quarantined, [fa0cc57989f38da9ff29281ff50e4fb1],
PUP.Optional.AdvancedSystemProtector, C:\Documents and Settings\All Users\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector.lnk, Quarantined, [fa0cc57989f38da9ff29281ff50e4fb1],
PUP.Optional.AdvancedSystemProtector, C:\Documents and Settings\All Users\Start Menu\Programs\Advanced-System Protector\Register Advanced-System Protector.lnk, Quarantined, [fa0cc57989f38da9ff29281ff50e4fb1],
PUP.Optional.AdvancedSystemProtector, C:\Documents and Settings\All Users\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector Trouble Shooter.lnk, Quarantined, [fa0cc57989f38da9ff29281ff50e4fb1],
PUP.Optional.AdvancedSystemProtector, C:\Documents and Settings\All Users\Desktop\Advanced-System Protector.lnk, Quarantined, [05011b23d2aa91a537f2a4a353b046ba],
PUP.Optional.Boost.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Quarantined, [be48a39bee8ed5616744ca8416ed34cc],
PUP.Optional.Boost.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Quarantined, [ad596dd1bfbdc472f9b3420cdf2432ce],
Rogue.AntiVirus2008, C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk, Quarantined, [7096f6482359a09689122a89956edc24],
PUP.Optional.AmazonTB.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Amazon Browser Bar\protect.xml, Quarantined, [40c6f34bccb0d1658a23326072927b85],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.ini, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\AlxSSBPS.dll, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\AmazonBrowserBarSSB.3.0.dll, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\installer.xml, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe, Delete-on-Reboot, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\update.xml, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\uninstall.ico, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\uninstall.json, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.AmazonTB.A, C:\Program Files\Amazon Browser Bar\uninstaller.exe, Quarantined, [d6306dd16b113204c9e51280f0145fa1],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\RightSurf.ico, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\updateRightSurf.InstallState, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\7za.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\RightSurfUninstall.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\RightSurfUn.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\ajjpgnlpolfpnebjjaciccmmjnmjfjkl.crx, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\updateRightSurf.exe, Delete-on-Reboot, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.PurBrowse.zip, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\utilRightSurf.InstallState, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.PurBrowse.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.BrowserAdapter.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\utilRightSurf.exe, Delete-on-Reboot, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.BrowserAdapter64.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\BrowserAdapter.7z, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\sqlite3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certutil.zip, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\msvcr100.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\7za.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\b9a19c25a74147e591a2.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\b9a19c25a74147e591a264.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\{b9a19c25-a741-47e5-91a2-0b62bef307ff}64.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.expext.zip, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.BRT.zip, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.expext.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\tmp2.tmp, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.expextdll.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\58aaf82762464d808213.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\Interop.NetFwTypeLib.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\pac9064.js, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\58aaf82762464d80821364.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\58aaf82762464d808213f02005f6345c.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\58aaf82762464d808213f02005f6345c64.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\Pac.js, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\RightSurf.BRT.Helper.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.CompatibilityChecker.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.Bromon.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.BrowserAdapter.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.PurBrowse.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.BroStats.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.Repmon.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.FeSvc.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.FFUpdate.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.IEUpdate.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.GCUpdate.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.Msvcmon.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.BRT.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\plugins\RightSurf.ExpExt.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\certutil.exe, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\freebl3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\libnspr4.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\libplc4.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\libplds4.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\nss3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\nssckbi.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\nssdbm3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\nssutil3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\smime3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\softokn3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\sqlite3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.RightSurf.A, C:\Program Files\RightSurf\bin\certUtil\ssl3.dll, Quarantined, [53b31f1ffc809a9cb9b450529a6a54ac],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\AdvancedSystemProtector.exe.config, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\unins000.dat, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\unins000.exe, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\AdvancedSystemProtector.exe, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\AspManager.exe, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\AppResource.dll, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\aspsys.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Microsoft.Win32.TaskScheduler.DLL, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\System.Data.SQLite.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\System.Core.dll, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\asp.ico, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Interop.IWshRuntimeLibrary.dll, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\categories.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\eng_asp_en.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Chinese_asp_ZH-CN.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\danish_asp_DA.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\dutch_asp_NL.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Finnish_asp_FI.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\french_asp_FR.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\german_asp_DE.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\italian_asp_IT.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\japanese_asp_JA.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\norwegian_asp_NO.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\portuguese_asp_PT-BR.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\russian_asp_ru.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\spanish_asp_ES.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\swedish_asp_SV.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\unrar.dll, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Xceed.Compression.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Xceed.Compression.Formats.dll, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Xceed.FileSystem.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Xceed.Zip.dll, Delete-on-Reboot, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\scandll.dll, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\filetypehelper.exe, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\loading_withWhiteBG.avi, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\ASPUninstall.exe, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Chinese_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Danish_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Dutch_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\eng_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Finnish_uninst_fi.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\French_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\German_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\greek_uninst_el.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Italian_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Japanese_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\korean_uninst_ko.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Norwegian_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\polish_uninst_pl.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\portugese_uninst_pt.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Portuguese_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\russian_uninst_ru.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\spanish_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\swedish_uninst.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\traditionalcn_uninst_zh-tw.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Turkish_uninst_tr.ini, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\TPS.ico, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\unins000.msg, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\clamunpack\clamscan.exe, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\clamunpack\libclamav.dll, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\clamunpack\readme.txt, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\ASP-Troubleshooter.chm, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\asp-fixer.exe, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\asp-fixer.com, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\asp-fixer.pif, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\asp-fixer.scr, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\iexplore.exe, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\firefox.com, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files\ASP\Troubleshooter\iexplore.lnk, Quarantined, [c14516281d5f6ccae480f9b525df8b75],
PUP.Optional.RightSurf.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajjpgnlpolfpnebjjaciccmmjnmjfjkl\1.0.1_0\background.js, Quarantined, [42c4ab93106cee4880d4ea219f640ff1],
PUP.Optional.RightSurf.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajjpgnlpolfpnebjjaciccmmjnmjfjkl\1.0.1_0\content.js, Quarantined, [42c4ab93106cee4880d4ea219f640ff1],
PUP.Optional.RightSurf.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajjpgnlpolfpnebjjaciccmmjnmjfjkl\1.0.1_0\icon.png, Quarantined, [42c4ab93106cee4880d4ea219f640ff1],
PUP.Optional.RightSurf.A, C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajjpgnlpolfpnebjjaciccmmjnmjfjkl\1.0.1_0\manifest.json, Quarantined, [42c4ab93106cee4880d4ea219f640ff1],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#23
January 22, 2015 at 15:51:34
Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

Report •

#24
January 22, 2015 at 16:10:44
jrt.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Thu 01/22/2015 at 16:02:41.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update rightsurf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util rightsurf

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERCTRL.EXE-1B059C8A.pf

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\reimage repair"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 16:07:46.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#25
January 22, 2015 at 16:16:38
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

Report •

#26
January 22, 2015 at 16:32:06
Does the scan need to get tot he internet? It tried to open a web page? The scan did however come to a finish.

Report •

#27
January 22, 2015 at 16:34:19
"Does the scan need to get tot he internet?"
Try it that way.

Report •

#28
January 22, 2015 at 16:35:02
RougeKiller log;

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Delete -- Date : 01/22/2015 16:32:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rpcapd ("%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini") -> Not selected
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Not selected
[PUM.Https] HKEY_USERS\S-1-5-21-304613304-1644426198-698232982-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-304613304-1644426198-698232982-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amazon.ca/gp/bit/amazons... -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-304613304-1644426198-698232982-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redi... -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 142.232.191.38 142.232.191.39 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E97BB5CD-39A4-4FC8-A971-0AE9E1DF5B53} | DhcpNameServer : 142.232.191.38 142.232.191.39 -> Not selected
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrbsdrv @ Unknown (\SystemRoot\System32\Drivers\cdrbsdrv.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\NTIDrvr @ Unknown (perc2hib.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST960812A +++++
--- User ---
[MBR] 2e07728f0028dbdc1d3790aaddd5f0e5
[BSP] 3a68b507aba3dfb2db2566c97a1e752d : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3992 MB
1 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8177085 | Size: 26372 MB
2 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 62187615 | Size: 26866 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_01222015_162912.log


Report •

#29
January 22, 2015 at 16:36:40
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#30
January 22, 2015 at 16:40:26
Wow, that system is loaded with garbage!

"Is there something required to get it to do a full scan?"

Right click on the BitDefender icon in the taskbar, then click 'Full System Scan'

message edited by riider


Report •

#31
January 22, 2015 at 16:51:23
John,

I rean the scan for RougeKiller again and here is the website that it would have gone too if I had been connected to the internet;

www.adlice.com/kernelmode-rootkits-part-3-kernel-filters


Report •

#32
Report •

#33
January 22, 2015 at 17:01:59
"www.adlice.com/kernelmode-rootkits-part-3-kernel-filters"
Thanks, will still need the Farbar logs.

Run TDSSKiller. Copy & Paste the contents of the log in your next post please.
http://www.softpedia.com/get/Antivi...
http://usa.kaspersky.com/downloads/...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS doesn't run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button
If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.


Report •

#34
January 22, 2015 at 17:03:13
Need about 1/2 an hour to go through the Farbar logs, are you Ok with time to stay with me.
I'm here.
http://www.timeanddate.com/worldclo...

Report •

#35
January 22, 2015 at 17:23:04
Yes John I am fine. Shall I run the TDSSKiller now?

Report •

#36
January 22, 2015 at 17:25:44
"Shall I run the TDSSKiller now?"
Yes please, nearly finished the Farbar logs.

Report •

#37
January 22, 2015 at 17:33:37
TDSSKiller is done....no threats

Report •

#38
January 22, 2015 at 17:39:46
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = http://www.amazon.ca/gp/bit/amazons...
SearchScopes: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=UP6...
SearchScopes: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = http://www.amazon.ca/gp/bit/amazons...
Toolbar: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
CHR HomePage: Default -> hxxp://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_ca_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_13f0226b72974882bf3c0f69f7e69493_30_46_20140204_CA_cr_sp_IS0
CHR StartupUrls: Default -> "hxxp://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_ca_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_13f0226b72974882bf3c0f69f7e69493_30_46_20140204_CA_cr_sp_IS0"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S0 Wek31; System32\Drivers\Wek31.sys [X]
C:\Documents and Settings\Owner\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#39
January 22, 2015 at 18:03:41
Okay this is a 32 bit machine so I assume you want me to run frst.exe. It is on my desktop so I assume the file that I created called fixlist.txt should also be in the desktop folder.

Report •

#40
January 22, 2015 at 18:07:10
I got it now.....you were just listing both versions of the program. Log coming shortly.

Report •

#41
January 22, 2015 at 18:07:11
"so I assume"
You didn't use the scroll bar to read the final instructions.

Report •

#42
January 22, 2015 at 18:10:11
fixlog.txt;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by Owner at 2015-01-22 18:05:57 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = http://www.amazon.ca/gp/bit/amazons...
SearchScopes: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=UP6...
SearchScopes: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = http://www.amazon.ca/gp/bit/amazons...
Toolbar: HKU\S-1-5-21-304613304-1644426198-698232982-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
CHR HomePage: Default -> hxxp://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_ca_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_13f0226b72974882bf3c0f69f7e69493_30_46_20140204_CA_cr_sp_IS0
CHR StartupUrls: Default -> "hxxp://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p07_serp_cr_ca_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_13f0226b72974882bf3c0f69f7e69493_30_46_20140204_CA_cr_sp_IS0"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
S3 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S0 Wek31; System32\Drivers\Wek31.sys [X]
C:\Documents and Settings\Owner\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
*****************

Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-304613304-1644426198-698232982-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-304613304-1644426198-698232982-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}" => Key deleted successfully.
HKCR\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2} => Key not found.
"HKU\S-1-5-21-304613304-1644426198-698232982-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}" => Key deleted successfully.
HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => Key not found.
HKU\S-1-5-21-304613304-1644426198-698232982-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value deleted successfully.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => Key not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\gcswf32.dll not found.
C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll not found.
cpuz134 => Service deleted successfully.
Wek31 => Service deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\dllnt_dump.dll => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe => Moved successfully.
EmptyTemp: => Removed 531.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:06:26 ====


Report •

#43
January 22, 2015 at 18:14:22
1: Open Malwarebytes, click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif

2: Update & then Scan.

3: Copy & Paste the contents of the log.


Report •

#44
January 22, 2015 at 18:46:40
It has detected 1 item so far. I am assuming i will do a quarantine all at the end like I normally would?

Report •

#45
January 22, 2015 at 18:52:58
" I am assuming i will do a quarantine all at the end like I normally would?"
Yep.

Report •

#46
January 22, 2015 at 19:18:00
mbam1.txt;

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/22/2015
Scan Time: 6:32:04 PM
Logfile: mbam1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.22.12
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: FAT32
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351952
Time Elapsed: 30 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.SwiftBrowse, C:\Documents and Settings\All Users\Application Data\f4e5cafa-041c-4d83-9f44-9e0fef4a1387\maintainer.bak, Quarantined, [84cd7f783c4db6807a7583766a9756aa],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#47
January 22, 2015 at 19:21:38
You can disable the Malwarebytes Rootkit check now.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Remove disinfection tools
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)


Report •

#48
January 22, 2015 at 19:36:51
it seems XP doesn't have run as admin

Report •

#49
January 22, 2015 at 19:39:13
Ignore the admin instruction then.

Report •

#50
January 22, 2015 at 19:42:46
delfix.txt

# DelFix v10.8 - Logfile created 22/01/2015 at 19:40:21
# Updated 29/07/2014 by Xplode
# Username : Owner - ACER-6BA9526CA7
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.44_22.01.2015_17.31.39_log.txt
Deleted : C:\Documents and Settings\Owner\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Owner\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.exe
Deleted : C:\Documents and Settings\Owner\Desktop\FRST.txt
Deleted : C:\Documents and Settings\Owner\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Owner\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1119 [Software Distribution Service 3.0 | 11/07/2014 18:43:10]
Deleted : RP #1120 [System Checkpoint | 12/02/2014 18:01:51]
Deleted : RP #1121 [Software Distribution Service 3.0 | 12/03/2014 19:37:16]
Deleted : RP #1122 [Software Distribution Service 3.0 | 12/07/2014 01:58:30]
Deleted : RP #1123 [Software Distribution Service 3.0 | 01/21/2015 18:58:51]
Deleted : RP #1124 [Installed Windows XP Wdf01009. | 01/22/2015 18:40:15]
Deleted : RP #1125 [Removed J2SE Runtime Environment 5.0 Update 11 | 01/22/2015 21:14:32]
Deleted : RP #1126 [Removed Microsoft .NET Framework 1.1 | 01/22/2015 21:16:18]
Deleted : RP #1127 [Removed Microsoft Silverlight | 01/22/2015 21:19:13]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#51
January 22, 2015 at 19:43:22
We are nearly finished.

What issues are you having now?

Delete files using Disk Cleanup
http://windows.microsoft.com/en-au/...

" MSE no longer works even though I found an article that said we have till mid 2015, but it rejected the OS when I tried to install"
What I have found, MSE when already installed, runs & updates Ok, it's when a brand new install is attempted, it fails.

message edited by Johnw


Report •

#52
January 22, 2015 at 19:49:46
Done.

Doesn't seem to be any problems now. Machine is running not bad. The only thing I have to do is install a virus scanner. I uninstalled it because I couldn't figure out how to disable it.


Report •

#53
January 22, 2015 at 19:54:05
Keep BitDefender or refer my post #11

Ok, the comp is clean now.

Here is how your friend got into this mess, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from the logs, a lot of stuff was installed, that your friend did not know about.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#54
January 22, 2015 at 19:59:53
Yes John, I totally agree. I have warned my sister of the same thing cause I see so much crap automaticlaly getting instaleld. Thank you so much for all your help. You are incredible. I wish you were close enough for me to buy you a beer or two. Thanks again so much.

Report •

#55
January 22, 2015 at 20:10:13
"I wish you were close enough for me to buy you a beer or two. Thanks again so much"
Thank you, things went very smoothly, you were a good student & stayed with me, so it didn't drag on for days & days.

Report •

#56
January 23, 2015 at 04:46:22
John
Just an aside. Looks like if you already have MSE (or an early download) it still updating for a while but MS no longer let you download/install it.

I recall a while back you said that Bitdefender slowed XP. Is that still your findings with whatever the latest version is? If not what do you currently recommend? I still have an old XP.

bccamper
You might find these two of interest:
http://www.computing.net/howtos/sho...

http://www.computing.net/howtos/sho...

Always pop back and let us know the outcome - thanks


Report •

#57
January 23, 2015 at 05:10:23
"John
Just an aside. Looks like if you already have MSE (or an early download) it still updating for a while but MS no longer let you download/install it."
Yep, refer post #51.

I'm off to bed Derek, your's & others shift now.


Report •

#58
January 23, 2015 at 15:44:53
Hi John,

Not sure if you are still looking at this thread. I still might have a problem. I left the installation of BitDefender running over night. I came back today and it is instaleld, however I am getting some error messages. One referred to bdagent, which by doing a google search might be a virus. Also there was a message referring to selfservice.exe. It seems to have soemthing to do with Citrix. I am going to run a complete Malware and BitDefender scanner and see what it comes up with, but I might need your help again.


Report •

#59
January 23, 2015 at 15:56:30
I'm here, give me a few minutes to think about it.

Report •

#60
January 23, 2015 at 16:01:35
Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#61
January 23, 2015 at 17:47:54
Sorry for the delay John. I was on my way home. Didn't expect such a quick response. Thanks. Combofix is running now.

Report •

#62
January 23, 2015 at 17:54:40
ComboBox wants me to disable BitDefender. As I said last night I could not find a way to do this with either of the links you gave me. The first says to click on Virus Shield. I don't have that. The second says to click on Setting. I h ave General Settings but then under that I don't have Antivirus Section on the left pane.

Report •

#63
January 23, 2015 at 18:07:24
Is this the way you did it?

http://forum.bitdefender.com/index....


Report •

#64
January 23, 2015 at 18:11:33
I don't have setting on the main menu. Is there a way for me to send you a screen shot of what I do have?

Report •

#65
January 23, 2015 at 18:16:53
Yep, just use what you used before as per post #29

message edited by Johnw


Report •

#66
January 23, 2015 at 18:20:56
I use this, or upload to a site of your choosing. I upload to Imgur.com for images & zippyshare for files ( neither need an account ) Give us the links please.

Image Uploader
http://www.softpedia.com/get/Intern...
http://zenden.ws/imageuploader_ru

How to use for images.
http://i.imgur.com/mWxzNlv.gif
http://i.imgur.com/ODCCcPf.gif
http://i.imgur.com/zalhLtW.gif

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/Wg3nZ4G.gif
http://i.imgur.com/txFkgpT.gif

message edited by Johnw


Report •

#67
January 23, 2015 at 18:23:37
http://www78.zippyshare.com/v/5qflx...

Report •

#68
January 23, 2015 at 18:31:58
Ok I googled & your version 2015 matches this video.

disable bitdefender 2015
http://is.gd/uZyxq0
https://www.youtube.com/watch?v=gVZ...


Report •

#69
January 23, 2015 at 18:38:05
okay it is disabled and combofix is running

Report •

#70
January 23, 2015 at 19:20:03
John,

It told me that the recovery console was either not installed or needed updating so as you said I let it go ahead. It installed successfully. The scan then continued. As expected it seems to be running for quite some time.


Report •

#71
January 23, 2015 at 19:22:09
"The scan then continued"
Perfect so far.

Report •

#72
January 23, 2015 at 19:22:35
I hope I didn't hang it up. The screen save kept coming on so I tried to change the time.

Report •

#73
January 23, 2015 at 19:33:21
Looks like it is stil running cause I got a message in the system task area that says 'Your system is running low on VM. Windows in increasing the size of your VM paging file.

Report •

#74
January 23, 2015 at 19:41:59
Actually the clock has stopped....it still says 7:27 and it is now 7:41. It looks like the machine is frozen. Shall I reboot and restart ComboFix?

Report •

#75
January 23, 2015 at 19:44:32
From my instructions.
"If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working."

Report •

#76
January 23, 2015 at 20:02:58
Yes I followed that. I asked if should reboot and restart it (#74)

Report •

#77
January 23, 2015 at 20:11:32
"it still says 7:27 and it is now 7:41"
Opp's sorry, misunderstood that bit.

Reboot, you may have to run again, lets see if we get a log.

If you have to run again, disable screensaver & power stuff, so you don't have to touch the mouse.


Report •

#78
January 23, 2015 at 21:45:55
John,

I have tried it three times. But the clock now says 9:36 but it is actually 9:43. I made sure I didn't touch the computer this time, but I got the 'system low on VM' again. I am assuming this is when it hangs. Also BitDefender is showing a red X because it is disabled, but the number at the bottom of the circle is up to 10. I am not sure what this number is but I was wondering if it was the number of viruses.


Report •

#79
January 23, 2015 at 21:52:55
Can I have a look at the virtual memory settings please,

"but I was wondering if it was the number of viruses"
Have a look in the BitDefender log.


Report •

#80
January 23, 2015 at 21:54:00
"Can I have a look at the virtual memory settings please"
How do I look at them

Report •

#81
January 23, 2015 at 22:02:06
I just googled.
Make sure it is set to Automatically.......

Windows 7 - Set to > Automatically manage paging file size for all drives.
http://computerlearnhow.com/how-to-...


Report •

#82
January 23, 2015 at 22:05:36
This machine is XP

Report •

#83
January 23, 2015 at 22:08:15
Sorry, I'm working on three W7 comps here.

Just google it.


Report •

#84
January 23, 2015 at 22:10:35
the bitdefender items was because the update was failing.....seems the machine is losing internet connectivity periodically.

Report •

#85
January 23, 2015 at 22:13:20
Here are some notes from my XP days, I think they should be right.

1: Right-click "My Computer", then "Properties".
2: Choose the "Advanced" tab. Under "Performance" click "Settings".
3: In the Performance Options window, click > Advanced.
4: Virtual memory, click on > Change.
5: Make sure you are in "C" drive & select > System managed size.
6: Click on > Set & then OK.
7: Continue clicking OK, to close down the pages.
8: Reboot & check again to make sure you have done it right & the settings have stuck.


Report •

#86
January 23, 2015 at 22:17:04
Paging size is set to;

Initial 756MB
Max Size 1512 MB

Min Allowed 2MB
Recommended 754MB
Currently Allocated 756MB


Report •

#87
January 23, 2015 at 22:22:06
SS ( screenshot ) please.

Report •

#88
January 23, 2015 at 22:30:42
http://www59.zippyshare.com/v/wCOM1...

Report •

#89
January 23, 2015 at 22:36:25
Refer SS.
http://i.imgur.com/eWt66jS.gif

Report •

#90
January 24, 2015 at 00:04:21
Hi John,

It's 12:03. I am going to call it a night. I just checked the computer and it looks like it hung again at 11:40 because that is the current time on the machine. Maybe it is not repairable.


Report •

#91
January 24, 2015 at 00:13:27
"It's 12:03"
Where are you?

"Maybe it is not repairable"
Lets run this, it will work out your operating system.

Run Tweaking.com - Windows Repair

Disable your antivirus program before running Windows Repair.
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...

Start at Step 1 & when you get to the final step ( Repairs ) check/tick all the boxes. Reboot when finished.

http://www.softpedia.com/get/Tweak/...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

How to run Tweaking.com excluding Step 2 ( Malwarebytes scan )
http://i.imgur.com/va6V4tw.gif
http://i.imgur.com/ryjNIEV.gif
http://i.imgur.com/zV5VeU0.gif

Copy and Paste the contents ( or upload ) of the following log in your reply:
32-bit
C:\Program Files > Tweaking.com > Windows Repair (All in One) > Tweaking.com_Windows_Repair > Logs
64-bit
C:\Program Files (x86) > Tweaking.com > Windows Repair (All in One) > Tweaking.com_Windows_Repair > Logs
Refer SS ( screenshots )
http://i.imgur.com/6zQBU9H.gif
http://i.imgur.com/e63WNzy.gif


Report •

#92
January 24, 2015 at 07:40:15
Morning John,

I am sure you are not up yet (I wouldn't be either if the wife didn't have to work) but I thought I would give you an update. When I rebooted the computer I got an error that says 'The file or directory is corrupted and unreadable', however I am in windows. I will try the repair and let you know how it goes.


Report •

#93
January 24, 2015 at 07:43:57
Another message appeared in the task area 'Windows corrupt file' Exception Processing Message c0000102 Parameters 75b6bf7c 75b6bf7c 75b6bf7c 75b6bf7c

Report •

#94
January 24, 2015 at 08:51:02
Started repair program. Followed step 01 by shutting down the machine, removing the battery and power cord, and pressing the start button three times. Rebooted the computer and restarted the repair. This time I got a window that checked to ensure all files were in the program folder. It said Done! but the window never went away. I finally clicked the X and it went to step 01.

I skipped step 2 as it wanted to download and install MalwareBytes, which I already have installed, so I updated it and ran a threat scan manually. The scan ran with no malicious items.

Step 03 - I rant part 1. At the end it wants me to answer 'Convert Lost chains to file?'. I am trying to type a Y but it is not being accepted. I can't seem to type anything.


Report •

#95
January 24, 2015 at 09:51:43
Step 03 - part 2 - I ran it and it said a system restart would be required. I rebooted and a message saying the disk needed to be checked came up (been getting this for a while actually). I ran until about 2% and then quit. It then ran again and went to 5% and then quit. It didn't look at all like the usual check disk I am used to. I waited for windows to start and then went to a dos screen. I ran chkdsk /R /F c: and it sad it would run on the net restart. I rebooted again, but still I don't see a complete chkdsk running.

Step 04 - I ran system file checker. I got a dos prompt that ran the command and said to restart after the scan with a press enter to continue. The command started a windows dialogue box which looks like it was running the scan. At the end there was no report. On the dos screen I hit enter and saw a message flash by that said 'batch file not found'.

I am not at step 5 - I am not sure if I should do a backup at this point based on what I have encountered. I will wait to hear back from you before doing anything else.


Report •

#96
January 24, 2015 at 13:54:15
Very hard to know what is going on.

Try chkdsk this way, using OPTION ONE > How to run Chkdsk - Graphical < first.

Check both boxes.

http://best-windows.vlaurie.com/chk...


Report •

#97
January 24, 2015 at 14:11:30
Same thing. The computer reboots and tells me a drive needs to be checked for consistency but it never seems to run the full chkdsk. Would it be worth to try run it from some sort of boot disc. I did that once before with another rmachine.

Report •

#98
January 24, 2015 at 14:16:23
Obtaining CHKDSK Results ( log file ) Copy & Paste the contents of the log please.
http://www.cpucare.net/OS/XP/Viewin...
Highlight the text & use Ctrl + C to Copy then Paste.

Report •

#99
January 24, 2015 at 14:22:25
Would it be worth to try run it from some sort of boot disc. I did that once before with another rmachine"
Anything is worth a try.

A comp I was working on yesterday, took 4 goes at running different combinations of chkdsk.

Another to try.

At a command prompt, Copy & Paste ----> chkdsk c: /v /f

Then press Enter.


message edited by Johnw


Report •

#100
January 24, 2015 at 14:27:28
Did you look for logs from Tweaking.com?

Report •

#101
January 24, 2015 at 14:36:15
The latest winlogon there was from 1/22/2015 at 7:20:33PM; Here is the contents;

Checking file system on C:
The type of the file system is FAT32.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Volume Serial Number is 320D-180E
Windows has checked the file system and found no problems.
26992048 KB total disk space.
1406800 KB in 1870 hidden files.
94768 KB in 5842 folders.
21535792 KB in 62599 files.
3954672 KB are available.

16384 bytes in each allocation unit.
1687003 total allocation units on disk.
247167 allocation units available on disk.


For more information, see Help and Support Center at


Report •

#102
January 24, 2015 at 15:15:50
Just in case you are waiting for me, I am waiting to see a completed scan, it will have either 3 or 5 stages.

It can take up to 3 hours.


Report •

#103
January 24, 2015 at 15:18:33
"The type of the file system is FAT32"
Very interesting.

Probably best to get a good result with chkdsk first, then definitely change to NTFS.

To change from FAT 32 to NTFS file system for more stability, security and less fragmentation, open the command prompt, Copy & Paste ---> Convert C: /FS:NTFS

Then press > Enter.

Choosing between NTFS, FAT, and FAT32
https://www.microsoft.com/resources...

message edited by Johnw


Report •

#104
January 24, 2015 at 21:58:48
Hi John,

Still no luck. I tried a bootable XP cd I had, but it only gives the option of installing XP, creating a partition or deleting a partition. There is no way to get to a dos prompt. I also created an Acer recovery cd and also it only gave restoring to the factory setting as the only option. When I used a recovery cd on a different machine I fixed once, it was Win 7 so maybe it was different. Do you know of any way I can create a XP bootable CD that I can get to a dos prompt to run utilities?


Report •

#105
January 24, 2015 at 22:24:24
Can we backtrack to my post #99 onwards & respond to those first.

Report •

#106
January 24, 2015 at 23:03:10
"Would it be worth to try run it from some sort of boot disc. I did that once before with another rmachine"
"Anything is worth a try."
Up to before this post I had tried differnt boot disc's I have and nothing worked where I could get to a dos prompt to run the chkdsk

"A comp I was working on yesterday, took 4 goes at running different combinations of chkdsk."
"Another to try."
"At a command prompt, Copy & Paste ----> chkdsk c: /v /f"
"Then press Enter."
I did this and I ran into the same problem as I have every time I have tried to run chkdsk. It wants to reboot before it will run. However when I reboot the full chkdsk does not run.


******** new update *******
Since I cannot seem to find or make a WIN XP repair CD that I can boot with and get to a dos prompt, I decided to try boot with my 32 bit Win 7 repair disc. I have no idea if this would work, but I knew it had the option for me to get to a dos prompt. I have done this and I am not running chkdsk /f /r c: and it seems to be doing the full run now. The big issue will be how to get you the log. What I might have to do is to film scolling thru the log and upload the video file.


Report •

#107
January 24, 2015 at 23:21:23
" and it seems to be doing the full run now"
Fingers crossed.

"The big issue will be how to get you the log"
Should be the same as before.


Report •

#108
January 24, 2015 at 23:26:41
What is the same as before. I am in a position where I have no way to copy or paste and no way to save a file to the hard drive or a usb stick.

Report •

#109
January 24, 2015 at 23:36:07
Turns out I was wrong. I type notepad at the command prompt and up popped notepad. Here is the log;

X:\windows\system32>chkdsk /f /r c:
The type of the file system is FAT32.
Volume ACER created 3/21/2006 12:26 PM
Volume Serial Number is 320D-180E
Windows is verifying files and folders...
\ComboFix\N_\32544 is cross-linked on allocation unit 918081.
Cross link resolved by copying.
The \System Volume Information\_restore{42382A6D-A202-4D10-8672-F706D2544C0B}\RP
1132\A0202594.ref entry contains a nonvalid link.
The size of the \System Volume Information\_restore{42382A6D-A202-4D10-8672-F706
D2544C0B}\RP1132\A0202594.ref entry is not valid.
\System Volume Information\_restore{42382A6D-A202-4D10-8672-F706D2544C0B}\RP1132
\A0201518.INI first allocation unit is not valid. The entry will be truncated.
\System Volume Information\_restore{42382A6D-A202-4D10-8672-F706D2544C0B}\RP1132
\A0201534.ini first allocation unit is not valid. The entry will be truncated.
\System Volume Information\_restore{42382A6D-A202-4D10-8672-F706D2544C0B}\RP1132
\change.log.6 first allocation unit is not valid. The entry will be truncated.
\System Volume Information\_restore{42382A6D-A202-4D10-8672-F706D2544C0B}\RP1132
\A0202554.ini is cross-linked on allocation unit 918087.
Cross link resolved by copying.
\Program Files\Tweaking.com\Windows Repair (All in One)\files\regfiles\8\swprv.r
eg is cross-linked on allocation unit 918084.
Cross link resolved by copying.
\Program Files\Tweaking.com\Windows Repair (All in One)\files\regfiles\8\vds.reg
is cross-linked on allocation unit 918085.
Cross link resolved by copying.
The \Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\smartdb-n
tfs.db entry contains a nonvalid link.
The size of the \Program Files\Common Files\Bitdefender\Bitdefender Threat Scann
er\smartdb-ntfs.db entry is not valid.
\WINDOWS\system32\dllcache\nwprovau.dll is cross-linked on allocation unit 91808
2.
Cross link resolved by copying.
File and folder verification is complete.
Bad links in lost chain at cluster 16737 corrected.
Bad links in lost chain at cluster 17215 corrected.
Bad links in lost chain at cluster 39977 corrected.
Bad links in lost chain at cluster 41296 corrected.
Lost chain cross-linked at cluster 56197. Orphan truncated.
Lost chain cross-linked at cluster 65455. Orphan truncated.
Bad links in lost chain at cluster 64750 corrected.
Lost chain cross-linked at cluster 1225708. Orphan truncated.
Bad links in lost chain at cluster 1237937 corrected.
Lost chain cross-linked at cluster 1278377. Orphan truncated.
Lost chain cross-linked at cluster 1279835. Orphan truncated.
Lost chain cross-linked at cluster 1278233. Orphan truncated.
Lost chain cross-linked at cluster 1279428. Orphan truncated.
Lost chain cross-linked at cluster 1278388. Orphan truncated.
Lost chain cross-linked at cluster 1279873. Orphan truncated.
Lost chain cross-linked at cluster 1279378. Orphan truncated.
Lost chain cross-linked at cluster 1279550. Orphan truncated.
Lost chain cross-linked at cluster 1279829. Orphan truncated.
Lost chain cross-linked at cluster 1286988. Orphan truncated.
Lost chain cross-linked at cluster 1288775. Orphan truncated.
Lost chain cross-linked at cluster 1288838. Orphan truncated.
Convert lost chains to files (Y/N)? Y
1395264 KB in 36 recovered files.
Windows is verifying free space...
Free space verification is complete.
Windows has made corrections to the file system.
26,992,048 KB total disk space.
619,328 KB in 1,933 hidden files.
99,536 KB in 6,131 folders.
24,898,336 KB in 71,137 files.
1,374,832 KB are available.

16,384 bytes in each allocation unit.
1,687,003 total allocation units on disk.
85,927 allocation units available on disk.

X:\windows\system32>


Report •

#110
January 24, 2015 at 23:42:39
I would run chkdsk from Windows now, try the normal way & Command prompt.

I found yesterday they still corrected the files.


Report •

#111
January 25, 2015 at 00:24:48
I tried running chkdsk from dos prompt and from windows. Both time after rebooting, a message was displayed that a check disk had been scheduled, but it only ran until about 4 percent and then continue to load windows.

Report •

#112
January 25, 2015 at 00:30:14
" but it only ran until about 4 percent"
Run sfc /scannow

Report •

#113
January 25, 2015 at 00:45:21
Okay done. It didn't give any log though.

Report •

#114
January 25, 2015 at 00:55:41
Hi John,

It is 1AM so I am going to call it a night.


Report •

#115
January 25, 2015 at 03:31:19
"Okay done. It didn't give any log though'
There is a log, very, very large. Google if you want to view it.
What we are trying ti do now, is get chkdsk behaving normally.

Did you check it after running SFC?

If still not running properly, go straight to the last option in Tweaking.com, check all the boxes & then uncheck the two W8 boxes. Now run.

When finished, test chkdsk.

Not many options left after that, to find a repair. Here are the last two.

Lazesoft Recovery Suite Home Edition
http://www.softpedia.com/get/System...
http://www.lazesoft.com/lazesoft-re...
Tutorials
http://www.lazesoft.com/guide.html
Screenshot ( SS )
http://i.imgur.com/4HXqQKS.jpg
How to Boot a Computer from a Lazesoft Recovery USB Device
http://www.lazesoft.com/create-a-bo...

Get an XP install disk, EXACTLY the same as what is installed.

It will offer two methods of repair, one you lose everything, the other you lose only the Windows updates.
Google for instructions.



Report •

#116
January 25, 2015 at 03:51:43
Going back to the memory side of things, it wouldn't hurt to remove the memory & clean the contacts. Then just try one stick at a time.

Report •

#117
January 25, 2015 at 03:54:11
Also, go to the hard drive manufacturers site & download their disk check.

Report •

#118
January 25, 2015 at 04:06:15
Another thought, take the hard drive out & slave it to another comp.

Run chkdsk on the faulty drive.


Report •

#119
January 25, 2015 at 19:16:35
"There is a log, very, very large. Google if you want to view it."
2 google articles I found state there is no log for sfc in Win XP. I searched the entire drive and there is no CBS folder.

"If still not running properly, go straight to the last option in Tweaking.com, check all the boxes & then uncheck the two W8 boxes. Now run."
Okay I ran the repair of tweaking.com

"When finished, test chkdsk."
Still seems to do the same. Got the message 'A disk check has been scheduled'. Only ran for about 30-40 seconds (6%) and then it said it had completed schecking the drive'

"Not many options left after that, to find a repair. Here are the last two."
"Lazesoft Recovery Suite Home Edition"
Downloaded it and tried to create the boot cd you need to be abe to run recovery. The first screen gives you a drop menu that tells you 'Please select the Windows version of thr target computer'
And then the defaut choice is 'DO NOT Specify the Windows version of the target computer' I was not sure what to do but I chose 32 bit XP as the choice.
IN Options I check or uncheck 'Specify WinPE Version' I am not sure what WinPe is but there is no XP choice, only 7, 8 and 8.1 32 and 64 bit.

I chose not to specify WinPE version and the burn fails on 'An error occured while creating the WINPE ISO image'. I tried specifiy Win 7 32 bit and the winpe version and it still failed.


Report •

#120
January 25, 2015 at 19:49:48
"2 google articles I found state there is no log for sfc in Win XP. I searched the entire drive and there is no CBS folder"
That's it then, must have started logs with Vista.

Too many issues, I reckon my post #118 is now the way to go.


Report •

#121
January 25, 2015 at 20:11:54
I have downloaded seagate tools for windows. Will run that against the drive. I don't have a way to slave the drive here but will it tomorrow at work.

Report •

#122
January 25, 2015 at 20:35:05
Sounds good, may as well do #116

Report •

#123
January 25, 2015 at 21:08:43
Sorry John,

Should have told you I already did #116. There is only one chip. I took it out and it looked really clean. I re-seated it to make sure it was in completely.

The Seatools turned out to be a bust. I downloaded and installed it, but when I try to run I get the following error;

Could not load file or assembly SpawnClr.dll'

I googled the error but all I could find was people who were trying to do their own devlopment and had an issue with their code.

I will try slave the drive tomorrow and scan it.


Report •

#124
January 25, 2015 at 21:23:57
"I will try slave the drive tomorrow and scan it"
Yep, there is something really out of order. Going to be very interesting to see if you can get it to run.

Report •

#125
January 25, 2015 at 21:29:36
John I opened a post on the Seagate forum to see if I can resolve the issue running Seatools.

Report •

#126
January 25, 2015 at 21:33:34
Sounds hopeful. Definitely a result from Seagate should help.

Report •

#127
January 27, 2015 at 14:12:57
Hi John,

I have not received any answer back from the community at Seagate yet. Yesterday however I did find a copy of a Kaspersky rescue CD. I booted the machine with it and I was able to run a virus scan and it did find one infection and clean it up.

Today I took the drive out and slaved it to my laptop and ran chkdsk. What is weird it is it still doesn't look like the chkdsk I am familiar with. Yesterday I tried on 2 machines that are working and I was able to see all 5 stages run. Does it have anything to do with the fact that this drive is FAT32 instead of NTFS? Anyway here is the output from chkdsk.

C:\Users\glrider>chkdsk /f /r G:
The type of the file system is FAT32.
Volume ACER created 2006-03-21 12:26
Volume Serial Number is 320D-180E
Windows is verifying files and folders...
File and folder verification is complete.
Windows is verifying free space...
Free space verification is complete.
Windows has checked the file system and found no problems.
26,992,048 KB total disk space.
1,330,768 KB in 520 hidden files.
83,984 KB in 5,146 folders.
19,628,096 KB in 59,402 files.
5,949,184 KB are available.

16,384 bytes in each allocation unit.
1,687,003 total allocation units on disk.
371,824 allocation units available on disk.

C:\Users\glrider>


Report •

#128
January 27, 2015 at 16:02:23
It is a long, long time since I have seen an hard drive running Fat32, now that chkdsk has done it's job, time to convert to NTFS as per post #103.

After doing so.

Run chkdsk again on the NTFS drive.

Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif


Report •

#129
January 28, 2015 at 15:07:14
John,

I figured that if I am going to convert the FS I better make sure all the her data is backed up. A few days ago, when i was trying to run chkdsk from Windows, I noticed the C drive was 25GB and it was like 99% full. I started thinking maybe this has something to do with a lot of the problems. The easiest things I know to move are the rollback folder for KB patches, so I took them along with the ie7 and ie8 updates and moved them to the D drive for now.

Today I talk to he and she figured she didn't have many personal documents, but I thought I would search just to be sure. So far I have found 20.090 .doc files. I am waiting for it to finish so I can look at them in detail mode, because it seems to be showing they are all in one directory, but if I look in that directory either in Windows explorer or DOS, i only see about 12.

I will let you know what I find.


Report •

#130
January 28, 2015 at 15:11:34
"I started thinking maybe this has something to do with a lot of the problems"
Without doubt.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif


Report •

#131
January 28, 2015 at 15:22:41
If the disk almost full... It will have serious problems running any defrag routine, and likely chdisk, and equally some assorted cleanup utilities?

I seem to recall defrag etc like about 10% or so free space in order to run (even if a drive is slaved to another system)?


Report •

#132
January 28, 2015 at 20:00:22
The drive now has 7.92 GB free.

Report •

#133
January 28, 2015 at 20:08:37
"The drive now has 7.92 GB free"
Beautiful.

Report •

#134
January 28, 2015 at 20:10:43
Is that now NTFS?

Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif


Report •

#135
January 28, 2015 at 20:20:42
No I wanted to make sure I had everything backed up. I think I do now so I will try the conversion to NTFS.

Report •

#136
January 28, 2015 at 20:25:50
"I think I do now so I will try the conversion to NTFS"
Yep, now is the time, you would got told there was not enough space before you reclaimed it.

Report •

#137
January 28, 2015 at 20:50:37
john, the conversion won't take place. I ran the command from the dos prompt and it asked me for the volume label, and then asked if I wanted to a force dismount. I said yes but it then told me it failed and asked me if I wanted to run on the next restart. I said yes and then restarted but all that happened was a disk check started but gave me a message that it failed.

Report •

#138
January 28, 2015 at 20:59:12
No idea.

Convert C: /FS:NTFS fails

http://bit.ly/1tvfFJq


Report •

#139
January 28, 2015 at 21:04:06
I tried again and was able to get the error this time. Because the dskchk is unable to run it is unable to do the conversion.

Report •

#140
January 28, 2015 at 21:06:30
Just read one of the google post, he persevered with doing a chkdsk scan & once successful, the conversion worked.

Report •

#141
January 28, 2015 at 21:08:31
Looks like you need to let it run at least 24 hours.

Run chkdsk c: /f /r again.

Others to try.

chkdsk c: /f /r /x

chkdsk c: /f /r /v

Then if needed, try to get chkdsk to run & finish in Safe mode.


Report •

#142
January 28, 2015 at 21:51:04
John,

None of thsoe worked. However I did find something info. I noticed when I was rebooting I was able to go into a recovery console. There I could run chkdsk but the only parameter that seemed to work as /p.

I rebooted back to normal windows and just ran chkdsk. It told me there are errors on the disk but did not fix them because it was not run with /f. It tells me about two files that are both in the windows/prefetch folder. It says 'first allocation unit is not valid'.

Can I delete these files or are they required by windows?

The other thing I wondered is can I run the convert of the drive by slaving it to another machine. If I can do that does it have to be done on a Win Xp computer or can it be done on a Win 7 computer?

One other thing is that along this way I think Iw as able to create an Acer recover disk. Is it time to try restore with this? The problem is I would have to see if my friend has and software cd's to reinstall anything that would be lost. It might be the final option.


Report •

#143
January 28, 2015 at 21:59:04
"Can I delete these files?"

Yep.

Run CCleaner ( This is a slim version that doesn't install the Yahoo toolbar )
http://www.freewarefiles.com/CClean...
http://www.freewarefiles.com/screen...
http://www.softpedia.com/get/Securi...
http://www.piriform.com/ccleaner/bu...
http://www.ccleaner.com/download/bu...
Tutorial
http://www.ccleaner.com/help/tour/
Forum
http://forum.piriform.com/index.php...

message edited by Johnw


Report •

#144
January 28, 2015 at 22:06:22
I have ccleaner already installed. Was yep meaning i can delete the files.

Report •

#145
January 28, 2015 at 22:27:54
Opp's, delete & try chkdsk again.

All of the others questions you will need to google.


Report •

#146
January 28, 2015 at 22:34:34
I deleted all the files from the prefetch directory. When I run chkdsk it creates a new file there and it is the file it complains about.

Report •

#147
January 28, 2015 at 23:04:49
"Is it time to try restore with this?"

I use the Wise tools on every comp I work on.

Lets see if this solves any problems.

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif


Report •

#148
January 29, 2015 at 08:19:48
hi John,

I ran the disk cleaner again and then ran the registry cleaner. i ran it a couple of times, rebooting in between each run. On the latest run, it found 56 problems of which 22 were unsafe.

After cleaning it reported that 56 problems were found, 29 were solved, and 5 failed to be removed. I am going to reboot and run it once more as I assume the numbers should go down.


Report •

#149
January 30, 2015 at 05:45:22
A side note... M$ Technet and other M$ support/chat areas advise a minimum of 15% free space in order to run a defrag successfully... My suggested 10% (from memory) was a little low..?

https://technet.microsoft.com/en-us...

http://tinyurl.com/jw68ev8


Report •

#150
February 1, 2015 at 12:42:28
Hi John,

I guess you are waiting for a response from me. I ran wiseregistry cleaner three more times and here are the results I got;

Problems Found Solved Failed
36 30 5
35 30 5
36 31 5

If it is solving 30 problems I am not sure why it comes back the next time with the same number of problems found.


P.S. Thx Trvlr. I will have a look at it.


Report •

#151
February 1, 2015 at 14:37:09
"I guess you are waiting for a response from me"

Iv'e lost track of what the main issue is, refresh me please.


Report •

#152
February 1, 2015 at 17:44:56
Yes John, I was thinking the same thing. I am not sure at this point what we are still trying to resolve now. We were trying to get a chkdsk to run successfully and althought I did that with it as a slaved drive, I am not sure we have been successful yet with it installed in its mative machine.

I guess on my latest response are you okay that Wise Registry Cleaner does not seem to be cleaning all the issues it finds. If so I will give the machine back to my friend and get her to try it for a while and see what happens.


Report •

#153
February 1, 2015 at 17:50:36
"Wise Registry Cleaner does not seem to be cleaning all the issues it finds"
Yep, that's normal.

Wise has 1 defrag tool in each program.

Run registry defrag first.


Report •

#154
February 1, 2015 at 19:14:50
Okay done.

I should have mentioned I was also able to get a windows disk defrag to run earlier today.


Report •

#155
February 1, 2015 at 19:24:24
"Okay done"
Back to your friend then & see how it goes.
I think, it should be Ok.

Report •

#156
February 1, 2015 at 19:39:40
Okay thanks very much for all your help John.

Report •

#157
February 1, 2015 at 21:12:20
A noble effort both of you.

Always pop back and let us know the outcome - thanks


Report •

#158
February 1, 2015 at 21:19:44
Thanks folks.

Are you up early Derek, or late to bed.


Report •

#159
February 1, 2015 at 21:26:51
John

Nasty cold, couldn't sleep - will give it another go shortly.

Always pop back and let us know the outcome - thanks


Report •

#160
February 1, 2015 at 21:31:35
I'm going to shut down, big electrical storm has just rolled in.

Report •


Ask Question