How do I permanently remove adware?

[farmerjohn1324]

ComboFix 14-08-26.02 - Liquid 08/27/2014 20:48:29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.138 [GMT -7:00]
Running from: c:\documents and settings\Liquid\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Liquid\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG\AWL\AvgRep.xml
c:\documents and settings\All Users\Application Data\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgMan.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgManagerCache.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUTuningIndex.10.2.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUProgRating.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUReportData.10.tudb
c:\documents and settings\Liquid\Application Data\AVG
c:\documents and settings\Liquid\Application Data\AVG\AWL2014\Dashboard\IntegratorStates_en-US.xml
c:\documents and settings\Liquid\Local Settings\Application Data\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclick.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclickstarter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\settingcenter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tuinstallhelper.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tumessages.log
c:\documents and settings\LocalService\Application Data\AVG
c:\documents and settings\LocalService\Local Settings\Application Data\AVG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSDRIVERL
-------\Legacy_AVGIDSHX
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_UPDATERSVCFOCUSBASE
-------\Service_cerc6
-------\Service_UpdaterSvcfocusbase
.
.
((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-28 )))))))))))))))))))))))))))))))
.
.
2014-08-28 00:07 . 2014-08-28 00:07 -------- d-----w- c:\documents and settings\Liquid\Application Data\Rainmeter
2014-08-28 00:06 . 2014-08-28 00:07 -------- d-----w- c:\program files\Rainmeter
2014-08-27 05:49 . 2014-08-27 05:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 05:39 . 2014-05-12 14:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 05:39 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 05:39 . 2014-08-27 05:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-27 05:39 . 2014-08-27 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-27 01:06 . 2014-08-27 01:06 -------- d-----w- c:\windows\ERUNT
2014-08-27 01:04 . 2014-08-27 03:30 -------- d-----w- c:\documents and settings\Administrator
2014-08-26 14:54 . 2014-08-26 14:57 -------- d-----w- c:\program files\ophcrack
2014-08-26 00:17 . 2014-08-26 00:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Temp
2014-08-26 00:02 . 2014-08-26 00:02 -------- d-----w- c:\documents and settings\Liquid\Application Data\AVAST Software
2014-08-25 23:52 . 2014-08-25 23:52 -------- d-----w- c:\windows\jumpshot.com
2014-08-25 23:49 . 2014-08-25 23:47 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-25 23:49 . 2014-08-25 23:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-25 23:49 . 2014-08-25 23:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-25 23:49 . 2014-08-26 02:55 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-25 23:49 . 2014-08-25 23:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-25 23:49 . 2014-08-25 23:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-25 23:49 . 2014-08-25 23:47 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-25 23:49 . 2014-08-25 23:47 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-25 23:48 . 2014-08-25 23:47 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-25 23:47 . 2014-08-25 23:47 43152 ----a-w- c:\windows\avastSS.scr
2014-08-25 23:33 . 2014-08-25 23:33 -------- d-----w- c:\program files\AVAST Software
2014-08-25 22:51 . 2014-08-25 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-08-25 20:32 . 2014-08-25 20:41 -------- d-----w- C:\AdwCleaner
2014-08-24 14:37 . 2014-08-25 05:47 -------- d-----w- c:\documents and settings\Liquid\Application Data\vlc
2014-08-24 14:30 . 2014-08-24 14:36 -------- d-----w- c:\program files\WhoCrashed
2014-08-24 14:04 . 2014-08-24 14:04 -------- d-----w- c:\program files\VideoLAN
2014-08-24 01:16 . 2014-08-24 01:18 -------- d-----w- c:\program files\CCleaner
2014-08-23 14:59 . 2014-08-23 14:59 -------- d-----w- c:\windows\system32\MRT
2014-08-23 14:54 . 2014-08-23 14:55 -------- d-----w- C:\ac966342dac78647c83a26741a
2014-08-23 05:08 . 2014-08-23 05:08 -------- d-----w- c:\documents and settings\Liquid\Application Data\TuneUp Software
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software Solutions
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software
2014-08-23 04:30 . 2014-08-23 04:30 -------- d-----w- c:\program files\Common Files\Insight Software Solutions
2014-08-23 04:29 . 2014-08-23 04:33 -------- d-----w- c:\program files\Macro Express3
2014-08-23 02:48 . 2014-08-23 02:48 -------- d-sh--w- c:\documents and settings\Liquid\PrivacIE
2014-08-23 02:18 . 2014-08-23 02:18 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\SmartFTP
2014-08-23 02:09 . 2014-08-23 02:09 -------- d-----w- c:\documents and settings\Liquid\Application Data\SmartFTP
2014-08-23 02:08 . 2014-08-23 02:08 -------- d-----w- c:\program files\SmartFTP Client
2014-08-17 12:02 . 2014-08-24 01:42 -------- d-----w- c:\program files\Google
2014-08-17 11:48 . 2014-08-23 02:50 -------- d-----w- c:\documents and settings\Liquid\Application Data\CoffeeCup Software
2014-08-04 14:49 . 2014-08-04 14:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-04 14:47 . 2014-08-04 14:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-08-04 14:45 . 2014-08-04 14:47 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\AOL
2014-08-01 08:59 . 2014-08-01 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacksSetup
2014-08-01 08:58 . 2014-08-01 08:58 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Bluestacks
2014-07-30 10:17 . 2014-07-30 10:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Skype
2014-07-30 10:16 . 2014-08-28 03:16 -------- d-----w- c:\documents and settings\Liquid\Application Data\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----w- c:\program files\Common Files\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----r- c:\program files\Skype
2014-07-30 10:13 . 2014-07-30 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 17:25 . 2014-07-03 17:07 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-03 17:25 . 2014-07-03 17:07 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-25 23:46 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-25 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/25/2014 4:49 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/25/2014 4:49 PM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/25/2014 4:49 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [8/25/2014 4:49 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/25/2014 4:49 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/25/2014 4:49 PM 67824]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/3/2014 8:21 PM 315008]
S3 cpuz134;cpuz134;\??\c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [7/3/2014 9:44 AM 1034240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-24 01:42 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25 23:46]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-27 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\WININET.dll
c:\windows\system32\PROPSYS.dll
c:\windows\system32\MSVCP120.dll
c:\windows\system32\MSVCR120.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-08-27 21:18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-28 04:17
ComboFix2.txt 2014-08-27 21:57
.
Pre-Run: 3,859,091,456 bytes free
Post-Run: 3,789,139,968 bytes free
.
- - End Of File - - 249C1C39EBA6AD82F479AF3549874F27
8F558EB6672622401DA993E1E865C861

 

[johnb35]

Hows the system running now?

 

[farmerjohn1324]

Browser still freezes from time to time, but I'll give it a day or so to see how it improves.

 

[johnb35]

What browser do you use?

Please download and run the following program.

http://filehippo.com/download_ccleaner/download/59aa7b1c8d6d4dee95b236d2b04bed34/

Download and install, then open the program, don't change any options and click on run cleaner.

Then please download and run this.

http://www.bleepingcomputer.com/download/tfc/dl/92/

Open program and click on start. Computer will most likely need to be rebooted when it has finished. Let me know how system is reacting after running these 2 programs. We may also have to reset your browser after you tell me which one you use.

 

[farmerjohn1324]

I use Google Chrome. I had been using Firefox and it had the same problems. I am downloading those files now. Do you think my lack of RAM could be causing these problems?

 

[spirit]

I use Google Chrome. I had been using Firefox and it had the same problems. I am downloading those files now. Do you think my lack of RAM could be causing these problems?

Google Chrome is a bit RAM hungry - how much RAM do you have?

It could also be slow because of stuff left over from the infections.

 

[johnb35]

I use Google Chrome. I had been using Firefox and it had the same problems. I am downloading those files now. Do you think my lack of RAM could be causing these problems?

It's a combination of your ram and the processor, but mostly lack of ram. As I said before, its time for a new machine.

Google Chrome is a bit RAM hungry - how much RAM do you have?

It could also be slow because of stuff left over from the infections.

He runs XP on 512mb of ram and a single core celeron at 1.7 ghz. He needs a new machine. He can only upgrade to 1gb of ram but it won't really help.

 

[voyagerfan99]

google chrome is a bit ram hungry - how much ram do you have?

512mb

 

[spirit]

IHe runs XP on 512mb of ram and a single core celeron at 1.7 ghz. He needs a new machine. He can only upgrade to 1gb of ram but it won't really help.

Well there's your problem.

 

[farmerjohn1324]

I ran those last two programs. Why would it not help me to upgrade to 1gb of RAM? This would nearly double it from 512mb.

I created a youtube channel to show my computers problems, it is at...

https://www.youtube.com/channel/UCwXZ7IacqX_4g_0U7o5m4Gw/videos

 

[farmerjohn1324]

Is there anything else I can do to try to make it run better? Freeing up hard drive space? Any way to free up RAM?

 

[spirit]

Try completely reinstalling Windows.

 

[aldan]

you really need a new pc.trust me i had a 2.8ghz single core celeron with 2gb of ram and i dont know how i put up with it as long as i did.its old hardware and its painfully slow.if a new machine isnt in the budget there are a lot of inexpensive older systems a lot better than yours out there.we purchased an old e2100 dual core with 4gb of ddr2 ram for $100.runs perfectly with win7 and not a problem in 2 years.

 

[farmerjohn1324]

Where would I get an older system like that for $100?

 

[voyagerfan99]

Where would I get an older system like that for $100?

How about $200?

http://www.newegg.com/Product/Produ...ell_latitude_e6400-_-9SIA5WM1XG2868-_-Product

I love Dell Latitude's and always recommend them.

Or up your budget even more and you can get a laptop like mine

http://www.newegg.com/Product/Produ...re=dell_latitude_e6420-_-34-300-729-_-Product

 

[farmerjohn1324]

Did anyone look at that youtube channel on one of my previous posts? Are all of these problems caused by lack of RAM? The same thing happened with Firefox.

And what about when it says "connected," and then the browser says "can't connect."
What is going on there?

 

[voyagerfan99]

Did anyone look at that youtube channel on one of my previous posts?

What YouTube channel? I didn't see you post a video.

 

[spirit]

How about $200?

http://www.newegg.com/Product/Produ...ell_latitude_e6400-_-9SIA5WM1XG2868-_-Product

I love Dell Latitude's and always recommend them.

Or up your budget even more and you can get a laptop like mine

http://www.newegg.com/Product/Produ...re=dell_latitude_e6420-_-34-300-729-_-Product

This.

Or you could get a nice ThinkPad T410 with an i5 and 4GB of RAM: http://www.newegg.com/Product/Produ...e=refurbished_thinkpad-_-34-313-642-_-Product

I love my ThinkPad and would recommend them. The Dells are excellent too.

You don't need to spend a crazy amount of money in order to get a nice upgrade from your machine because practically anything made within the past 6 or 7 years is faster - which is the good thing about hanging onto an old machine for so long, I guess.

 

[voyagerfan99]

I wouldn't get a T410. I had one at work and that thing ran HOT HOT HOT! I like Thinkpads, but definitely not that one.

 

[johnb35]

Did anyone look at that youtube channel on one of my previous posts? Are all of these problems caused by lack of RAM? The same thing happened with Firefox.

And what about when it says "connected," and then the browser says "can't connect."
What is going on there?

The reason being is that XP can't differentiate between being connected to router and actually being connected to internet.

Without having to buy a new system then your only hope to resurrect this machine is just to reinstall windows, that alone should help. I really wouldn't put any more money into this system as its old and very low end. If it had better specs and could hold more memory I would say yes but its not really gonna help to add another mb of memory.