[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

Hi, I am checking in from my house now. I can't get back to my father's until tomorrow.

 

The browser Delta does not appear to be causing any problem that I can identify, but it is still listed as a browser option on his computer. If it won't cause a problem, I don't care if it stays.

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

While waiting, I was attempting to set up my dad's home page to the way it was.  Delta Search still appears as an option.

 

 

 

 

I hate to say that I have to leave for the day. Please let me know if there are any additional steps to take, and I will address them tomorrow.

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

C:\Documents and Settings\John\Application Data\Zip Opener Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined

C:\Documents and Settings\John\Desktop\Deleted programs\Bad download\ZipOpenerSetup.exe Win32/InstallCore.BN application cleaned by deleting - quarantined

C:\RECYCLER\S-1-5-21-3612996564-50062554-1233501239-1006\Dc1.exe Win32/InstallCore.BN application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038751.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038752.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038753.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038757.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038763.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038764.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038767.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038772.dll probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038778.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038825.dll a variant of Win32/bProtector.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038826.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038827.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

Nope, it did not appear. Chrome came up fine.

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

Got this message trying to get on line:

 

Your preferences file is corrupt or invalid. Google Chrome is unable to recover your settings.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.0.9 (07.12.2013:2)

OS: Microsoft Windows XP x86

Ran by John on Mon 07/15/2013 at 12:43:53.85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 07/15/2013 at 12:49:34.90

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 12:51:06

# Updated 11/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : John - D6YLXJ91

# Boot Mode : Normal

# Running from : C:\Documents and Settings\John\Desktop\ADW\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.30] : keyword = "delta-search.com",

 

*************************

 

AdwCleaner[s1].txt - [4930 octets] - [15/07/2013 11:15:10]

AdwCleaner[s2].txt - [1321 octets] - [15/07/2013 12:51:06]

 

########## EOF - C:\AdwCleaner[s2].txt - [1381 octets] ##########

 

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

https://www.virustotal.com/en/file/bec4ebbf483a59dff94f0d1f9b556dc578c42d8a90010e635f98b08916acb3c9/analysis/1373905931/

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

Took quite some time, here you go.

 

ComboFix 13-07-15.01 - John 07/15/2013  11:58:55.1.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.319 [GMT -4:00]

Running from: c:\documents and settings\John\Desktop\Combo Fix\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\John\My Documents\~WRL0001.tmp

c:\documents and settings\John\My Documents\~WRL0002.tmp

c:\documents and settings\John\My Documents\~WRL0003.tmp

c:\documents and settings\John\My Documents\~WRL0004.tmp

c:\documents and settings\John\My Documents\~WRL1368.tmp

c:\documents and settings\John\My Documents\~WRL1537.tmp

c:\documents and settings\John\My Documents\~WRL3965.tmp

c:\documents and settings\John\My Documents\~WRL4003.tmp

c:\documents and settings\John\WINDOWS

C:\install.exe

c:\program files\Common Files\System\Uninstall

c:\program files\TotalRecipeSearch_14

c:\program files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe

c:\program files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll

c:\program files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))

.

.

2013-07-15 15:06 . 2013-07-15 15:06 -------- d-----w- c:\documents and settings\John\Application Data\Zip Opener Packages

2013-07-15 15:06 . 2013-07-15 15:06 -------- d-----w- c:\windows\system32\Extensions

2013-07-15 15:06 . 2013-07-15 15:06 -------- d-----w- c:\windows\system32\searchplugins

2013-07-15 14:54 . 2013-07-15 14:54 -------- d-----w- c:\windows\ERUNT

2013-07-11 17:45 . 2013-07-11 17:49 -------- d-----w- c:\program files\GUM8B.tmp

2013-07-11 16:42 . 2013-07-11 16:42 -------- d-----w- c:\documents and settings\John\Application Data\AVG2013

2013-07-11 16:40 . 2013-07-11 16:40 -------- d-----w- c:\documents and settings\John\Application Data\TuneUp Software

2013-07-11 16:38 . 2013-07-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013

2013-07-11 16:38 . 2013-07-11 16:38 -------- d-----w- C:\$AVG

2013-07-11 16:37 . 2013-07-11 16:51 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013

2013-07-11 16:37 . 2013-07-11 16:37 -------- d-----w- c:\program files\AVG

2013-07-11 16:31 . 2013-07-11 16:51 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Avg2013

2013-07-11 16:31 . 2013-07-11 16:31 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\MFAData

2013-07-11 16:28 . 2013-07-11 16:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2013-07-11 16:28 . 2013-07-15 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2013-07-11 16:28 . 2013-07-11 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MFAData

2013-07-11 16:28 . 2013-07-11 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2013

2013-07-10 17:29 . 2013-07-10 17:29 -------- d-----w- C:\160606050a1b0580f6448f982ec53e

2013-07-10 16:56 . 2013-07-10 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2013-06-26 15:20 . 2013-06-26 15:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-10 16:56 . 2012-04-05 18:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-10 16:56 . 2011-05-16 21:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-14 14:09 . 2013-05-15 21:09 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-06-08 03:55 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec

2013-06-07 21:56 . 2004-08-10 18:51 920064 ----a-w- c:\windows\system32\wininet.dll

2013-06-07 21:56 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-07 21:56 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-06-04 07:23 . 2004-08-10 18:51 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40 . 2004-08-10 18:51 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-05-09 04:28 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\wmvdecod.dll

2013-05-03 01:26 . 2004-08-10 18:51 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-03 00:38 . 2004-08-04 04:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe

2008-06-07 22:06 . 2008-06-07 22:06 27024112 ----a-w- c:\program files\PowerPointViewer.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]

"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-23 26112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-23 98304]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"EPSON Stylus CX7800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe -check [2006-2-23 156784]

initmou.exe [2003-11-18 36864]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5910:TCP"= 5910:TCP:vnc5910

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [3/29/2013 2:53 AM 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 182072]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-14 15:06 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:56]

.

2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-19 00:03]

.

2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-19 00:03]

.

2010-07-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 64.233.217.2 64.233.217.3

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Desktop Software - c:\program files\ComcastUI\Universal Installer\uinstaller.exe

HKLM-Run-NetscapeClient - (no file)

HKLM-Run-TotalRecipeSearch Search Scope Monitor - c:\progra~1\TOTALR~2\bar\1.bin\14srchmn.exe

HKLM-Run-TotalRecipeSearch_14 Browser Plugin Loader - c:\progra~1\TOTALR~2\bar\1.bin\14brmon.exe

AddRemove-DSite - c:\documents and settings\John\Application Data\DSite\UpdateProc\UpdateTask.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-07-15 12:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-07-15  12:15:25

ComboFix-quarantined-files.txt  2013-07-15 16:15

.

Pre-Run: 59,100,991,488 bytes free

Post-Run: 61,517,570,048 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 42686A5F6BBD0B3F5C229EFC4A9B290B

91722E6BC3A2B40FF00222DCA4A3DB3E

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

Something went strange. I have the reports for Junkware removal and AdwCleaner, but when I went back on line to download ComboFix, my dad's home page went from Wide Open West to something called Delta search. The first reports are listed below. I'll wait before I proceed.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.0.9 (07.12.2013:2)

OS: Microsoft Windows XP x86

Ran by John on Mon 07/15/2013 at 10:54:52.65

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] totalrecipesearch_14service 

Successfully deleted: [service] totalrecipesearch_14service 

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{03f3147c-cea6-4aae-b0ae-8d8abe7a8080}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{13119113-0854-469d-807a-171568457991}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{2502086b-5a46-4d05-8d5b-a1e77ab8bb32}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33119133-0854-469d-807a-171568457991}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{396a4e14-83e7-4941-b0d9-b598e1b97197}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{76f3207c-3a0a-461b-b958-5653c5718243}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{895f3dbd-2484-4a14-a0ea-c3252ebb0ff7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8c4b563e-52a1-4a10-b700-f8bf1cd7b726}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{96b8a0ef-0d9d-4a92-b548-376db4bbb58b}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9e5c950c-93f2-46b4-a47e-8450fff4d841}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a0154e07-2b48-475c-a82a-80efd84ea33e}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a4503ec3-1111-4b62-8f46-0d88508f8a7b}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a9c524bf-4044-402a-aa00-8c3b3da86125}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ab56dfde-0c14-45b3-9df6-7b0eba617870}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b38fbaed-ded1-4ba6-ba2e-f2515fd49442}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b5ede79d-b004-47dd-93f9-152b0d145914}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d0690e53-168c-4632-99b2-5700228f760f}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{23119123-0854-469d-807a-171568457991}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{03119103-0854-469d-807a-171568457991}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\internet explorer\menuext\&search

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{fd79f359-e577-46db-aa74-d6e6b8b45ba8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2724386

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"

Successfully deleted: [Folder] "C:\Program Files\recipehub_2jei"

Failed to delete: [Folder] "C:\Program Files\totalrecipesearch_14"

Successfully deleted: [Folder] "C:\Program Files\viewpoint"

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 07/15/2013 at 11:00:20.28

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 11:15:10

# Updated 11/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : John - D6YLXJ91

# Boot Mode : Normal

# Running from : C:\Documents and Settings\John\Desktop\ADWCleaner\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : BrowserDefendert

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\BrowserDefender

Deleted on reboot : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data

File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\John\Application Data\BabSolution

Folder Deleted : C:\Documents and Settings\John\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\John\Application Data\DSite

Folder Deleted : C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender

 

***** [Registry] *****

 

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll

Key Deleted : HKCU\Software\5c2ddd1e238b845

Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKLM\SOFTWARE\5c2ddd1e238b845

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKU\S-1-5-21-3612996564-50062554-1233501239-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [4801 octets] - [15/07/2013 11:15:10]

 

########## EOF - C:\AdwCleaner[s1].txt - [4861 octets] ##########

 

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

These do not show up in the add/remove program

 

 

TotalRecipeSearch Toolbar
Viewpoint Media Player

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

Thank you for your time Borislav. The requested files are below:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702

Run by John at 10:27:02 on 2013-07-15

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.329 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - c:\program files\totalrecipesearch_14\bar\1.bin\14SrcAs.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Toolbar BHO: {ab56dfde-0c14-45b3-9df6-7b0eba617870} - c:\program files\totalrecipesearch_14\bar\1.bin\14bar.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Search Assistant BHO: {df22384f-cf68-4d19-969f-10423715528b} - c:\program files\totalrecipesearch_14\bar\1.bin\14SrcAs.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - c:\program files\totalrecipesearch_14\bar\1.bin\14bar.dll

EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /M "Stylus CX7800" /EF "HKCU"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe"  /ini "uinstaller.ini" /fromrun /starthidden

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [NetscapeClient] <no file>

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\initmou.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Search - http://tbedits.totalrecipesearch.com/one-toolbaredits/menusearch.jhtml?s=100000459&p=YKxdm002YYus&si=CMCR8KnhmbACFUFo4AodxjhRZA&a=1F579D74-37B5-4384-9B7C-748946EBC73D&n=2012052416

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 64.233.217.2 64.233.217.3

TCP: Interfaces\{1199D2D5-FC13-4150-BD44-799933FD9962} : DHCPNameServer = 64.233.217.2 64.233.217.3

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]

S2 TotalRecipeSearch_14Service;TotalRecipeSearchService;c:\progra~1\totalr~2\bar\1.bin\14barsvc.exe [2012-5-24 42504]

.

=============== Created Last 30 ================

.

2013-07-11 17:45:51 -------- d-----w- c:\program files\GUM8B.tmp

2013-07-11 16:42:03 -------- d-----w- c:\documents and settings\john\application data\AVG2013

2013-07-11 16:40:14 -------- d-----w- c:\documents and settings\john\application data\TuneUp Software

2013-07-11 16:38:55 -------- d--h--w- C:\$AVG

2013-07-11 16:38:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2013

2013-07-11 16:37:32 -------- d-----w- c:\program files\AVG

2013-07-11 16:31:12 -------- d-----w- c:\documents and settings\john\local settings\application data\MFAData

2013-07-11 16:31:12 -------- d-----w- c:\documents and settings\john\local settings\application data\Avg2013

2013-07-11 16:28:41 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2013-07-11 16:28:40 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2013-07-10 17:29:39 -------- d-----w- C:\160606050a1b0580f6448f982ec53e

.

==================== Find3M  ====================

.

2013-07-10 16:56:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-10 16:56:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-14 14:09:51 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec

2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll

2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-05-09 04:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll

2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe

2008-06-07 22:06:36 27024112 ----a-w- c:\program files\PowerPointViewer.exe

.

============= FINISH: 10:28:02.39 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 1/15/2008 7:33:29 PM

System Uptime: 7/15/2013 10:07:31 AM (0 hours ago)

.

Motherboard: Dell Computer Corp. |  | 0WF887

Processor:                 Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 71 GiB total, 55.264 GiB free.

D: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP269: 4/19/2013 1:05:28 PM - System Checkpoint

RP270: 4/20/2013 3:33:15 PM - System Checkpoint

RP271: 4/21/2013 3:56:41 PM - System Checkpoint

RP272: 4/22/2013 4:17:51 PM - System Checkpoint

RP273: 4/23/2013 8:22:44 PM - System Checkpoint

RP274: 4/25/2013 10:39:45 AM - System Checkpoint

RP275: 5/10/2013 9:58:35 AM - System Checkpoint

RP276: 5/15/2013 5:08:22 PM - Software Distribution Service 3.0

RP277: 5/24/2013 8:40:51 AM - System Checkpoint

RP278: 6/12/2013 8:54:25 AM - Software Distribution Service 3.0

RP279: 6/23/2013 10:24:25 AM - System Checkpoint

RP280: 6/26/2013 1:43:11 PM - System Checkpoint

RP281: 7/10/2013 1:28:23 PM - Software Distribution Service 3.0

RP282: 7/10/2013 6:43:01 PM - Software Distribution Service 3.0

RP283: 7/11/2013 12:37:30 PM - Installed AVG 2013

RP284: 7/11/2013 12:38:18 PM - Installed AVG 2013

RP285: 7/14/2013 1:52:27 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.0.9

America Online (Choose which version to remove)

AOL Coach Version 1.0(Build:20040229.1 en)

AOL Connectivity Services

AOLIcon

ArcSoft PhotoImpression 5

AVG 2013

AVS DVDMenu Editor 1.2.1.19

AVS Video Tools 5.6

Critical Update for Windows Media Player 11 (KB959772)

CrossLoop 2.70

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Media Experience

Dell Support 3.1

Dell System Restore

Digital Content Portal

EducateU

ELIcon

EPSON CX 7800 Guide

EPSON Printer Software

EPSON Scan

ffdshow [rev 2527] [2008-12-19]

Google

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® 537EP V9x DF PCI Modem

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Java 2 Runtime Environment, SE v1.4.2_03

Learn2 Player (Uninstall Only)

Malwarebytes Anti-Malware version 1.75.0.1300

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 6.3

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Professional

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Modem Event Monitor

Modem On Hold

MSN

Photo Click

Photo Notifier and Animation Creator

PowerDVD 5.5

QuickTime

RealPlayer Basic

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SmoothingSetup

Spybot - Search & Destroy

TotalRecipeSearch Toolbar

Tuner Internet Update Application

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

Vivitar Experience Image Manager

WebFldrs XP

Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

7/14/2013 10:55:07 AM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

7/11/2013 11:56:06 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm

7/11/2013 11:54:51 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/11/2013 11:47:52 AM, error: Service Control Manager [7034]  - The McAfee Security Scan Component Host Service service terminated unexpectedly.  It has done this 1 time(s).

7/10/2013 6:34:35 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde

7/10/2013 6:34:31 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.

7/10/2013 3:34:27 PM, error: Service Control Manager [7034]  - The PC Tools AntiVirus Engine service terminated unexpectedly.  It has done this 1 time(s).

.

==== End Of File ===========================

 

 

 

 

 

 

[Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues]

Dell, Windows XP Home Edition/SP 3

 

 

My father has managed to get compromised by the Trojan.Ransom.FMS, the Trojan.BHO and Rogue.A360Antivirus. Also something called 47 Search Engines created two additional tabs when he opens his browser to the home page.

 

 

 Malwarebytes managed to locate and quarantine the Trojans and rogue issues, but not completely eliminate them. On starting the computer, while his shortcut icons are populating the desktop, I can see what looks like a DOS screen flash briefly on and off. The same appears at shutdown. 

 

Additional symptoms:

 

Slow to open programs

 

Takes longer to shut down

 

Pop out menus slow to open, or don’t get populated

 

 

I will be going to his house to apply your recommendations, so there may be a delay in an immediate response.

 

Thank you for your help.

 

 

 

Malwarebytes Log:

 

 

www.malwarebytes.org

 

Database version: v2013.07.14.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

John :: D6YLXJ91 [administrator]

 

7/14/2013 11:59:42 AM

mbam-log-2013-07-14 (11-59-42).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 270971

Time elapsed: 1 hour(s), 12 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

 

 

HijackThis Log:

 

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 11:40:43 AM, on 7/14/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

 

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\John\My Documents\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Toolbar BHO - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~1\TOTALR~2\bar\1.bin\14bar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Search Assistant BHO - {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe

O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P35 "EPSON Stylus CX7800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX7800"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /M "Stylus CX7800" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe"  /ini "uinstaller.ini" /fromrun /starthidden

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: initmou.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://tbedits.totalrecipesearch.com/one-toolbaredits/menusearch.jhtml?s=100000459&p=YKxdm002YYus&si=CMCR8KnhmbACFUFo4AodxjhRZA&a=1F579D74-37B5-4384-9B7C-748946EBC73D&n=2012052416

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366405281671

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: TotalRecipeSearchService (TotalRecipeSearch_14Service) - COMPANYVERS_NAME - C:\PROGRA~1\TOTALR~2\bar\1.bin\14barsvc.exe

 

--

End of file - 9419 bytes