Jump to content

Ransom.FMS, Trojan.BHO, Rogue.A360Antivirus quarantined but still have issues


Recommended Posts

Dell, Windows XP Home Edition/SP 3

 

 

My father has managed to get compromised by the Trojan.Ransom.FMS, the Trojan.BHO and Rogue.A360Antivirus. Also something called 47 Search Engines created two additional tabs when he opens his browser to the home page.

 

 

 Malwarebytes managed to locate and quarantine the Trojans and rogue issues, but not completely eliminate them. On starting the computer, while his shortcut icons are populating the desktop, I can see what looks like a DOS screen flash briefly on and off. The same appears at shutdown. 

 

Additional symptoms:

 

Slow to open programs

 

Takes longer to shut down

 

Pop out menus slow to open, or don’t get populated

 

 

I will be going to his house to apply your recommendations, so there may be a delay in an immediate response.

 

Thank you for your help.

 

 

 

Malwarebytes Log:

 

 

www.malwarebytes.org

 

Database version: v2013.07.14.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

John :: D6YLXJ91 [administrator]

 

7/14/2013 11:59:42 AM

mbam-log-2013-07-14 (11-59-42).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 270971

Time elapsed: 1 hour(s), 12 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

 

 

HijackThis Log:

 

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 11:40:43 AM, on 7/14/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

 

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\John\My Documents\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Toolbar BHO - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~1\TOTALR~2\bar\1.bin\14bar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Search Assistant BHO - {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [TotalRecipeSearch Search Scope Monitor] "C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe

O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P35 "EPSON Stylus CX7800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX7800"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /M "Stylus CX7800" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe"  /ini "uinstaller.ini" /fromrun /starthidden

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: initmou.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://tbedits.totalrecipesearch.com/one-toolbaredits/menusearch.jhtml?s=100000459&p=YKxdm002YYus&si=CMCR8KnhmbACFUFo4AodxjhRZA&a=1F579D74-37B5-4384-9B7C-748946EBC73D&n=2012052416

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1366405281671

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: TotalRecipeSearchService (TotalRecipeSearch_14Service) - COMPANYVERS_NAME - C:\PROGRA~1\TOTALR~2\bar\1.bin\14barsvc.exe

 

--

End of file - 9419 bytes

Link to post
Share on other sites

Hello threadly and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thank you for your time Borislav. The requested files are below:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by John at 10:27:02 on 2013-07-15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.329 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - c:\program files\totalrecipesearch_14\bar\1.bin\14SrcAs.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Toolbar BHO: {ab56dfde-0c14-45b3-9df6-7b0eba617870} - c:\program files\totalrecipesearch_14\bar\1.bin\14bar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Search Assistant BHO: {df22384f-cf68-4d19-969f-10423715528b} - c:\program files\totalrecipesearch_14\bar\1.bin\14SrcAs.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: TotalRecipeSearch: {a0154e07-2b48-475c-a82a-80efd84ea33e} - c:\program files\totalrecipesearch_14\bar\1.bin\14bar.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /M "Stylus CX7800" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe"  /ini "uinstaller.ini" /fromrun /starthidden
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NetscapeClient] <no file>
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\initmou.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 64.233.217.2 64.233.217.3
TCP: Interfaces\{1199D2D5-FC13-4150-BD44-799933FD9962} : DHCPNameServer = 64.233.217.2 64.233.217.3
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
S2 TotalRecipeSearch_14Service;TotalRecipeSearchService;c:\progra~1\totalr~2\bar\1.bin\14barsvc.exe [2012-5-24 42504]
.
=============== Created Last 30 ================
.
2013-07-11 17:45:51 -------- d-----w- c:\program files\GUM8B.tmp
2013-07-11 16:42:03 -------- d-----w- c:\documents and settings\john\application data\AVG2013
2013-07-11 16:40:14 -------- d-----w- c:\documents and settings\john\application data\TuneUp Software
2013-07-11 16:38:55 -------- d--h--w- C:\$AVG
2013-07-11 16:38:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-07-11 16:37:32 -------- d-----w- c:\program files\AVG
2013-07-11 16:31:12 -------- d-----w- c:\documents and settings\john\local settings\application data\MFAData
2013-07-11 16:31:12 -------- d-----w- c:\documents and settings\john\local settings\application data\Avg2013
2013-07-11 16:28:41 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-07-11 16:28:40 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-07-10 17:29:39 -------- d-----w- C:\160606050a1b0580f6448f982ec53e
.
==================== Find3M  ====================
.
2013-07-10 16:56:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-10 16:56:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-14 14:09:51 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 04:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-06-07 22:06:36 27024112 ----a-w- c:\program files\PowerPointViewer.exe
.
============= FINISH: 10:28:02.39 ===============
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/15/2008 7:33:29 PM
System Uptime: 7/15/2013 10:07:31 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0WF887
Processor:                 Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 55.264 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP269: 4/19/2013 1:05:28 PM - System Checkpoint
RP270: 4/20/2013 3:33:15 PM - System Checkpoint
RP271: 4/21/2013 3:56:41 PM - System Checkpoint
RP272: 4/22/2013 4:17:51 PM - System Checkpoint
RP273: 4/23/2013 8:22:44 PM - System Checkpoint
RP274: 4/25/2013 10:39:45 AM - System Checkpoint
RP275: 5/10/2013 9:58:35 AM - System Checkpoint
RP276: 5/15/2013 5:08:22 PM - Software Distribution Service 3.0
RP277: 5/24/2013 8:40:51 AM - System Checkpoint
RP278: 6/12/2013 8:54:25 AM - Software Distribution Service 3.0
RP279: 6/23/2013 10:24:25 AM - System Checkpoint
RP280: 6/26/2013 1:43:11 PM - System Checkpoint
RP281: 7/10/2013 1:28:23 PM - Software Distribution Service 3.0
RP282: 7/10/2013 6:43:01 PM - Software Distribution Service 3.0
RP283: 7/11/2013 12:37:30 PM - Installed AVG 2013
RP284: 7/11/2013 12:38:18 PM - Installed AVG 2013
RP285: 7/14/2013 1:52:27 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
ArcSoft PhotoImpression 5
AVG 2013
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.70
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 3.1
Dell System Restore
Digital Content Portal
EducateU
ELIcon
EPSON CX 7800 Guide
EPSON Printer Software
EPSON Scan
ffdshow [rev 2527] [2008-12-19]
Google
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.75.0.1300
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Modem Event Monitor
Modem On Hold
MSN
Photo Click
Photo Notifier and Animation Creator
PowerDVD 5.5
QuickTime
RealPlayer Basic
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmoothingSetup
Spybot - Search & Destroy
TotalRecipeSearch Toolbar
Tuner Internet Update Application
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Vivitar Experience Image Manager
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/14/2013 10:55:07 AM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
7/11/2013 11:56:06 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm
7/11/2013 11:54:51 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2013 11:47:52 AM, error: Service Control Manager [7034]  - The McAfee Security Scan Component Host Service service terminated unexpectedly.  It has done this 1 time(s).
7/10/2013 6:34:35 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde
7/10/2013 6:34:31 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
7/10/2013 3:34:27 PM, error: Service Control Manager [7034]  - The PC Tools AntiVirus Engine service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 
 
 
 
 
 
Link to post
Share on other sites

Step 1

Please uninstall the following applications:

TotalRecipeSearch Toolbar

Viewpoint Media Player

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • ComboFix log
Link to post
Share on other sites

Something went strange. I have the reports for Junkware removal and AdwCleaner, but when I went back on line to download ComboFix, my dad's home page went from Wide Open West to something called Delta search. The first reports are listed below. I'll wait before I proceed.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Microsoft Windows XP x86
Ran by John on Mon 07/15/2013 at 10:54:52.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] totalrecipesearch_14service 
Successfully deleted: [service] totalrecipesearch_14service 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{03f3147c-cea6-4aae-b0ae-8d8abe7a8080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{13119113-0854-469d-807a-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{2502086b-5a46-4d05-8d5b-a1e77ab8bb32}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33119133-0854-469d-807a-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{396a4e14-83e7-4941-b0d9-b598e1b97197}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{76f3207c-3a0a-461b-b958-5653c5718243}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{895f3dbd-2484-4a14-a0ea-c3252ebb0ff7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8c4b563e-52a1-4a10-b700-f8bf1cd7b726}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{96b8a0ef-0d9d-4a92-b548-376db4bbb58b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9e5c950c-93f2-46b4-a47e-8450fff4d841}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a0154e07-2b48-475c-a82a-80efd84ea33e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a4503ec3-1111-4b62-8f46-0d88508f8a7b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{a9c524bf-4044-402a-aa00-8c3b3da86125}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{ab56dfde-0c14-45b3-9df6-7b0eba617870}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b38fbaed-ded1-4ba6-ba2e-f2515fd49442}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{b5ede79d-b004-47dd-93f9-152b0d145914}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d0690e53-168c-4632-99b2-5700228f760f}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{23119123-0854-469d-807a-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{03119103-0854-469d-807a-171568457991}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\internet explorer\menuext\&search
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{fd79f359-e577-46db-aa74-d6e6b8b45ba8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2724386
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\recipehub_2jei"
Failed to delete: [Folder] "C:\Program Files\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/15/2013 at 11:00:20.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v2.305 - Logfile created 07/15/2013 at 11:15:10
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : John - D6YLXJ91
# Boot Mode : Normal
# Running from : C:\Documents and Settings\John\Desktop\ADWCleaner\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
Stopped & Deleted : BrowserDefendert
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\All Users\Application Data\BrowserDefender
Deleted on reboot : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\John\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\John\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\John\Application Data\DSite
Folder Deleted : C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\5c2ddd1e238b845
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\5c2ddd1e238b845
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\S-1-5-21-3612996564-50062554-1233501239-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[s1].txt - [4801 octets] - [15/07/2013 11:15:10]
 
########## EOF - C:\AdwCleaner[s1].txt - [4861 octets] ##########
 
Link to post
Share on other sites

Took quite some time, here you go.

 

ComboFix 13-07-15.01 - John 07/15/2013  11:58:55.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.319 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\Combo Fix\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\John\My Documents\~WRL0001.tmp
c:\documents and settings\John\My Documents\~WRL0002.tmp
c:\documents and settings\John\My Documents\~WRL0003.tmp
c:\documents and settings\John\My Documents\~WRL0004.tmp
c:\documents and settings\John\My Documents\~WRL1368.tmp
c:\documents and settings\John\My Documents\~WRL1537.tmp
c:\documents and settings\John\My Documents\~WRL3965.tmp
c:\documents and settings\John\My Documents\~WRL4003.tmp
c:\documents and settings\John\WINDOWS
C:\install.exe
c:\program files\Common Files\System\Uninstall
c:\program files\TotalRecipeSearch_14
c:\program files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
c:\program files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll
c:\program files\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 15:06 . 2013-07-15 15:06 -------- d-----w- c:\documents and settings\John\Application Data\Zip Opener Packages
2013-07-15 15:06 . 2013-07-15 15:06 -------- d-----w- c:\windows\system32\Extensions
2013-07-15 15:06 . 2013-07-15 15:06 -------- d-----w- c:\windows\system32\searchplugins
2013-07-15 14:54 . 2013-07-15 14:54 -------- d-----w- c:\windows\ERUNT
2013-07-11 17:45 . 2013-07-11 17:49 -------- d-----w- c:\program files\GUM8B.tmp
2013-07-11 16:42 . 2013-07-11 16:42 -------- d-----w- c:\documents and settings\John\Application Data\AVG2013
2013-07-11 16:40 . 2013-07-11 16:40 -------- d-----w- c:\documents and settings\John\Application Data\TuneUp Software
2013-07-11 16:38 . 2013-07-11 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-07-11 16:38 . 2013-07-11 16:38 -------- d-----w- C:\$AVG
2013-07-11 16:37 . 2013-07-11 16:51 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
2013-07-11 16:37 . 2013-07-11 16:37 -------- d-----w- c:\program files\AVG
2013-07-11 16:31 . 2013-07-11 16:51 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Avg2013
2013-07-11 16:31 . 2013-07-11 16:31 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\MFAData
2013-07-11 16:28 . 2013-07-11 16:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-07-11 16:28 . 2013-07-15 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-07-11 16:28 . 2013-07-11 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MFAData
2013-07-11 16:28 . 2013-07-11 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2013
2013-07-10 17:29 . 2013-07-10 17:29 -------- d-----w- C:\160606050a1b0580f6448f982ec53e
2013-07-10 16:56 . 2013-07-10 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-06-26 15:20 . 2013-06-26 15:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 16:56 . 2012-04-05 18:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-10 16:56 . 2011-05-16 21:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-14 14:09 . 2013-05-15 21:09 8610696 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-08 03:55 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-10 18:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-10 18:51 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-10 18:51 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:26 . 2004-08-10 18:51 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-06-07 22:06 . 2008-06-07 22:06 27024112 ----a-w- c:\program files\PowerPointViewer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-02-23 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-23 98304]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"EPSON Stylus CX7800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe -check [2006-2-23 156784]
initmou.exe [2003-11-18 36864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [3/29/2013 2:53 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 182072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 15:06 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:56]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-19 00:03]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-19 00:03]
.
2010-07-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 19:46]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.233.217.2 64.233.217.3
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Desktop Software - c:\program files\ComcastUI\Universal Installer\uinstaller.exe
HKLM-Run-NetscapeClient - (no file)
HKLM-Run-TotalRecipeSearch Search Scope Monitor - c:\progra~1\TOTALR~2\bar\1.bin\14srchmn.exe
HKLM-Run-TotalRecipeSearch_14 Browser Plugin Loader - c:\progra~1\TOTALR~2\bar\1.bin\14brmon.exe
AddRemove-DSite - c:\documents and settings\John\Application Data\DSite\UpdateProc\UpdateTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-15 12:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-15  12:15:25
ComboFix-quarantined-files.txt  2013-07-15 16:15
.
Pre-Run: 59,100,991,488 bytes free
Post-Run: 61,517,570,048 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 42686A5F6BBD0B3F5C229EFC4A9B290B
91722E6BC3A2B40FF00222DCA4A3DB3E
Link to post
Share on other sites

Please upload the following file at www.virustotal.com :

c:\documents and settings\All Users\Start Menu\Programs\Startup\initmou.exe

Wait until scan finished and copy/paste the URL in your next reply. If you are asked about reanalyse the sameple, please confirm.

Thanks!

Link to post
Share on other sites

Got this message trying to get on line:

 

Your preferences file is corrupt or invalid. Google Chrome is unable to recover your settings.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Microsoft Windows XP x86
Ran by John on Mon 07/15/2013 at 12:43:53.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/15/2013 at 12:49:34.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v2.305 - Logfile created 07/15/2013 at 12:51:06
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : John - D6YLXJ91
# Boot Mode : Normal
# Running from : C:\Documents and Settings\John\Desktop\ADW\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.30] : keyword = "delta-search.com",
 
*************************
 
AdwCleaner[s1].txt - [4930 octets] - [15/07/2013 11:15:10]
AdwCleaner[s2].txt - [1321 octets] - [15/07/2013 12:51:06]
 
########## EOF - C:\AdwCleaner[s2].txt - [1381 octets] ##########
 
Link to post
Share on other sites

Good! :)

One last scan:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Documents and Settings\John\Application Data\Zip Opener Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined

C:\Documents and Settings\John\Desktop\Deleted programs\Bad download\ZipOpenerSetup.exe Win32/InstallCore.BN application cleaned by deleting - quarantined

C:\RECYCLER\S-1-5-21-3612996564-50062554-1233501239-1006\Dc1.exe Win32/InstallCore.BN application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038751.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038752.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038753.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038757.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038763.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038764.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038767.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038772.dll probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038778.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038825.dll a variant of Win32/bProtector.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038826.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0038827.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
Link to post
Share on other sites

While waiting, I was attempting to set up my dad's home page to the way it was.  Delta Search still appears as an option.

 

 

 

 

I hate to say that I have to leave for the day. Please let me know if there are any additional steps to take, and I will address them tomorrow.

Link to post
Share on other sites

Hi, I am checking in from my house now. I can't get back to my father's until tomorrow.

 
The browser Delta does not appear to be causing any problem that I can identify, but it is still listed as a browser option on his computer. If it won't cause a problem, I don't care if it stays.
cleardot.gif
Link to post
Share on other sites

If is option for a search engine at Google Chrome (log files indicate that is focuses mainly there):

https://support.google.com/chrome/answer/95653?hl=en

You could delete it.

If is a default web address at Google Chrome again:

https://support.google.com/chrome/answer/95314?hl=en

You could change it.

If you find anywhere at any browser, just let me know and I will find you information how to manual take care for it.

If there is no other problem, we should cleanup this mess.

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner

Step 4

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

That's all! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.