not sure if Trojan was totally cleaned

[dschalm9]

I've had some PUP's pop up lately.  (PUP.Optional.Tarma.A, PUP.Optional.InstallCore.A, PUP.Optional.Yontoo, and PUP.Optional.FastFreeConverter.A.)  There were two others that I now can't find any log file that mentions them.  Both were the same name except one ended in '-j' and the other ended in '-l' (lower case L).

 

Even after the cleaning I've still noticed some strange behavior on my computer.  It could be issues from elsewhere, a web site won't load which could be their problem but I've been unable to confirm this.  I get a software update message for Google Chrome on Avast! but I can't install it from there like I used to before.  These are a couple of the little annoyances I am running across.  I just need someone smarter than me to double check the DDS logs to see if there are any lingering problems I'm missing.

 

-----------------------------------------------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2

Run by Suzanne Peltier at 16:16:36 on 2013-08-26

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1534.1099 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Suzanne Peltier\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\ATT\8.3.1.7\ma\bin\node.exe

C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe

C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

mWindow Title = Microsoft Internet Explorer

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Connection Wizard,ShellNext = iexplore

BHO: AutorunsDisabled - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - 

BHO: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - <orphaned>

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\suzanne peltier\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{65751C55-359B-470E-9F78-D0410508B853} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{65751C55-359B-470E-9F78-D0410508B853} : DHCPNameServer = 192.168.1.254

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\suzanne peltier\application data\mozilla\firefox\profiles\sa02ec5u.default\

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\suzanne peltier\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\att\8.3.1.7\ma\bin\npMotive.dll

FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-1 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-1 175176]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-11 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-11 369584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-11 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-1 66336]

R2 ATT MAHostService;ATT MAHostService;c:\program files\att\8.3.1.7\ma\bin\MAHostService.exe [2013-7-3 321024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-11 46808]

R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-11-6 9216]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]

R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-9-6 248248]

R2 WDRulesService;WD Rules;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2012-6-14 1177536]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-12-27 11520]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-11-6 101376]

S4 iMSPQMn;iMSPQMn;c:\docume~1\suzann~1\locals~1\temp\iMSPQMn.sys [2004-5-23 15872]

S4 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2012-6-14 1151424]

.

=============== Created Last 30 ================

.

2013-07-28 18:46:22 -------- d-----w- c:\windows\system32\wbem\repository\FS

2013-07-28 18:46:22 -------- d-----w- c:\windows\system32\wbem\Repository

2013-07-28 18:45:51 -------- d-----w- c:\program files\FreeTorrentViewer

2013-07-28 18:45:38 -------- d-----w- c:\program files\OpenDNS Updater

.

==================== Find3M  ====================

.

2013-07-14 21:12:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-07-14 21:12:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-28 18:27:57 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-06-28 18:27:57 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-06-26 15:07:28 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-26 15:07:21 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-06-26 15:07:19 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-26 15:07:19 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-30 16:16:08 737280 ----a-w- c:\windows\iun6002.exe

2013-03-01 20:37:11 1678013 ----a-w- c:\program files\pc-decrapifier-2.3.1.exe

2012-06-19 18:11:23 1359824 ----a-w- c:\program files\pc-decrapifier-2.2.8.exe

2012-06-14 18:51:14 4557483 ------r- c:\program files\ComboFix.exe

1999-10-31 03:54:32 561152 ----a-w- c:\program files\Convert.exe

.

============= FINISH: 16:17:38.76 ===============

 

---------------------------------------------------------------------------------------------------------

the Anti-Virus was disabled only for this check.

 

----------------------------------------------------------------------------------------------------------

 

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 4/20/2005 3:02:33 PM

System Uptime: 8/26/2013 3:44:55 PM (1 hours ago)

.

Motherboard: Dell Computer Corp. |  | 0K8980

Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 72 GiB total, 32.498 GiB free.

D: is CDROM ()

E: is Removable

G: is FIXED (NTFS) - 1397 GiB total, 1316.095 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2708: 7/23/2013 7:53:25 AM - System Checkpoint

RP2709: 7/24/2013 12:29:41 PM - System Checkpoint

RP2710: 7/25/2013 1:21:54 PM - System Checkpoint

RP2711: 7/26/2013 12:14:31 PM - Spybot-S&D Spyware removal

RP2712: 7/28/2013 2:45:01 PM - Restore Operation

RP2713: 7/31/2013 10:49:48 AM - System Checkpoint

RP2714: 8/1/2013 11:03:07 AM - System Checkpoint

RP2715: 8/3/2013 1:26:50 AM - System Checkpoint

RP2716: 8/5/2013 12:13:55 PM - System Checkpoint

RP2717: 8/6/2013 12:37:03 PM - System Checkpoint

RP2718: 8/8/2013 2:26:47 PM - System Checkpoint

RP2719: 8/9/2013 12:47:21 PM - Spybot-S&D Spyware removal

RP2720: 8/10/2013 12:58:40 PM - System Checkpoint

RP2721: 8/19/2013 2:49:06 PM - System Checkpoint

RP2722: 8/20/2013 7:12:11 PM - System Checkpoint

RP2723: 8/23/2013 12:10:26 PM - System Checkpoint

RP2724: 8/25/2013 7:12:53 PM - System Checkpoint

.

==== Installed Programs ======================

.

1888 Jigsaw Picture Puzzle Game 1.0

32 Bit HP CIO Components Installer

7-Zip 9.22beta

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Illustrator CS2

Adobe Photoshop CS2

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 12.0

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

Adobe Type Manager 4.1

AIO_Scan

AM-DeadLink 4.6

Amazing Adventures The Lost Tomb 1.0.0.5

AndreaMosaic 3.22

Any Picture Scramble 1.0.0

Apple Application Support

Apple Software Update

ARCA REMAX Mod

AT&T Yahoo! Applications

ATT Management Agent

avast! Free Antivirus

Belarc Advisor 8.2

BeTrapped!

BigJig version 8.23

Bing Maps 3D

Bowling Evolution 1.07

BufferChm

Calculator Powertoy for Windows XP

Caribbean Explorer 1.0.0.9

Carmageddon TDR2000

CCleaner

CDR Viewer

Cfont Pro v4

Chromatica

Copy

CustomerResearchQFolder

Defraggler

Dell Driver Reset Tool

Desktop Taipei version 2.3.1

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DJ_AIO_ProductContext

DJ_AIO_Software

DJ_AIO_Software_min

Escape Rosecliff Island

Escape The Museum

Escape Whisper Valley

F4100

F4100_doccd

F4100_Help

FastFontPreview v3.0.2 FREEWARE

Free RAR Extract Frog

Freemake Audio Converter version 1.1.0

Freemake Music Box

Freemake Video Converter version 3.1.2

Freemake Video Downloader

FreeTorrentViewer

GetNZB version 0.726

Google Chrome

Google Earth

Google Update Helper

Hidden Expedition ® - Devil's Triangle

Hidden Expedition: Amazon™

High-Logic FontCreator 7

Higher Cockpit view for Trans-Am Series

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB954550-v5)

HP Customer Participation Program 9.0

HP Deskjet All-In-One Software 9.0

HP Imaging Device Functions 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

Inspector Parker

Intel® 537EP V9x DF PCI Modem

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

IrfanView (remove only)

Java 7 Update 25

Java Auto Updater

JigSawedME 2

Macromedia Flash Player

Mahjong Champ

Mahjongg Platinum 2

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Media Player Codec Pack 4.2.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft IntelliPoint 5.2

Microsoft Office XP Professional

Microsoft OpenType Font Properties Extension (Remove Only)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Mystery Case Files ®: Dire Grove ™

Mystery Chronicles: Murder Among Friends

Mystery P.I. - The London Caper

Mystery P.I. - The Vegas Heist 1.0.0.3

NASCAR® Racing 2003 Season

NYCv3.0

OpenDNS Updater 2.2.1

OWR  Mod For Papyrus NR2003 Season

Pazera Free MP4 to AVI Converter 1.6

PicViewer 3.0.2

Project Wildfire Trans Am Series for Nascar Racing 2003

PSSWCORE

QuickTime

Recuva

Reincarnations: Awakening

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB923689)

Sierra Utilities

SMPlayer 0.6.9

SokoMan

Speccy

Spot the Difference

Spybot - Search & Destroy

Status

swMSM

The Secret of Margrave Manor

Toolbox

TrayApp

Tweak UI

UnloadSupport

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

VideoToolkit01

WD Drive Utilities

WD SES Driver Setup

WD SmartWare

WebFldrs XP

WebReg

Windows Easy Transfer for Windows 7

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

WinRAR 4.20 (32-bit)

WinZip 17.5

.

==== Event Viewer Messages From Past Week ========

.

8/23/2013 1:14:43 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) 

 

failed to load:  abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p 

 

asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib 

 

ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

8/22/2013 9:48:43 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service WDBackup with 

 

arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}

8/22/2013 9:39:55 AM, error: Service Control Manager [7000]  - The Automatic Updates service failed to start due to 

 

the following error:  %%1290

8/22/2013 3:37:33 PM, error: DCOM [10005]  - DCOM got error "%1290" attempting to start the service wuauserv with 

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

.

==== End Of File ===========================

 

Thanks for your help and your product.

 

D Schalm

 

 

[MrCharlie]

Welcome to the forum.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[dschalm9]

Thanks for your quick response.  This is the log for the FIRST run of AdwCleaner.

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 08:56:44

# Updated 24/08/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Suzanne Peltier - D1XC5071

# Running from : C:\Documents and Settings\Suzanne Peltier\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Documents and Settings\All Users\Application Data\apn

Folder Found C:\Documents and Settings\All Users\Application Data\InstallMate

Folder Found C:\Documents and Settings\Suzanne Peltier\Application Data\Mozilla\Firefox\Profiles\sa02ec5u.default\jetpack

Folder Found C:\Documents and Settings\Suzanne Peltier\IECompatCache

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\Software\InstallIQ

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\Viewpoint

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v23.0.1 (en-US)

 

[ File : C:\Documents and Settings\Suzanne Peltier\Application Data\Mozilla\Firefox\Profiles\sa02ec5u.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Documents and Settings\Suzanne Peltier\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3506 octets] - [27/08/2013 08:56:44]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3566 octets] ##########

 

 

After checking the net to see for sure what those entries in the Files and Folders meant.  I believe there is nothing there to keep.  So, I guess I'm looking for a second opinion before I run the Clean command on AdwCleaner.

 

Could you give me a clue to what they are and what they may be doing to my computer?

 

D Schalm

[dschalm9]

BY THE WAY, the user name was the previous owner.

[MrCharlie]

They're all adware, clean them up...MrC

[dschalm9]

# AdwCleaner v3.001 - Report created 27/08/2013 at 11:42:46

# Updated 24/08/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Suzanne Peltier - D1XC5071

# Running from : C:\Documents and Settings\Suzanne Peltier\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

Folder Deleted : C:\Documents and Settings\Suzanne Peltier\IECompatCache

Folder Deleted : C:\Documents and Settings\Suzanne Peltier\Application Data\Mozilla\Firefox\Profiles\sa02ec5u.default\jetpack

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v23.0.1 (en-US)

 

[ File : C:\Documents and Settings\Suzanne Peltier\Application Data\Mozilla\Firefox\Profiles\sa02ec5u.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Documents and Settings\Suzanne Peltier\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3646 octets] - [27/08/2013 08:56:44]

AdwCleaner[R1].txt - [3706 octets] - [27/08/2013 11:40:25]

AdwCleaner[s0].txt - [3695 octets] - [27/08/2013 11:42:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3755 octets] ##########

 

--------------------------------------------------------------------------------------------------------------

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.08.27.06

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Suzanne Peltier :: D1XC5071 [administrator]

 

8/27/2013 11:55:17 AM

mbam-log-2013-08-27 (11-55-17).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 245278

Time elapsed: 10 minute(s), 52 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

------------------------------------------------------------------------------------------------------------

 

Looks good.  I'm going to re-boot and see how things go.

 

 

[dschalm9]

Everything seems better, now.

 

Thanks for letting me poke around you brain in this one.

[MrCharlie]

OK.......

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[dschalm9]

Thanks.  I do most of the things on your Preventative Maintenance list.  The rest is good info to have, and will be added to my routine.

[MrCharlie]

OK...Take Care MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.