Jump to content

Another Aartemis Problem

PamJ

By PamJ
in Resolved Malware Removal Logs

 Share

Recommended Posts

PamJ

PamJ

Posted
Posted

I downloaded something yesterday (JAVA Update) that my AV program said I needed to download. And I was also trying to watch a free TV episode online when this happened. So I downloaded/updated Java. This is when the problems began. This Aartemis think hijacked my FF homepage. I had set a restore point before downloading the Java thing, so I went back to that restore point. That SEEMED to fix it, as I could now set my FF homepage to what I wanted again and it stayed there. Later today, although the homepage is fine, every time in FF when I click the "+" tab to open up a new tab, I get Aartemis instead. This is only happening on FF (which was my default browser at the time), not IE or Chrome.

 

I ran a Quick Scan and then a Full Scan with MB, and the problem is still there. (Although MB did find some things on the full scan, it wasn't something that fixed this issue.)

 

(In case it matters, I had an issue with a Money vs avast last Friday that someone on their forums was trying to help me with, downloading scans and then posting the resulting logs. Other than a bunch of PUPs (which have a life of their own, I think), and some adware, he said he didn't see anything that could be causing the problem And indeed, after eliminating these, the problem still existed. I end up deleting Money and THAT issue now seems to be resolved.)

 

The instructions under the MB thread "I'm infected - What do i do now?" say to cut-and-paste the contents of the dds and attach text logs here in this post. So, here they are.  Thanks!!

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_20
Run by Pam at 18:59:11 on 2013-11-18
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2037.1093 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\system32\cypxsrv10.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ENCOREPRO\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Documents and Settings\Pam\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ActiveWords\AWMonitor.exe
C:\Program Files\ActiveWords\AWMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ActiveWords\AWApps\L&T\AWLearnTrain.exe
C:\Program Files\ActiveWords\AWFeedback.exe
C:\Program Files\ActiveWords\nahuatl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081129
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [F.lux] "c:\documents and settings\pam\local settings\application data\fluxsoftware\flux\flux.exe" /noshow
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\pam\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\active~1.lnk - c:\program files\activewords\AWMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\pam\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\pam\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pam\application data\mozilla\firefox\profiles\35637qgf.default\
FF - prefs.js: browser.search.selectedEngine - aartemis
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\pam\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\pam\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-4 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-4 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-4 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-4 369584]
R1 cypxdv10;cypxdv10;c:\windows\system32\drivers\cypxdv10.sys [2013-7-13 98560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-9-10 116608]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-4 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-4 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-4 46808]
R2 cypherix10service;Cypherix 10 service;c:\windows\system32\cypxsrv10.exe [2013-7-13 1055072]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 MSSQL$ENCOREPRO;MSSQL$ENCOREPRO;c:\program files\microsoft sql server\mssql$encorepro\binn\sqlservr.exe [2005-5-4 9158656]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2012-12-10 690992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MSRSService;MSRS Recording System;c:\program files\nch swift sound\msrs\msrs.exe [2010-2-6 745476]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 SQLAgent$ENCOREPRO;SQLAgent$ENCOREPRO;c:\program files\microsoft sql server\mssql$encorepro\binn\sqlagent.EXE [2005-5-3 323584]
S3 TTIUSB;Mako DT3500 SmartCard Reader;c:\windows\system32\drivers\2800.sys [2009-1-13 24320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
ShellExec: switch.exe: Convert with Switch Sound File Converter="c:\program files\nch software\switch\switch"  "%L"
.
=============== Created Last 30 ================
.
2013-11-18 04:06:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-11-18 04:06:24 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-18 04:02:58 -------- d-----w- c:\program files\Uninstaller
2013-11-18 04:01:44 -------- d-----w- c:\program files\MyPC Backup
2013-11-18 04:01:07 -------- d-----w- c:\documents and settings\pam\local settings\application data\SevereWeatherAlerts
2013-11-17 15:10:21 -------- d-----w- c:\program files\CCleaner
2013-11-16 21:28:29 24064 ----a-w- c:\windows\zoek-delete.exe
2013-11-16 18:14:04 -------- d-----w- C:\zoek_backup
2013-11-16 18:12:18 -------- d--h--w- c:\windows\PIF
2013-10-26 15:49:32 -------- d-----w- c:\documents and settings\pam\local settings\application data\iSite
2013-10-26 15:49:32 -------- d-----w- c:\documents and settings\all users\application data\Philips
2013-10-26 15:49:17 -------- d-----w- c:\documents and settings\pam\PIMVLibraries
.
==================== Find3M  ====================
.
2013-10-20 17:17:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-20 17:17:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 18:59:51.60 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/9/2009 8:37:06 PM
System Uptime: 11/18/2013 6:40:19 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel® Pentium® Dual  CPU  E2200  @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 209.203 GiB free.
D: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1654: 8/20/2013 8:26:30 PM - B4 word upgrade
RP1655: 8/20/2013 8:34:56 PM - Installed Microsoft Office Small Business 2007
RP1656: 8/20/2013 9:34:50 PM - Configured Microsoft Office Small Business 2007
RP1657: 8/20/2013 9:35:34 PM - Configured Microsoft Office Small Business 2007
RP1658: 8/21/2013 11:09:24 PM - Configured Microsoft Office Small Business 2007
RP1659: 8/22/2013 11:21:22 AM - Configured Microsoft Office Small Business 2007
RP1660: 8/23/2013 12:10:23 AM - Configured Microsoft Office Small Business 2007
RP1661: 8/23/2013 11:52:32 PM - Configured Microsoft Office Small Business 2007
RP1662: 8/25/2013 1:33:54 AM - System Checkpoint
RP1663: 8/25/2013 5:16:08 PM - Configured Microsoft Office Small Business 2007
RP1664: 8/26/2013 6:46:27 PM - System Checkpoint
RP1665: 8/27/2013 6:59:17 PM - System Checkpoint
RP1666: 8/27/2013 7:35:19 PM - Configured Microsoft Office Small Business 2007
RP1667: 8/28/2013 10:37:40 AM - Configured Microsoft Office Small Business 2007
RP1668: 8/28/2013 5:10:19 PM - Configured Microsoft Office Small Business 2007
RP1669: 8/29/2013 5:53:31 PM - System Checkpoint
RP1670: 8/30/2013 4:53:00 PM - Configured Microsoft Office Small Business 2007
RP1671: 8/31/2013 5:34:00 PM - System Checkpoint
RP1672: 9/1/2013 5:46:31 PM - System Checkpoint
RP1673: 9/2/2013 7:25:36 PM - System Checkpoint
RP1674: 9/3/2013 11:17:09 PM - System Checkpoint
RP1675: 9/5/2013 12:53:35 AM - System Checkpoint
RP1676: 9/6/2013 12:54:09 AM - System Checkpoint
RP1677: 9/7/2013 11:31:54 AM - Configured Microsoft Office Small Business 2007
RP1678: 9/8/2013 12:09:47 PM - System Checkpoint
RP1679: 9/8/2013 7:58:41 PM - Configured Microsoft Office Small Business 2007
RP1680: 9/9/2013 10:32:19 PM - System Checkpoint
RP1681: 9/10/2013 9:45:49 AM - Configured Microsoft Office Small Business 2007
RP1682: 9/11/2013 2:22:47 AM - Configured Microsoft Office Small Business 2007
RP1683: 9/12/2013 2:54:46 AM - System Checkpoint
RP1684: 9/13/2013 12:33:54 AM - Configured Microsoft Office Small Business 2007
RP1685: 9/13/2013 10:10:52 PM - Configured Microsoft Office Small Business 2007
RP1686: 9/14/2013 10:22:47 PM - System Checkpoint
RP1687: 9/15/2013 10:40:52 PM - System Checkpoint
RP1688: 9/16/2013 11:18:55 AM - Configured Microsoft Office Small Business 2007
RP1689: 9/17/2013 11:46:40 AM - System Checkpoint
RP1690: 9/18/2013 12:32:56 PM - System Checkpoint
RP1691: 9/19/2013 12:51:18 PM - System Checkpoint
RP1692: 9/19/2013 11:26:09 PM - Configured Microsoft Office Small Business 2007
RP1693: 9/21/2013 11:28:57 AM - System Checkpoint
RP1694: 9/22/2013 1:28:13 PM - System Checkpoint
RP1695: 9/23/2013 4:08:22 PM - System Checkpoint
RP1696: 9/24/2013 10:28:54 PM - Configured Microsoft Office Small Business 2007
RP1697: 9/26/2013 2:50:33 PM - System Checkpoint
RP1698: 9/27/2013 3:19:19 PM - System Checkpoint
RP1699: 9/28/2013 4:19:16 PM - System Checkpoint
RP1700: 9/29/2013 4:53:16 PM - System Checkpoint
RP1701: 9/30/2013 4:54:18 PM - System Checkpoint
RP1702: 10/1/2013 5:09:14 PM - System Checkpoint
RP1703: 10/2/2013 9:22:55 PM - System Checkpoint
RP1704: 10/3/2013 9:53:07 PM - System Checkpoint
RP1705: 10/4/2013 9:53:51 PM - System Checkpoint
RP1706: 10/5/2013 4:28:28 PM - Configured Microsoft Office Small Business 2007
RP1707: 10/5/2013 4:30:51 PM - Configured Microsoft Office Small Business 2007
RP1708: 10/6/2013 5:14:02 PM - System Checkpoint
RP1709: 10/7/2013 3:14:52 PM - Configured Microsoft Office Small Business 2007
RP1710: 10/8/2013 5:03:51 PM - System Checkpoint
RP1711: 10/9/2013 1:55:20 PM - B4 Avast Update
RP1712: 10/9/2013 8:32:10 PM - Configured Microsoft Office Small Business 2007
RP1713: 10/10/2013 9:16:37 PM - System Checkpoint
RP1714: 10/11/2013 10:24:47 AM - Configured Microsoft Office Small Business 2007
RP1715: 10/11/2013 5:14:20 PM - Configured Microsoft Office Small Business 2007
RP1716: 10/12/2013 6:56:49 PM - System Checkpoint
RP1717: 10/13/2013 3:32:30 PM - Configured Microsoft Office Small Business 2007
RP1718: 10/14/2013 3:39:20 PM - System Checkpoint
RP1719: 10/15/2013 5:11:50 PM - System Checkpoint
RP1720: 10/16/2013 7:34:30 PM - System Checkpoint
RP1721: 10/17/2013 7:47:08 PM - System Checkpoint
RP1722: 10/18/2013 8:22:11 PM - System Checkpoint
RP1723: 10/19/2013 1:56:20 PM - Configured Microsoft Office Small Business 2007
RP1724: 10/20/2013 3:19:15 PM - System Checkpoint
RP1725: 10/21/2013 4:38:39 PM - System Checkpoint
RP1726: 10/22/2013 7:54:51 PM - System Checkpoint
RP1727: 10/23/2013 10:34:33 PM - System Checkpoint
RP1728: 10/25/2013 11:16:57 AM - System Checkpoint
RP1729: 10/26/2013 12:27:58 PM - System Checkpoint
RP1730: 10/27/2013 11:28:49 PM - System Checkpoint
RP1731: 10/28/2013 11:57:21 PM - System Checkpoint
RP1732: 10/30/2013 1:31:06 AM - System Checkpoint
RP1733: 10/31/2013 1:33:22 PM - System Checkpoint
RP1734: 11/1/2013 9:21:27 PM - System Checkpoint
RP1735: 11/2/2013 9:58:08 PM - System Checkpoint
RP1736: 11/3/2013 9:28:28 PM - System Checkpoint
RP1737: 11/4/2013 8:48:01 PM - Configured Microsoft Office Small Business 2007
RP1738: 11/5/2013 6:29:48 PM - Configured Microsoft Office Small Business 2007
RP1739: 11/6/2013 6:58:38 PM - System Checkpoint
RP1740: 11/7/2013 2:16:28 AM - Configured Microsoft Office Small Business 2007
RP1741: 11/7/2013 7:53:33 PM - Configured Microsoft Office Small Business 2007
RP1742: 11/8/2013 8:39:54 PM - System Checkpoint
RP1743: 11/9/2013 8:59:31 PM - System Checkpoint
RP1744: 11/10/2013 9:00:21 PM - System Checkpoint
RP1745: 11/11/2013 9:39:32 PM - System Checkpoint
RP1746: 11/12/2013 10:30:30 PM - System Checkpoint
RP1747: 11/14/2013 1:06:27 AM - System Checkpoint
RP1748: 11/15/2013 11:35:48 AM - System Checkpoint
RP1749: 11/16/2013 12:08:48 PM - System Checkpoint
RP1750: 11/16/2013 1:16:34 PM - zoek.exe restore point
RP1751: 11/17/2013 10:23:16 AM - Removed Microsoft Money 2002
RP1752: 11/17/2013 10:24:58 AM - Removed Microsoft Money 2002 System Pack
RP1753: 11/17/2013 10:59:25 PM - B4 Java Update
RP1754: 11/17/2013 11:05:24 PM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.22beta
ABBYY FineReader 9.0 Sprint
AceFTP 3 Freeware
Acrobat.com
ActiveWords
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
AVS Audio Converter 7
BPD_Scan
Browser Address Error Redirector
CA VMN Anti-Spyware (remove only)
CamStudio OSS Desktop Recorder
CamStudio version 2.7
CCleaner
Chronotron Pro
Compatibility Pack for the 2007 Office system
Cypherix LE 10
Debut Video Capture Software
DeCypherIT
Dell DataSafe Online
Dell Driver Reset Tool
Digital Voice Recorder
DocProcQFolder
Dropbox
DVDVideoSoftTB Toolbar
Encore Pro
EncoreBasic
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 545 Series Printer Uninstall
eSupportQFolder
Evernote v. 4.5.2
Express Burn Disc Burning Software
Express Dictate
Express Scribe
Express Zip
f.lux
Free Audio CD Burner version 1.4.7
Free AVI Video Converter version 5.0.23.320
Free MP4 Video Converter version 5.0.3.1206
Free Studio version 5.0.8
Free YouTube Download version 3.2.1.320
Free YouTube to MP3 Converter version 3.11.26.706
FTR TheRecord Player
GearPlayer
Google Chrome
Google Drive
Google Update Helper
High-Logic FontCreator 6.0
High Definition Audio Driver Package - KB835221
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Solution Center and Imaging Support Tools 6.0
HP Update
HPProductAssistant
Impact 360 Desktop Applications
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
IrfanView (remove only)
Jasc Paint Shop Pro 8
Java Auto Updater
Java 6 Update 20
K-Lite Codec Pack 8.4.0 (Basic)
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server Desktop Engine (ENCOREPRO)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSRS Recording System
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NCH Tone Generator
NCH Toolbox
novaPDF Lite Desktop 7.6 printer
PayPal Payment Request Wizard For Outlook
PhotoPad Image Editor
PhotoStage Slideshow Producer
Platform
PowerDVD
Print Screen Deluxe
Prism Video File Converter
QuickBooks Pro 2008
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
RecordPad Sound Recorder
Revo Uninstaller 1.94
River Past Audio Converter
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 5.9
Slice Audio File Splitter
Smartcard Reader Software
SolutionCenter
Sony Player Plug-in for Windows Media Player
SoundTap Streaming Audio Recorder
Spelling Dictionaries Support For Adobe Reader 9
SpywareBlaster 5.0
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Switch Sound File Converter
The FTW Transcriber version 2.4.1
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VideoPad Video Editor
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 2.0.8
WavePad Sound Editor
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip 14.5
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
11/16/2013 1:53:21 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to 
 
load:  iaStor
11/12/2013 9:28:23 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service WSearch with 
 
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/12/2013 6:22:00 PM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  
 
%%2147942402
11/11/2013 11:35:34 AM, error: SCardSvr [610]  - Smart Card Reader 'Infineer , Inc. USB 0' rejected IOCTL EJECT: The 
 
request is not supported.
11/11/2013 10:23:25 AM, error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service 
 
terminated with service-specific error 2147500037 (0x80004005).
.
==== End Of File ===========================
 
 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted
Welcome to the forum.
 
Please download and run  RogueKiller 32 Bit to your desktop.
 
RogueKiller 64 Bit <---use this one for 64 bit systems
 
 
Quit all running programs.
 
For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
 
Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!
 
Don't run any other options, they're not all bad!!!!!!!
 
Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)
 
General P2P/Piracy Warning:
1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on  Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.
Link to post
Share on other sites
PamJ

PamJ

Posted
  • Author
Posted

Thank you, MrCharlie.

 

Here is the result of the RogueKiller scan:

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Pam [Admin rights]
Mode : Scan -- Date : 11/19/2013 16:55:13
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAKS-75L9A0 +++++
--- User ---
[MBR] 716891557b0b149140cf6ab6efa28616
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 305180 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_11192013_165513.txt >>
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Give this a try to start with:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
PamJ

PamJ

Posted
  • Author
Posted

Some of the items I recognize but most I have no clue if I should keep them or not. (And aarteimis is showing up several times.)

 

These are the programs that show up that I use all the time:

 

DVDVideoSoft

NCH Sofware

 

If you could take a look at the log/report below and let me know what else I should keep (or delete, whichever way is easier), I would appreciate it. Thank you!

 

# AdwCleaner v3.012 - Report created 19/11/2013 at 20:07:01
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Pam - DDCKMRH1
# Running from : C:\Documents and Settings\Pam\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files\Mozilla Firefox\searchplugins\aartemis.xml
Folder Found C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found C:\Documents and Settings\Non-Admin\Application Data\vmntoolbar
Folder Found C:\Documents and Settings\Pam\Application Data\NCH Software
Folder Found C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB
Folder Found C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DVDVideoSoftTB
Key Found : HKCU\Software\DVDVideoSoftTB
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBEE89F7-84F2-4391-BB03-5A712C68DB32}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBEE89F7-84F2-4391-BB03-5A712C68DB32}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD5217A6-EBC7-4377-8828-EC04EDE9C032}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F587EBF6-F156-465C-9910-6055CE92FA47}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBEE89F7-84F2-4391-BB03-5A712C68DB32}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Found : HKLM\Software\NCH Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\35637qgf.default\prefs.js ]
 
Line Found : user_pref("CT3290229.FF19Solved", "true");
Line Found : user_pref("CT3290229.UserID", "UN10481539506906802");
Line Found : user_pref("CT3290229.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3290229.installDate", "6/4/2013 10:49:55");
Line Found : user_pref("CT3290229.installerVersion", "1.3.7.3");
Line Found : user_pref("CT3290229.keyword", "true");
Line Found : user_pref("browser.search.defaultenginename", "aartemis");
Line Found : user_pref("browser.search.selectedEngine", "aartemis");
Line Found : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.previous_page.value", "%22hxxp%3A//aartemis.com/%3Ftype%3Dsc%26ts%3D1384747283%26from%3Dtug[...]
Line Found : user_pref("extensions.crossrider.bic", "142695fad2a36fd7a0bf2f61b6eebaf3");
 
[ File : C:\Documents and Settings\Non-Admin\Application Data\Mozilla\Firefox\Profiles\xkyn64nr.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Pam\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5727 octets] - [19/11/2013 20:07:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5787 octets] ##########
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Unchecked these:

Folder Found C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB

Folder Found C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB

Key Found : HKCU\Software\DVDVideoSoftTB

Key Found : HKCU\Software\DVDVideoSoftTB

Key Found : HKLM\Software\DVDVideoSoftTB

Key Found : HKLM\Software\DVDVideoSoftTB

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

I don't see this in the log:

NCH Sofware

MrC

Link to post
Share on other sites
PamJ

PamJ

Posted
  • Author
Posted

I will finish the AdwCleaner stuff up now. Thanks for going over the list for me.

 

The NCH Software was the first "Folder" found:

 

File Found : C:\Program Files\Mozilla Firefox\searchplugins\aartemis.xml
Folder Found C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found C:\Documents and Settings\Non-Admin\Application Data\vmntoolbar
Folder Found C:\Documents and Settings\Pam\Application Data\NCH Software
Folder Found C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB
Folder Found C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\NCH Software
Link to post
Share on other sites
PamJ

PamJ

Posted
  • Author
Posted

Oops, sorry about that!

 

It appears that AdwCleaner did the trick! I just checked on FF and the problem is gone! (FF is usually my default, but I've been using Chrome since the problem started.)  I will still post the log below, but I think you fixed it! Thank you SO much! Oh, should I just keep those items in quarantine for a awhile to make sure I don't need something or just delete them permanently?

 

# AdwCleaner v3.012 - Report created 19/11/2013 at 21:43:46
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Pam - DDCKMRH1
# Running from : C:\Documents and Settings\Pam\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Program Files\MyPC Backup
[x] Not Deleted : C:\Program Files\NCH Software
[x] Not Deleted : C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB
[x] Not Deleted : C:\Documents and Settings\Pam\Local Settings\Application Data\DVDVideoSoftTB
[x] Not Deleted : C:\Documents and Settings\Pam\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Non-Admin\Application Data\vmntoolbar
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\aartemis.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBEE89F7-84F2-4391-BB03-5A712C68DB32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBEE89F7-84F2-4391-BB03-5A712C68DB32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBEE89F7-84F2-4391-BB03-5A712C68DB32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F587EBF6-F156-465C-9910-6055CE92FA47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD5217A6-EBC7-4377-8828-EC04EDE9C032}
Key Deleted : HKCU\Software\Conduit
[x] Not Deleted : HKCU\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\InstallCore
[x] Not Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
[x] Not Deleted : HKCU\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
[x] Not Deleted : HKLM\Software\DVDVideoSoftTB
[x] Not Deleted : HKLM\Software\NCH Software
[x] Not Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\35637qgf.default\prefs.js ]
 
Line Deleted : user_pref("CT3290229.FF19Solved", "true");
Line Deleted : user_pref("CT3290229.UserID", "UN10481539506906802");
Line Deleted : user_pref("CT3290229.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3290229.installDate", "6/4/2013 10:49:55");
Line Deleted : user_pref("CT3290229.installerVersion", "1.3.7.3");
Line Deleted : user_pref("CT3290229.keyword", "true");
Line Deleted : user_pref("browser.search.defaultenginename", "aartemis");
Line Deleted : user_pref("browser.search.selectedEngine", "aartemis");
Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.cookie.previous_page.value", "%22hxxp%3A//aartemis.com/%3Ftype%3Dsc%26ts%3D1384747283%26from%3Dtug[...]
Line Deleted : user_pref("extensions.crossrider.bic", "142695fad2a36fd7a0bf2f61b6eebaf3");
 
[ File : C:\Documents and Settings\Non-Admin\Application Data\Mozilla\Firefox\Profiles\xkyn64nr.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Pam\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5867 octets] - [19/11/2013 20:07:01]
AdwCleaner[s0].txt - [5955 octets] - [19/11/2013 21:43:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6015 octets] ##########
Link to post
Share on other sites
PamJ

PamJ

Posted
  • Author
Posted

Fortunately Chrome and IE were not affected at all, but that may be because FF is my default browser. I just changed default to Chrome when the problem started on FF only. Switching back to FF, thanks to you!

 

Thanks again, MrC! You made it a very simple and easy process (on my side, anyway)!  (Oh, and I love your "crew"!)

 

Pam

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK........

A little clean up to do....

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.