Great. That worked.
How do things seem to be running now?
Posted 26 March 2014 - 10:37 PM
Great. That worked.
How do things seem to be running now?
Register to Remove
Posted 27 March 2014 - 06:12 AM
Seems to be doing OK. Still have some Icons for programs on my desktop. A "Download manager",
"7zip_Bimo", "Zipsetup", I might be able to dump these.
Posted 27 March 2014 - 07:20 AM
Misspoke, not doing OK, Ran Malware Bytes and it found several PUP's.....Checked those for deletion and restarted the PC to complete deleting. Here is the log on that run.....
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.25.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lew :: LEW-0CCC0E88CE3 [administrator]
3/27/2014 9:00:37 AM
mbam-log-2014-03-27 (09-00-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236462
Time elapsed: 4 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKLM\Software\Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Lew\Desktop\7zip_bimo.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
(end)
Posted 27 March 2014 - 08:48 AM
The Megabrowse and searchdial entries are orphans that I missed. The 7zip file appears to be new as it did not appear yesterday.
Based on what you've posted... you should be good... but I'm concerned that you keep getting new programs installed.
Please post new DDS logs again.
Posted 27 March 2014 - 03:20 PM
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Lew at 17:17:37 on 2014-03-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.547 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://%20msn.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KBD] c:\hp\kbd\KBD.EXE
StartupFolder: c:\docume~1\lew\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347465718176
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347978180406
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2E5072BA-3DCD-43F1-A347-7B3E0450AF88} : DHCPNameServer = 192.168.1.254
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-7-10 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-7-10 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-10 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-10 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-7-10 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-10 50344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-24 1103392]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-24 168384]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-24 1369624]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-12-29 11520]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
.
=============== Created Last 30 ================
.
2014-03-26 18:46:15 98816 ----a-w- c:\windows\sed.exe
2014-03-26 18:46:15 256000 ----a-w- c:\windows\PEV.exe
2014-03-26 18:46:15 208896 ----a-w- c:\windows\MBR.exe
2014-03-25 20:28:15 -------- d-----w- C:\AdwCleaner
2014-03-25 15:13:03 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2014-03-25 00:37:26 128000 ----a-w- c:\program files\uninstall information\79\3683\uninstall.exe
2014-03-23 15:51:30 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-23 15:51:30 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M ====================
.
2014-03-11 18:27:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 18:27:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ------w- c:\windows\system32\html.iec
2014-02-07 21:36:14 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 21:35:48 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 21:35:47 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-07 11:40:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-07 11:40:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-04 15:50:34 231048 ----a-w- c:\windows\system32\SigCheck.exe
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 17:18:03.21 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2012 6:15:23 PM
System Uptime: 3/27/2014 9:23:13 AM (8 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon 64 Processor 3800+ | Socket 939 | 2405/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 451.109 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Service: NVENETFD
.
==== System Restore Points ===================
.
RP19: 3/23/2014 12:35:35 PM - System Checkpoint
RP20: 3/24/2014 12:42:06 PM - System Checkpoint
RP21: 3/25/2014 1:05:27 PM - System Checkpoint
RP22: 3/26/2014 9:38:12 AM - Removed DriverUpdate
RP23: 3/27/2014 9:55:05 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Apple Application Support
Apple Software Update
avast! Ad Blocker
avast! Free Antivirus
Bing Bar
Bing Rewards Client Installer
CCleaner
Chinese Traditional Fonts Support For Adobe Reader X
Compatibility Pack for the 2007 Office system
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
DIRECTV Player
Enhanced Multimedia Keyboard Solution
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
Internet Explorer (Enable DEP)
iSEEK AnswerWorks English Runtime
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Quicken 2012
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SketchUp 8
Spell Checker For OE 2.1
Spotify
Spybot - Search & Destroy
TaxACT 2012 - 1040 Edition
TaxACT 2012 Georgia
TaxACT 2013 - 1040 Edition
TaxACT 2013 Georgia
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WD SES Driver Setup
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows PowerShell 1.0
Windows XP Service Pack 3
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
3/26/2014 9:38:15 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/26/2014 8:11:43 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TSTLIBG\0000 disappeared from the system without first being prepared for removal.
3/26/2014 3:14:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
3/26/2014 11:10:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942403
3/26/2014 11:10:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942403
3/25/2014 4:30:59 PM, error: Service Control Manager [7031] - The Util Mega Browse service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/25/2014 4:30:58 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:58 PM, error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Optimizer Pro Crash Monitor service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
3/25/2014 4:30:57 PM, error: Service Control Manager [7031] - The Update Mega Browse service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/23/2014 9:39:15 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2014 12:26:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
3/23/2014 12:26:08 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2014 9:22:04 AM, error: Service Control Manager [7034] - The SAS Core Service service terminated unexpectedly. It has done this 2 time(s).
3/22/2014 9:15:56 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================
Posted 27 March 2014 - 05:01 PM
Looks good. Nothing new showing. No errors being thrown.
Has anything else "weird" happened? Any more programs appeared?
Posted 27 March 2014 - 05:09 PM
Malware Bytes just found 5 more PUPS.....
Posted 27 March 2014 - 05:48 PM
please post the log.
Posted 28 March 2014 - 06:02 AM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.25.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lew :: LEW-0CCC0E88CE3 [administrator]
3/27/2014 6:54:55 PM
mbam-log-2014-03-27 (18-54-55).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280695
Time elapsed: 24 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 40
C:\Qoobox\Quarantine\C\Program Files\Mega Browse\MegaBrowsebho.dll.vir (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Mega Browse\updateMegaBrowse.exe.vir (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Mega Browse\bin\utilMegaBrowse.exe.vir (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001898.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001899.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001900.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001901.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001902.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001903.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001904.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001907.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001908.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP20\A0001909.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0001995.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0001996.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0001997.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0001998.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002001.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002017.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002018.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002019.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002026.exe (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002031.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002141.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP21\A0002161.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP22\A0002364.dll (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP22\A0002329.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP22\A0002335.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP22\A0002560.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP22\A0002563.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39BD494D-4C19-4CC2-9C7A-2A460FA1F53D}\RP22\A0002770.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Lew\Application Data\Mysearchdial\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DealPly) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
(end)
Posted 28 March 2014 - 08:37 AM
Nothing there is "real". Those are all items that we have already "killed" and quarantined. You should be good to go.
Please run Delfix again to cleanup the tools and reset your system restore. This will also clean out the quarantined files.
Register to Remove
Posted 28 March 2014 - 01:26 PM
# DelFix v10.6 - Logfile created 28/03/2014 at 15:17:40
# Updated 11/11/2013 by Xplode
# Username : Lew - LEW-0CCC0E88CE3
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Documents and Settings\Lew\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\Lew\Desktop\dds.scr
Deleted : C:\Documents and Settings\Lew\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Lew\Desktop\RogueKiller.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #19 [System Checkpoint | 03/23/2014 16:35:35]
Deleted : RP #20 [System Checkpoint | 03/24/2014 16:42:06]
Deleted : RP #21 [System Checkpoint | 03/25/2014 17:05:27]
Deleted : RP #22 [Removed DriverUpdate | 03/26/2014 13:38:12]
Deleted : RP #23 [System Checkpoint | 03/27/2014 13:55:05]
Deleted : RP #24 [System Checkpoint | 03/28/2014 15:01:21]
New restore point created !
########## - EOF - ##########
Posted 28 March 2014 - 01:26 PM
# DelFix v10.6 - Logfile created 28/03/2014 at 15:17:40
# Updated 11/11/2013 by Xplode
# Username : Lew - LEW-0CCC0E88CE3
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Documents and Settings\Lew\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\Lew\Desktop\dds.scr
Deleted : C:\Documents and Settings\Lew\Desktop\JRT.exe
Deleted : C:\Documents and Settings\Lew\Desktop\RogueKiller.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #19 [System Checkpoint | 03/23/2014 16:35:35]
Deleted : RP #20 [System Checkpoint | 03/24/2014 16:42:06]
Deleted : RP #21 [System Checkpoint | 03/25/2014 17:05:27]
Deleted : RP #22 [Removed DriverUpdate | 03/26/2014 13:38:12]
Deleted : RP #23 [System Checkpoint | 03/27/2014 13:55:05]
Deleted : RP #24 [System Checkpoint | 03/28/2014 15:01:21]
New restore point created !
########## - EOF - ##########
Posted 28 March 2014 - 01:28 PM
Not sure what that post is, Tried to post DELFIX log.....and that came out.....That's wierd!
Posted 28 March 2014 - 04:27 PM
The log you posted looks exactly correct to me.
How are things running on your end now?
Posted 28 March 2014 - 04:54 PM
Things seem to be OK now.....Good to be rid of all the junk and Malware........Thanks for hanging in there with me, it's been a long session.....Might be one of your longest....Anyway thanks again for all the good work.......
0 members, 0 guests, 0 anonymous users