Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple bad image error messages and other stuff


  • This topic is locked This topic is locked
10 replies to this topic

#1 JJBlog

JJBlog

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 19 February 2013 - 11:22 AM

Multiple bad image error messages (e.g. chrome.exe - Bad Image The application or DLL c:\........is not a valid Windows image. Please check this against our installation diskette). About 15 on start up (2 come up even at the beginning of safe mode) and every time I click an icon or any ok box etc, programs still load after clicking ok on bad image error box. Internet explorer won't stay open (opens and shuts immediately) and some chrome internet pages won't load. A couple of complete shutdowns (serious system error recovery notice on restart) today.  System restore in safe mode won't work (on re starting says unable to do system restore).  

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.13.2
Run by hp at 16:04:09 on 2013-02-19
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3455.2483 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\hp\Local Settings\Application Data\Updater21804\Updater21804.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=119529&tt=060213_9105_2&babsrc=HP_ss&mntrId=4cd738400000000000000019d2c01e73
uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=GB&userid=04142f1b-66f9-4daa-8638-297589dca8fe&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=GB&userid=04142f1b-66f9-4daa-8638-297589dca8fe&searchtype=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=GB&userid=04142f1b-66f9-4daa-8638-297589dca8fe&searchtype=ds&q={searchTerms}
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - c:\program files\coupon companion plugin\Coupon Companion Plugin.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.10.0\bh\delta.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.10.0\deltaTlbr.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Updater21804.exe] c:\documents and settings\hp\local settings\application data\updater21804\Updater21804.exe /extensionid=21804 /extensionname='Coupon Companion Plugin' /chromeid=jneaojaoiajhnemidnjhoempalnidbhj /stayidle /delay=300
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354577964063
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3E817221-6807-4C81-B67C-C2A587DABD88} : DHCPNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IfxWlxEN - IfxWlxEN.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll   c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-20 33112]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-1-11 36552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-1-11 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-1-11 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-1-11 83944]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-19 968880]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2012-12-4 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-02-19 15:41:47    --------    d-----w-    c:\program files\Delta
2013-02-19 15:41:47    --------    d-----w-    c:\documents and settings\all users\application data\Babylon
2013-02-19 15:41:45    --------    d-----w-    c:\documents and settings\hp\local settings\application data\Updater21804
2013-02-19 15:41:15    --------    d-----w-    c:\program files\common files\Hewlett-Packard
2013-02-19 15:39:57    --------    d-----w-    c:\windows\marco
2013-02-17 08:44:35    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-02-17 08:44:16    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-06 16:27:21    --------    d-----w-    c:\documents and settings\all users\application data\BrowserProtect
2013-02-06 16:27:02    --------    d-----w-    c:\documents and settings\hp\application data\Delta
2013-02-06 16:26:38    --------    d-----w-    c:\documents and settings\hp\application data\Babylon
2013-02-05 14:42:01    --------    d-----w-    c:\program files\Coupon Companion Plugin
2013-02-03 11:50:41    1269760    ----a-w-    c:\windows\hpzshl01.exe
2013-02-03 11:50:40    1126400    ----a-w-    c:\windows\hpzmsi01.exe
2013-02-03 11:40:58    25856    -c--a-w-    c:\windows\system32\dllcache\usbprint.sys
2013-02-03 11:40:58    25856    ----a-w-    c:\windows\system32\drivers\usbprint.sys
2013-02-02 08:31:39    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-02 08:31:39    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-31 18:56:01    --------    d-----w-    c:\windows\system32\cache
2013-01-31 07:54:32    --------    d-----w-    c:\documents and settings\hp\application data\Unity
2013-01-28 18:42:21    --------    d-----w-    c:\documents and settings\hp\application data\Malwarebytes
2013-01-28 18:42:05    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-01-28 18:42:04    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-01-28 18:42:04    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-01-22 19:14:57    16    ----a-w-    c:\windows\system32\jgldog11.dll
2013-01-21 12:48:54    --------    d-----w-    c:\documents and settings\hp\application data\DealPly
2013-01-21 12:48:46    --------    d-----w-    c:\program files\DealPly
2013-01-20 16:44:16    --------    d-----w-    c:\documents and settings\hp\local settings\application data\AVG Secure Search
2013-01-20 16:43:47    --------    d-----w-    c:\documents and settings\all users\application data\AVG Secure Search
2013-01-20 16:43:31    --------    d-----w-    c:\documents and settings\hp\application data\AVG Secure Search
2013-01-20 16:43:24    33112    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-01-20 16:43:14    --------    d-----w-    c:\program files\common files\AVG Secure Search
2013-01-20 16:43:11    --------    d-----w-    c:\program files\AVG Secure Search
2013-01-20 16:42:43    --------    d--h--w-    c:\documents and settings\all users\application data\Common Files
2013-01-20 16:24:11    --------    d-----w-    c:\windows\system32\NtmsData
.
==================== Find3M  ====================
.
2013-02-17 08:44:04    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-02-17 08:44:04    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:16:29    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16:28    43520    ------w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59    385024    ------w-    c:\windows\system32\html.iec
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-11-27 10:01:26    83944    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2012-11-22 15:51:11    36552    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
.
============= FINISH: 16:04:48.78 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 19 February 2013 - 11:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download ComboFix from one of these locations:
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
 
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  •  
  • Do not install any other programs until this if fixed.[/b]
  •  
  • Double click on ComboFix.exe & follow the prompts.
  •  
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
  •  
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  •  
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
  •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     

     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
     
    Do not mouse click ComboFix's window while it's running. That may cause it to stall
     
    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===
     
    Third party programs if not up to date can be the cause of infiltration an infection.
     
    Please run this security check for my review.
     
    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===
     
    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
     
    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • Please post the logs and let me know if the problem persists.


    #3 JJBlog

    JJBlog
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:11:04 PM

    Posted 19 February 2013 - 12:23 PM

    Dear Nasdaq

     

    Thanks for quick reply

     

     

    1. download on chrome only gives me the option to run, i cannot save to desktop will this be a problem?

     



    #4 JJBlog

    JJBlog
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:11:04 PM

    Posted 19 February 2013 - 01:02 PM

    Here is the log, I managed to get the download and save through internet explorer.  My son has noticed that he has a dealply folder on his (a different) computer, will that be a problem?

     

     

     

     

    ComboFix 13-02-18.02 - hp 19/02/2013  17:42:28.1.2 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.3455.3018 [GMT 0:00]
    Running from: c:\documents and settings\hp\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\hp\Local Settings\Application Data\Updater21804\Updater21804.exe
    c:\program files\Coupon Companion Plugin\CoUPon companion plugin.dll
    c:\program files\DealPly
    c:\program files\DealPly\DealPly.crx
    c:\program files\DealPly\DealPly.xpi
    c:\program files\DealPly\DealPlyIE.dll
    c:\program files\DealPly\DealPlyUpdate.exe
    c:\program files\DealPly\DealPlyUpdate.log
    c:\program files\DealPly\DealPlyUpdateRun.exe
    c:\program files\DealPly\icon.ico
    c:\program files\DealPly\uninst.exe
    c:\windows\system32\Cache
    c:\windows\system32\Cache\26c630d098e22dd5.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\5054adf455cbe3a8.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\7e25d1863370f2b3.fb
    c:\windows\system32\Cache\95f567698be8a182.fb
    c:\windows\system32\Cache\acfd3b4725cf4fbe.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\bd2a206f2576d7fb.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\jgldog11.dll
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-19 to 2013-02-19  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-19 15:41 . 2013-02-19 15:41 -------- d-----w- c:\program files\Delta
    2013-02-19 15:41 . 2013-02-19 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
    2013-02-19 15:41 . 2013-02-19 17:45 -------- d-----w- c:\documents and settings\hp\Local Settings\Application Data\Updater21804
    2013-02-19 15:41 . 2013-02-19 15:41 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2013-02-19 15:41 . 2013-02-19 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
    2013-02-19 15:39 . 2013-02-19 15:39 -------- d-----w- c:\windows\marco
    2013-02-19 15:03 . 2013-02-19 15:06 -------- d-----w- c:\documents and settings\Administrator
    2013-02-17 08:44 . 2013-02-17 08:44 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-17 08:44 . 2013-02-17 08:44 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-16 15:58 . 2013-02-19 15:47 -------- d-----w- c:\program files\Java
    2013-02-06 16:27 . 2013-02-06 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BrowserProtect
    2013-02-06 16:27 . 2013-02-19 15:19 -------- d-----w- c:\documents and settings\hp\Application Data\Delta
    2013-02-06 16:26 . 2013-02-06 16:26 -------- d-----w- c:\documents and settings\hp\Application Data\Babylon
    2013-02-05 14:42 . 2013-02-19 17:45 -------- d-----w- c:\program files\Coupon Companion Plugin
    2013-02-03 11:50 . 2007-07-10 09:01 1269760 ----a-w- c:\windows\hpzshl01.exe
    2013-02-03 11:50 . 2007-07-10 09:01 1126400 ----a-w- c:\windows\hpzmsi01.exe
    2013-02-03 11:40 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2013-02-03 11:40 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2013-02-02 08:31 . 2013-02-10 14:04 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-02 08:31 . 2013-02-10 14:04 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-31 07:54 . 2013-01-31 07:54 -------- d-----w- c:\documents and settings\hp\Application Data\Unity
    2013-01-28 18:42 . 2013-01-28 18:42 -------- d-----w- c:\documents and settings\hp\Application Data\Malwarebytes
    2013-01-28 18:42 . 2013-01-28 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-01-28 18:42 . 2013-01-28 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-28 18:42 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-21 12:48 . 2013-01-21 12:48 -------- d-----w- c:\documents and settings\hp\Application Data\DealPly
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-19 13:12 . 2013-01-20 16:43 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-02-17 08:44 . 2013-01-12 15:10 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-17 08:44 . 2013-01-12 15:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-26 03:55 . 2008-04-14 11:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:19 . 2008-04-14 11:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2008-04-14 11:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2008-04-14 11:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2008-04-14 11:00 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16 . 2008-04-14 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2008-04-14 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23 . 2008-04-14 11:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-03 23:36 . 2012-12-03 23:36 57344 ----a-r- c:\documents and settings\hp\Application Data\Microsoft\Installer\{7F362F06-A9A3-440F-8B19-6A01A72723C4}\ARPPRODUCTICON.exe
    2012-11-27 10:01 . 2013-01-11 19:30 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-11-22 15:51 . 2013-01-11 19:30 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-11-22 15:50 . 2013-01-11 19:30 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-02-19 13:12 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-01-11 295072]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-19 1151152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
    2006-03-03 15:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Search Results Toolbar\\Datamngr\\SRTOOL~1\\dtUser.exe"=
    "c:\\Documents and Settings\\hp\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
    "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [20/01/2013 16:43 33112]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/01/2013 19:30 36552]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/01/2013 19:30 86752]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20:31 38608]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [19/02/2013 13:12 968880]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [04/12/2012 00:42 97280]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ    hpqcxs08
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-31 07:42 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 14:04]
    .
    2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 19:37]
    .
    2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 19:37]
    .
    2013-02-19 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-790525478-1303643608-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
    .
    2013-02-19 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-790525478-1303643608-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
    .
    2013-02-19 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31 18:55]
    .
    2013-02-19 c:\windows\Tasks\User_Feed_Synchronization-{A79C6E64-B59E-4203-9D68-B94E93E5743F}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.delta-search.com/?affID=119529&tt=060213_9105_2&babsrc=HP_ss&mntrId=4cd738400000000000000019d2c01e73
    uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=GB&userid=04142f1b-66f9-4daa-8638-297589dca8fe&searchtype=ds&q={searchTerms}
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    HKCU-Run-Updater21804.exe - c:\documents and settings\hp\Local Settings\Application Data\Updater21804\Updater21804.exe
    AddRemove-DealPly - c:\program files\DealPly\uninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-19 17:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\IfxWlxEN.dll
    .
    - - - - - - - > 'explorer.exe'(2516)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\System32\SCardSvr.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\IFXSPMGT.exe
    c:\windows\system32\IFXTCS.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-19  17:51:28 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-02-19 17:51
    .
    Pre-Run: 103,420,981,248 bytes free
    Post-Run: 103,768,637,440 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 4F706C1E8660B2A8D7881540583984F5
     



    #5 JJBlog

    JJBlog
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:11:04 PM

    Posted 19 February 2013 - 01:05 PM

     Results of screen317's Security Check version 0.99.58 
     Windows XP Service Pack 3 x86  
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled! 
    Please wait while WMIC compiles updated MOF files.d
    i
    s
    p
    l
    a
    y
    N
    a
    m
    e
    ECHO is off.
    A
    v
    i
    r
    a
    ECHO is off.
    D
    e
    s
    k
    t
    o
    p
    ECHO is off.
     Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````
     Malwarebytes Anti-Malware version 1.70.0.1100 
     Java 7 Update 13 
     Google Chrome 24.0.1312.56 
     Google Chrome 24.0.1312.57 
     Google Chrome CTB.log.. 
    ````````Process Check: objlist.exe by Laurent```````` 
     Avira Antivir avgnt.exe
     Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     



    #6 JJBlog

    JJBlog
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:11:04 PM

    Posted 19 February 2013 - 01:15 PM

    Nasdaq,  You are an angel! the problem is fixed!!! Thank you so much.  Here is the adw log.   Please let me know if I need to do anything with the other computer that has dealply on it.

     

    # AdwCleaner v2.112 - Logfile created 02/19/2013 at 18:06:44
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : hp - NC6400
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\hp\Desktop\adwcleaner0.exe
    # Option [Delete]


     


    ***** [Services] *****


     


    ***** [Files / Folders] *****


     

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserProtect
    Folder Deleted : C:\Documents and Settings\hp\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\hp\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\hp\Application Data\DealPly
    Folder Deleted : C:\Documents and Settings\hp\Application Data\Delta
    Folder Deleted : C:\Documents and Settings\hp\Application Data\ilividtoolbarguid
    Folder Deleted : C:\Documents and Settings\hp\Local Settings\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\hp\Local Settings\Application Data\Ilivid
    Folder Deleted : C:\Documents and Settings\hp\Start Menu\Programs\DealPly
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Coupon Companion Plugin
    Folder Deleted : C:\Program Files\Delta
    Folder Deleted : C:\Program Files\search results toolbar


     

    ***** [Registry] *****


     

    Key Deleted : HKCU\Software\5f558adeb734e841
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\DealPly
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\ilividtoolbarguid
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\5f558adeb734e841
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DealPly
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKLM\Software\iLividSRTB
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]


     

    ***** [Internet Browsers] *****


     

    -\\ Internet Explorer v8.0.6001.18702


     

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=GB&userid=04142f1b-66f9-4daa-8638-297589dca8fe&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=GB&userid=04142f1b-66f9-4daa-8638-297589dca8fe&searchtype=ds&q={searchTerms} --> hxxp://www.google.com


     

    -\\ Google Chrome v24.0.1312.57


     

    File : C:\Documents and Settings\hp\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences


     

    Deleted [l.8] : homepage = "hxxp://www.searchnu.com/406",
    Deleted [l.1994] : homepage = "hxxp://www.searchnu.com/406",


     

    *************************


     

    AdwCleaner[S1].txt - [9701 octets] - [19/02/2013 18:06:44]


     

    ########## EOF - C:\AdwCleaner[S1].txt - [9761 octets] ##########



    #7 JJBlog

    JJBlog
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:11:04 PM

    Posted 19 February 2013 - 01:40 PM

    Here is the DDS log for my son's computer, please let me know if he needs to do anything.

     

     

    DDS (Ver_2012-11-20.01) - NTFS_x86 
    Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.13.2
    Run by USER at 18:34:49 on 2013-02-19
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1165 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    ============== Running Processes ================
    .
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\AccelerometerSt.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HPQ\Shared\hpqwmi.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
    mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358630153484
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358630217562
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{DBA02483-F021-4D99-8AAF-C739260DC352} : DHCPNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-1-19 343920]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2013-1-19 54760]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-19 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-19 682344]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-19 70728]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2013-1-19 88192]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2013-1-19 36352]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-19 21104]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-1-19 91832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-1-19 43288]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-1-19 66600]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-02-19 15:57:23    --------    d-----w-    c:\program files\PopCap Games
    2013-02-19 14:39:33    --------    d-----w-    c:\documents and settings\user\application data\Malwarebytes
    2013-02-19 14:39:14    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
    2013-02-19 14:39:10    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2013-02-19 14:39:10    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
    2013-02-19 12:41:34    6991832    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{587cc932-3166-4405-93bc-b896f0587cbd}\mpengine.dll
    2013-02-18 11:53:25    --------    d-----w-    c:\documents and settings\user\application data\.minecraft
    2013-02-18 11:27:26    6991832    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-02-14 20:44:09    --------    d-----w-    C:\ae3b066c83c4c254b47a17727e023f
    2013-02-13 17:04:32    --------    d-----w-    C:\Intel
    2013-02-12 18:42:55    --------    d-----w-    c:\program files\WordBiz
    2013-02-12 17:10:05    --------    d-----w-    c:\documents and settings\user\local settings\application data\Sun
    2013-02-12 16:17:43    --------    d-----w-    c:\windows\system32\appmgmt
    2013-02-12 16:01:07    143872    ----a-w-    c:\windows\system32\javacpl.cpl
    2013-02-12 16:01:06    782240    ----a-w-    c:\windows\system32\deployJava1.dll
    2013-02-12 16:01:05    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
    2013-02-12 16:00:13    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
    2013-02-12 15:50:34    73656    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-12 15:50:34    697272    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2013-02-10 14:00:56    --------    d-----w-    c:\documents and settings\all users\application data\hpqwmi
    .
    ==================== Find3M  ====================
    .
    2013-01-30 10:53:21    232336    ------w-    c:\windows\system32\MpSigStub.exe
    2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
    2013-01-20 15:59:04    195296    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 11:07:45    108544    ------w-    c:\windows\system32\pxcpyi64.exe
    2013-01-20 11:07:44    104960    ------w-    c:\windows\system32\pxinsi64.exe
    2013-01-20 11:07:43    20576    ------w-    c:\windows\system32\drivers\pxhelp20.sys
    2013-01-07 01:19:45    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
    2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
    2012-12-26 20:16:29    916480    ----a-w-    c:\windows\system32\wininet.dll
    2012-12-26 20:16:28    43520    ------w-    c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28    1469440    ------w-    c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59    385024    ------w-    c:\windows\system32\html.iec
    2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 18:36:06.54 ===============
     

    Attached Files



    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 38,925 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:04 PM

    Posted 19 February 2013 - 02:34 PM

    Your logs are clean.
     
    Let me know of any issues with your computer.
     
    ===
     
    On your son's computer run the DDS and the tools I requested in post no. 2.
    When the logs are ready start a new topic and post the URL in your topic. I will expedite the matter.
     
    If his computer is NOT an XP machine do not run the combofix I previously requested.
     
    Use this instead.
     
    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
     
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
    IMPORTANT....
     
    1. Close any open browsers.
     
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
    3. Do not install any other programs until this if fixed.
     
    How to : Disable Anti-virus and Firewall...
     
    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.

    • Please post the C:\ComboFix.txt

    Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall
     
    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
     
    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.


    #9 JJBlog

    JJBlog
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:11:04 PM

    Posted 19 February 2013 - 05:48 PM

    Here are my son's DDS logs

     

    http://www.bleepingcomputer.com/forums/t/486005/dealply/



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,925 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:04 PM

    Posted 20 February 2013 - 09:28 AM

    If all is well:
     
    Time for some housekeeping
    The following will implement some cleanup procedures as well as reset  System Restore points:
     
    Click Start > Run  and copy/paste the following bold text into the Run box and click OK:
     
    ComboFix /Uninstall 
    ===
     
    To remove AdwCleaner.
     
    Please double click on AdwCleaner.exe to run the tool.
    Click on Uninstall.
    Confirm with Yes.
     
    If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.
     
    Delete the other tools we used.
    You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.
     
    Surf Safely, and Think Prevention!
    ===


    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 38,925 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:04 PM

    Posted 20 February 2013 - 09:29 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users