Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP Infected with PC FixSpeed Optimizer, 24x7help (and more)


  • This topic is locked This topic is locked
6 replies to this topic

#1 ithinkhard

ithinkhard

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 10 May 2013 - 08:37 AM

Updating old programs on old XP computer to transfer to new Win8 computer, I managed to infect it with PC Fix Speed Optimizer, 24x7 Help, Delta Search, Browser Protect, and something called Power Fox. When I was looking up how to do remove all of these on Firefox, the following occurred:

 

--Link Install Wizard opens when starting Firefox

--Then a Power Fox - Power Fox screen opens after I cancelled and closed Link Install

--Then three windows opened in the Firefox browser: the signup page for stumbleupon.com; the linkextend.com help page, and the settings page for MyWot.

 

I removed Link Extend 1.1.5, Stumble Upon 4.16 and Wot 20130402 from Firefox Then I removed Delta Search and Browser Protect using adwcleaner and ran a Full Nalwarebytes scan (logs attached). I have not attempted to remove either PC Fix Speed Optimizer or 24x7 Help because after reading here, it seems that there are a variety of approaches used to remove it (and a variety of programs used to do so--I've seen mods ask people to install and run adwcleaner, Combo Fix, Rogue Killer, JRT, RunKill). So I am at an impasse and really need help. What next? Any help you could give me would be appreciated.

 

 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by nyctom at 10:05:51 on 2013-05-10
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1278.300 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GizmoPlugin\GizmoPlugin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PCFixSpeed\PCFixTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MiPony\MiPony.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\nyctom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.poony.info/
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Google Update] "c:\documents and settings\nyctom\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RAMDef] c:\program files\ram def\ramdef.exe -tray
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PCFixSpeed] "c:\program files\pcfixspeed\PCFixTray.exe" /startup
mRunServices: [ToolbarSetup] c:\docume~1\nyctom\locals~1\temp\0.9848550662155527.exe
StartupFolder: c:\docume~1\nyctom\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\nyctom\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: Download with Mipony - c:\program files\mipony\browser\IEContext.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169029955000
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{CECF8CCB-4813-4577-A8C9-51597B6C2C69} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nyctom\application data\mozilla\firefox\profiles\yhphpue4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.refdesk.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\nyctom\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\nyctom\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\nyctom\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\nyctom\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-05-10 10:01; {cf47767d-5f3a-4e32-9fce-5d79565c9702}; c:\documents and settings\nyctom\application data\mozilla\firefox\profiles\yhphpue4.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi
FF - ExtSQL: 2013-05-10 10:01; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\nyctom\application data\mozilla\firefox\profiles\yhphpue4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-18 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024]
R2 Gizmo Plugin;Gizmo VoIP Service;c:\program files\gizmoplugin\GizmoPlugin.exe [2008-3-5 962048]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]
S3 EraserUtilDrv11113;EraserUtilDrv11113;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11113.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11113.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-11 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-11 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-11 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-11 40552]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
ShellExec: MiPony.exe: open="c:\program files\mipony\MiPony.exe""%1"
.
=============== Created Last 30 ================
.
2013-05-10 05:05:13    712264    ----a-w-    c:\windows\isRS-000.tmp
2013-05-10 02:02:42    --------    d-----w-    c:\program files\24x7Help
2013-05-10 02:02:21    --------    d-----w-    c:\documents and settings\nyctom\application data\PCFixSpeed
2013-05-10 02:02:18    --------    d-----w-    c:\documents and settings\all users\application data\PCFixSpeed
2013-05-10 02:01:49    --------    d-----w-    c:\program files\PCFixSpeed
2013-05-09 23:56:24    --------    d-----w-    c:\documents and settings\nyctom\application data\avidemux
2013-05-09 23:55:27    --------    d-----w-    c:\program files\Avidemux 2.6
2013-05-04 23:33:21    1409    ----a-w-    c:\windows\QTFont.for
2013-04-12 16:32:59    920472    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2013-04-12 16:32:59    2989464    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2013-04-12 16:32:59    279448    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2013-04-12 16:32:57    1998168    ----a-w-    c:\program files\mozilla firefox\d3dx9_43.dll
2013-04-12 16:32:56    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-04-12 16:32:56    116120    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-04-12 16:32:55    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-04-12 16:32:55    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
2013-04-12 16:32:55    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M  ====================
.
2013-04-04 18:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-14 10:56:51    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-14 10:56:51    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:28:24    2193408    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28    2070016    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06:30    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08:47    385024    ----a-w-    c:\windows\system32\html.iec
2013-02-28 03:14:29    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-28 03:14:28    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2007-03-11 01:19:30    1045608    ----a-w-    c:\program files\qmpsetup_win_mozilla_07010901.exe
.
============= FINISH: 10:07:40.12 ===============

 

 

 

ADWCleaner Log:

 

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 00:22:46
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : nyctom - nyctom
# Boot Mode : Normal
# Running from : C:\Documents and Settings\nyctom\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : 24x7HelpSvc
Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\All Users\Desktop\24x7 Help.lnk
File Deleted : C:\Documents and Settings\nyctom\Application Data\Mozilla\Firefox\Profiles\yhphpue4.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\nyctom\Application Data\Mozilla\Firefox\Profiles\yhphpue4.default\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\nyctom\Application Data\Mozilla\Firefox\Profiles\yhphpue4.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Documents and Settings\nyctom\Application Data\Mozilla\Firefox\Profiles\yhphpue4.default\searchplugins\delta.xml
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\24x7 Help
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\Documents and Settings\nyctom\Application Data\24x7 Help
Folder Deleted : C:\Documents and Settings\nyctom\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\nyctom\Application Data\iWin
Folder Deleted : C:\Documents and Settings\nyctom\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\nyctom\Start Menu\Programs\FreeRIP
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\FreeRIP3
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\24x7HELP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\24x7HELP
Key Deleted : HKLM\SOFTWARE\8edb8cb369ec44
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=NT_ss&mntrId=C85E000BDBBC575F --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\nyctom\Application Data\Mozilla\Firefox\Profiles\yhphpue4.default\prefs.js

C:\Documents and Settings\nyctom\Application Data\Mozilla\Firefox\Profiles\yhphpue4.default\user.js ... Deleted !

Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "c85e7e05000000000000000bdbbc575f");
Deleted : user_pref("extensions.delta.instlDay", "15835");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1622:02:33");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Deleted : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"39\": {\"id\": \"39\[...]

*************************

AdwCleaner[S1].txt - [10665 octets] - [10/05/2013 00:22:46]

########## EOF - C:\AdwCleaner[S1].txt - [10726 octets] ##########
 

 

 

 

MALWAREBYTES LOG:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.09.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
nyctom :: nyctom [administrator]

5/10/2013 3:29:11 AM
mbam-log-2013-05-10 (03-29-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343191
Time elapsed: 3 hour(s), 44 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files


Edited by ithinkhard, 10 May 2013 - 09:12 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:06 PM

Posted 10 May 2013 - 04:45 PM

Good evening. :)

 

Updating old programs on old XP computer to transfer to new Win8 computer,

 

Can you explain to me exactly what you are intending to do - are you simply transferring files from the old PC to a new one?


So long, and thanks for all the fish.

 

 


#3 ithinkhard

ithinkhard
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 10 May 2013 - 05:47 PM

Hello Novicate. Thank you for getting back to me so quickly. I'd like to keep it. A friend of mine from out of town told me I should network it to the new computer and use it for watching movies, playing games that are XP compatible only, etc. I live in a studio apartment and have a loft bed (and no television--I live on disability and cable is out of my very strict budget) and can put this computer up there and the new one at the desk. This old computer is a very sturdy workhorse!


Edited by ithinkhard, 10 May 2013 - 06:06 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:06 PM

Posted 10 May 2013 - 06:20 PM

Have you got the XP installation disk that Dell should have provided?


So long, and thanks for all the fish.

 

 


#5 ithinkhard

ithinkhard
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 10 May 2013 - 06:39 PM

I'm sure I do but it may take me a day or two to find it. I didn't anticipate having to reinstall the OS!



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:06 PM

Posted 11 May 2013 - 02:25 PM

Good evening. :)

My thinking is this... according to one of the logs you posted, the install date for Windows is 1/17/2007 which makes it a little over six years old - a very long time in OS years. I tended to reformat and reinstall every six months to keep XP, when I had it, clean and fresh, which is slightly more frequently than you have done. :)

Next there are the number of infections that you have picked up. Somebody made use of a hole in your security to do a lot in a little time.There isn't any guarantee that those that you listed are the only ones that have taken up residence on your system.

 

The "two birds with one stone" answer is to reformat and reinstall which will both clean your system and get it all sparkly and new for the future. The alternative is to try and clean it, which may or may not work. A couple of scans and some file deletions could resolve the issue or it could prove fruitless and a waste of both our times - I just don't know.

 

I'll leave the final choice up to you, but offer this - if it was my PC or that of a family member I would reformat and reinstall and that would be that. Please let me know what you decide to do.

 

One final point, the DDS log shows your anti-virus program as disabled. Please check that it is re-enabled as soon as you can. Your system will be a slime magnet if you surf with it like that.


So long, and thanks for all the fish.

 

 


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:06 PM

Posted 18 May 2013 - 04:36 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users