Jump to content

Can't uninstall Mirar


Recommended Posts

Hello, I have a problem getting rid of this "Mirar" whatever it is. It came up on Spybot S&D and it said it removed it, but it is still in the program list under "Add/Remove Programs" in control panel and I'm still getting pop-us. Every time i try to uninstall it it starts and then hangs, now I cannot enable the "malicious website blocking" feature of Malwarebytes. I even tried CCleaner's uninstall and it hangs on that one as well. Can anyone help here?

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Ok, here are the 2 logs:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Run by New User at 18:07:09 on 2013-01-21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1218 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uWindow Title = Jesus is LORD!

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\W311U.lnk.disabled

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: dontdisplaylastusername = dword:1

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_11.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{4BEE7F00-6DEC-4012-862B-988ADDCFEE4A} : DHCPNameServer = 192.168.1.1

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]

R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2011-7-22 83392]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-20 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-20 682344]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-20 21104]

S3 cpuz130;cpuz130;\??\c:\docume~1\newuse~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\newuse~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\packet.sys [2002-7-3 13203]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-8-19 722432]

.

=============== File Associations ===============

.

ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE

.

=============== Created Last 30 ================

.

2013-01-21 18:07:48 388096 ----a-r- c:\documents and settings\new user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2013-01-21 18:07:47 -------- d-----w- c:\program files\Trend Micro

2013-01-21 03:35:16 -------- d-----w- c:\program files\ESET

2013-01-20 06:12:52 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-20 06:12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-19 22:09:34 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2013-01-19 21:39:42 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b074a67-c95c-434f-8385-ba83fd9ce988}\mpengine.dll

2013-01-19 21:36:51 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-01-19 21:35:10 -------- d-sh--w- c:\documents and settings\new user\IECompatCache

2013-01-19 21:31:29 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-19 21:31:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 18:07:39.20 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/4/1980 6:48:35 AM

System Uptime: 1/21/2013 5:56:30 AM (13 hours ago)

.

Motherboard: Compaq | | 07E4h

Processor: Intel® Pentium® 4 CPU 2.40GHz | XU1 PROCESSOR | 2392/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 112 GiB total, 98.154 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP282: 1/20/2013 1:23:17 AM - System Checkpoint

RP283: 1/20/2013 1:23:17 AM - System Checkpoint

RP284: 1/20/2013 1:23:17 AM - System Checkpoint

RP285: 1/20/2013 1:23:17 AM - System Checkpoint

RP286: 1/20/2013 1:23:17 AM - System Checkpoint

RP287: 1/20/2013 1:23:16 AM - System Checkpoint

RP288: 1/20/2013 1:23:16 AM - System Checkpoint

RP289: 1/20/2013 1:23:16 AM - Software Distribution Service 3.0

RP290: 1/20/2013 1:23:16 AM - Removed Apple Application Support

RP291: 1/20/2013 1:23:16 AM - Removed iTunes

RP292: 1/20/2013 1:23:16 AM - Removed Apple Mobile Device Support

RP293: 1/20/2013 1:23:16 AM - Removed Apple Software Update

RP294: 1/19/2013 5:06:48 PM - Removed Bonjour

RP295: 1/19/2013 6:34:06 PM - Software Distribution Service 3.0

RP296: 1/21/2013 6:13:44 AM - System Checkpoint

RP297: 1/21/2013 12:42:30 PM - Software Distribution Service 3.0

RP298: 1/21/2013 1:07:46 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.5)

Adobe Shockwave Player

BlackBerry Desktop Software 6.1

CCleaner

e-Sword

ESET Online Scanner v3

Google Chrome

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB954550-v5)

Intel® Extreme Graphics Driver

Intel® PRO Ethernet Adapter and Software

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 11

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mirar

MSXML 4.0 SP2 (KB973688)

Picasa 3

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB913433)

Spybot - Search & Destroy

SpywareBlaster 4.6

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VLC media player 1.1.8

W311U

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

WinZip

.

==== Event Viewer Messages From Past Week ========

.

1/21/2013 9:38:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zoneclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\znetm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zeeverm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1.

1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zcorem.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zclientm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\uniansi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvlzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvlres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvl.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvsezm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvseres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvse.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtzzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtzres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtz.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\cmnresm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\cmnclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1.

1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkrzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkrres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkr.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckgzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckgres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckg.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 9:38:48 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zonelibm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1.

1/21/2013 6:07:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.381.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/21/2013 5:58:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde

1/21/2013 5:57:03 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

1/20/2013 2:25:48 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.381.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/20/2013 1:35:43 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.381.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/20/2013 1:35:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/20/2013 1:14:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

1/20/2013 1:13:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter

1/20/2013 1:12:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/19/2013 5:21:21 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

1/19/2013 3:58:47 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 4/18/2012 5:31:40 PM Error Code: 0x80071b90 Error Description: The system license has expired. Your logon request is denied.

1/19/2013 3:57:46 PM, error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%2147949456

.

==== End Of File ===========================

Moving on to step 2...executing Roguekiller

Link to post
Share on other sites

Wow, that went a lot faster than I expected...lol Here is the report...

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : New User [Admin rights]

Mode : Scan -- Date : 01/21/2013 18:22:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 007guard.com

127.0.0.1 www.007guard.com

127.0.0.1 008i.com

127.0.0.1 008k.com

127.0.0.1 www.008k.com

127.0.0.1 00hq.com

127.0.0.1 www.00hq.com

127.0.0.1 010402.com

127.0.0.1 032439.com

127.0.0.1 www.032439.com

127.0.0.1 0scan.com

127.0.0.1 www.0scan.com

127.0.0.1 1-2005-search.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-domains-registrations.com

127.0.0.1 www.1-domains-registrations.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3120026A +++++

--- User ---

[MBR] 2c6dedb1fbce321288bf00730ebdcee8

[bSP] f93df2b64370f18c5b383f159d4dbbc3 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01212013_02d1822.txt >>

RKreport[1]_S_01212013_02d1822.txt

Link to post
Share on other sites

Please uninstall these immediately from your add/remove programs:

Java 2 Runtime Environment, SE v1.4.2_03

Java™ 6 Update 11

Then..............

Download and install the latest versioof Java from Here

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next................

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

ok, here it is...

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 20:58:16

# Updated 21/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : New User - COMPAQ-HQ75TNXR

# Boot Mode : Normal

# Running from : C:\Documents and Settings\New User\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\New User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [985 octets] - [21/01/2013 20:58:16]

########## EOF - C:\AdwCleaner[R1].txt - [1044 octets] ##########

Whatever needs to go, can go! and thanks for being so patient with me...

Link to post
Share on other sites

Please don't use italicize font, use the standard font please.

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then...........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

MrC

Link to post
Share on other sites

Ok, sorry about the italics, I didn't realize I did that. Anyway,

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 21:28:45

# Updated 21/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : New User - COMPAQ-HQ75TNXR

# Boot Mode : Normal

# Running from : C:\Documents and Settings\New User\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\New User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1113 octets] - [21/01/2013 20:58:16]

AdwCleaner[s1].txt - [1051 octets] - [21/01/2013 21:28:45]

########## EOF - C:\AdwCleaner[s1].txt - [1111 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.8 (01.21.2013:2)

OS: Microsoft Windows XP x86

Ran by New User on Mon 01/21/2013 at 21:38:13.95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 01/21/2013 at 21:50:31.98

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

You can delete that entry like this:

Download HiJackThis to a folder:

http://www.trendmicr.../HijackThis.exe

Double click on HijackThis.exe to run it

Click on Main Menu

Open the Misc Tools section

Open Uninstall Manager

Highlight the entry you want to remove

Now click Delete this Entry

Now close out HJT

Let me know....MrC

Link to post
Share on other sites

Well, it was not getting anymore pop-ups but it was crawling on the internet so I reset the MS Firewall to default and it improved a little but after I uninstalled MS Security Essentials and replaced it w/ Eset Security Suite it seems to be back to normal speed. Thanks for all your help, now it seems like my laptop has some kind of problems...lol Out of curiosity, could malware cause a system to say that services are shut down even when they are running? Should I open a different thread?

Link to post
Share on other sites

Thanks for all your help, now it seems like my laptop has some kind of problems...lol Out of curiosity, could malware cause a system to say that services are shut down even when they are running? Should I open a different thread?

Yes that's all possible and you have to start a new topic.

-----------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.