Jump to content

Phantom Audio Ads


Recommended Posts

Hey guys and gals,

Yesterday I saw a dialogue on my comp that Ive seen before, warning me that my Java was out of date, and prompting me to shut down - it always looked a little fishy. I think last time I closed the window, this time I clicked to shutdown later. Well at some point while I was doing paperwork it shut down on its own. Then when it restarted it hung after typing my password while trying to log in (for at least 12 hours). I restarted this morning in Safe Mode with Networking and ran MBAM, removing 3 threats. Now it logs in okay, but I've got these audio ads playing in the backround randomly. I know there are probably other viruses on this machine, it's old, but I use it a lot now. Here are my logs if anyone can help...

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/2/2010 5:37:54 PM
System Uptime: 7/4/2013 8:59:43 AM (1 hours ago)
.
Motherboard: eMachines |  | WMCP61M
Processor: AMD Athlon Processor 2850e   | Socket AM2  | 792/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 45.334 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2218BD69&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2218BD69&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP379: 6/19/2013 7:48:18 AM - Windows Update
RP380: 6/25/2013 5:44:11 AM - Windows Update
RP381: 7/2/2013 6:34:12 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.10 beta
Acrobat.com
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Production Premium
Adobe Download Assistant
Adobe Encore CS5 Third Party Royalty Content
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Encoder CS5 Dolby X64
Adobe Media Encoder CS5 PCI X64
Adobe Media Player
Adobe Photoshop Lightroom 3.2 64-bit
Adobe Premiere Pro CS5 Third Party Royalty Content
Adobe Reader X (10.1.6)
Advertising Center
Amazon Cloud Drive
Ant.com IE add-on
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.55
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Blender
Blender (remove only)
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP Navigator EX 5.1
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities Solution Menu
CDBurnerXP
Click'N Design 3D (V5)
Compatibility Pack for the 2007 Office system
D3DX10
DreamStation DXi2
Dropbox
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
ESET Smart Security
Eudora
Final Draft 7
Google Chrome
Google Earth
Google Update Helper
Haali Media Splitter
HD Writer AE 1.0 for HDC
Identity Card
ImagXpress
Internet Explorer Toolbar 4.8 by SweetPacks
Internet TV for Windows Media Center
Java 7 Update 17
Java Auto Updater
Java 6 Update 22 (64-bit)
Junk Mail filter update
L3DT Standard v2.9.0.0 (remove only)
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Matroska Pack
McAfee Security Scan Plus
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MobileMe Control Panel
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Netflix in Windows Media Center
NeuroSolutions
NeuroSolutions 6
Norton Online Backup
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.2
PDF Settings CS5
Pen Tablet
Perl Studio 2009
Picasa 3
PVSonyDll
PxMergeModule
Python 2.6.5
Python 2.7.2
QuickTime
Realtek High Definition Audio Driver
Safari
Samsung Kies
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
StartNow Toolbar
SweetPacks Updater Service
TeamViewer 7
TotalMovieConverter
Twacker 64
Unity Web Player
Unreal Development Kit: 2011-05
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Updater By SweetPacks 2.0.0.586
VLC media player 2.0.7
VobSub v2.23 (Remove Only)
WD Drive Manager (x64)
Welcome Center
Winamp
Winamp Detector Plug-in
WinAVI Video Converter 9.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinSCP 4.2.1 beta
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Yodot Recovery Software
.
==== Event Viewer Messages From Past Week ========
.
7/4/2013 9:20:06 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
7/4/2013 9:20:06 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/4/2013 9:20:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
7/4/2013 9:09:41 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/4/2013 8:56:12 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
7/4/2013 8:54:47 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/4/2013 8:54:46 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/4/2013 8:54:45 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/4/2013 8:54:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/4/2013 8:54:38 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/4/2013 8:54:31 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/4/2013 8:54:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/4/2013 8:54:12 AM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 8:54:12 AM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 8:54:12 AM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 8:52:35 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
7/4/2013 8:52:31 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache ehdrv ElRawDisk spldr Wanarpv6
7/4/2013 8:52:30 AM, Error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/4/2013 8:25:52 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
7/4/2013 8:25:52 AM, Error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/4/2013 8:25:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/4/2013 7:47:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8002b6c3ef, 0x0000000000000000, 0x000000007efa003c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070413-29780-01.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Remote Desktop Configuration service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Certificate Propagation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:44:36 AM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/4/2013 7:40:06 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
7/4/2013 7:40:06 AM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/4/2013 7:33:43 AM, Error: Service Control Manager [7038]  - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/4/2013 7:33:43 AM, Error: Service Control Manager [7038]  - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/4/2013 7:33:43 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The data is invalid.
7/4/2013 7:33:43 AM, Error: Service Control Manager [7001]  - The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:  The dependency service or group failed to start.
7/4/2013 7:33:43 AM, Error: Service Control Manager [7001]  - The Extensible Authentication Protocol service depends on the CNG Key Isolation service which failed to start because of the following error:  A system shutdown is in progress.
7/4/2013 7:33:43 AM, Error: Service Control Manager [7000]  - The Network List Service service failed to start due to the following error:  The service did not start due to a logon failure.
7/4/2013 7:33:43 AM, Error: Service Control Manager [7000]  - The Diagnostic Service Host service failed to start due to the following error:  The service did not start due to a logon failure.
7/4/2013 7:33:43 AM, Error: Service Control Manager [7000]  - The CNG Key Isolation service failed to start due to the following error:  A system shutdown is in progress.
7/4/2013 7:33:40 AM, Error: Service Control Manager [7000]  - The Windows Update service failed to start due to the following error:  A system shutdown is in progress.
7/4/2013 7:33:40 AM, Error: Service Control Manager [7000]  - The Certificate Propagation service failed to start due to the following error:  A system shutdown is in progress.
7/4/2013 7:33:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1115" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/4/2013 7:33:39 AM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/4/2013 6:38:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/4/2013 6:38:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/4/2013 6:31:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
7/3/2013 5:36:51 PM, Error: Service Control Manager [7022]  - The Windows Defender service hung on starting.
7/3/2013 3:11:52 PM, Error: Service Control Manager [7023]  - The Windows Time service terminated with the following error:  A system shutdown is in progress.
7/3/2013 3:10:32 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.
.
==== End Of File ===========================

 

And DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16766  BrowserJavaVersion: 10.17.2
Run by Matt at 9:27:43 on 2013-07-04
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Panasonic\HD Writer AE 1\HDWriterAutoStart.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
============== Pseudo HJT Report ===============
.




mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AdobeBridge] <no file>
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}



TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{76C09F17-3DAB-4FF0-8A0B-AE83015E5F44} : DHCPNameServer = 208.180.42.68 208.180.42.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Qualcomm\Eudora\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll


x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon



x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gdk3e1kb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage -

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-24 06:28; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\gdk3e1kb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-06-24 06:29; {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}; C:\Program Files\Updater By SweetPacks\Firefox
.
============= SERVICES / DRIVERS ===============
.
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? LMIRfsClientNP;LMIRfsClientNP
R? MBAMProtector;MBAMProtector
R? MBAMScheduler;MBAMScheduler
R? MBAMService;MBAMService
R? McComponentHostService;McAfee Security Scan Component Host Service
R? ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
R? SwitchBoard;Adobe SwitchBoard
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AntUpdaterService;Ant Toolbar updater service
S? eamonm;eamonm
S? ekrn;ESET Service
S? ElRawDisk;ElRawDisk
S? epfwwfp;epfwwfp
S? Greg_Service;GRegService
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? PxHlpa64;PxHlpa64
S? TabletServicePen;TabletServicePen
S? TeamViewer7;TeamViewer 7
S? teamviewervpn;TeamViewer VPN Adapter
S? Updater By SweetPacks;Updater By SweetPacks
S? Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar
S? Updater Service;Updater Service
S? wacmoumonitor;Wacom Mode Helper
S? WDBtnMgrSvc.exe;WD Drive Manager Service
.
=============== File Associations ===============
.
FileExt: .js: Applications\perl_studio.exe="C:\Program Files (x86)\Perl Studio 2009\perl_studio.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-07-04 14:21:26 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5CD04FCC-9813-47E2-9938-C8A2AFF08938}\offreg.dll
2013-07-04 11:41:08 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2013-07-04 11:40:29 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-04 11:40:19 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-04 11:40:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-04 11:40:01 -------- d-----w- C:\Users\Matt\AppData\Local\Programs
2013-07-02 11:35:42 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5CD04FCC-9813-47E2-9938-C8A2AFF08938}\mpengine.dll
2013-06-24 11:30:43 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-06-24 11:29:27 -------- d-----w- C:\Program Files\Updater By SweetPacks
2013-06-24 11:28:04 -------- d-----w- C:\Program Files (x86)\SweetIM
2013-06-24 11:26:54 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
2013-06-24 11:26:54 1447728 ----a-w- C:\Windows\System32\dmwu.exe
2013-06-24 11:26:54 -------- d-----w- C:\Windows\SysWow64\jmdp
2013-06-24 11:26:54 -------- d-----w- C:\Windows\SysWow64\ARFC
2013-06-24 11:26:53 -------- d-----w- C:\Windows\SysWow64\WNLT
2013-06-24 11:19:47 -------- d-----w- C:\Program Files (x86)\Matroska Pack
2013-06-22 22:33:57 -------- d-----r- C:\Users\Matt\Dropbox
2013-06-22 22:26:35 -------- d-----w- C:\Users\Matt\AppData\Roaming\Dropbox
2013-06-12 16:10:07 26024 ----a-w- C:\Windows\System32\drivers\rsdrvx64.sys
2013-06-12 16:08:01 -------- d-----w- C:\Program Files\Yodot Recovery for Android
.
==================== Find3M  ====================
.
2013-06-12 05:19:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 05:19:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 14:20:29 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-06-08 14:20:29 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-06-08 14:20:28 100680 ----a-w- C:\Windows\System32\LMIinit.dll
2013-06-04 14:15:02 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 14:15:00 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  9:35:47.78 ===============

 

 

Thanks in advance.
 

Link to post
Share on other sites

Hello and welcome to the MalwareBytes forum.

My name is Maurice Naggar.

I will be helping you.

I need to point out that out-of-date Java runtimes are on this system. Uninstall these out-dated versions:

Java 6 Update 22 (64-bit)

Java 7 Update 17

Java Auto Updater

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party application that needs it, then unistall it.

If you do have that dependency, then turn off Java in your browsers.

If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

A: If you decide to keep Java:

The Java runtime components are typically located at

C:\Program Files (x86)\Java\jre7\bin

Locate javacpl.exe the Java control panel.

Right click and select Open

Click on the Update tab

Put a checkmark at "Check for updates automatically"

On the General tab, under Temporary Internet Files, click the Settings button.

Next, click on the Delete Files button

Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

Click OK to leave the Temporary Files Window

Click on the Advanced tab

Expand Miscellaneous:

Un-check "place Java icon in system tray"

Un-check "Java quick starter"

Exit/close

You need to remove older versions of Java runtime. Do this:

Download & Save to your Desktop or a new folder http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download]Javara.zip

Extract the contents of the zip file. Then double click Javara.exe to run it.

JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

B: If you want to disable Java in your browser:

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

http://www.slate.com/blogs/future_tense/2013/01/14/java_zero_day_exploit_don_t_patch_just_disable_java_in_your_browser.html

As noted by Brian Krebs,

"Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin."

Also see How to protect your computer against dangerous Java Applets

http://blogs.technet.com/b/mmpc/archive/2013/04/16/how-to-protect-your-computer-against-dangerous-java-applets.aspx

Task 2

  • Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or

    >> from here <<

  • Quit all programs that you may have started.
  • Please disconnect any USB or external storage drives from the computer before you run this scan! i_arrow-l.gif
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    For Windows XP, double-click to start.

  • When prompted to accept the EULA, please do so.
  • Wait until Prescan has finished ... i_arrow-l.gif
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller
Task 3
  • Please download CKScanner from >>Here<<
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe & select Run as administrator to start.
  • then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Copy/paste the contents of CKFiles.txt in your next reply.
Task 4

Download Security Check by screen317 from >>here<<.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Task 5

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and display information and disclaimer in a Command prompt window.
  • I'd suggest you close all internet browsers at this point.
  • Press a key on keyboard to start scanning your system.
  • Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  • There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.
Link to post
Share on other sites

Maurice,

Thank you for your time and help. I will likely not be able to implimemt these steps until tomorrow morming (around 5:30 am CST). I just wanted to let you know so the thread doesnt get closed before then.

Thanks! My next reply will include the requested logfiles.

M. Smith

Link to post
Share on other sites

Okay sir... New problem

When I came in this morning the computer had rebooted and was on the log in screen. I logged in. Now almost immediately after loading one of the windows security viruses pops up and runs for about 5 seconds before i get an error down on the taskbar that something couldn't load and it bluescreens - crash dump - and restarts. The only way I can get the computer stable is to restart in safemode with networking - I even tried disconnecting the network cable (in normal mode). I am unable to uninstal the Java runtimes you mentioned in safe mode (says the windows installer is not available). But I have a feeling things are far worse now.

I can run dds and attach reports again, but only in safe mode - will that help you at all or is there something else I need to do now.

Thanks! I'll be available all day today so hopefully if you have time to respond we can get this worked out without you having to wait a long time on me.

Matt

Link to post
Share on other sites

Matt,

If needed, then use Safe mode With Networking. It is not necessary to disconnect the internet connection.

Just do not do any websurfing.

On the Java, remove what you can. If one is not uninstallable, move on.

Do as much as possible of what I had outlined.

Link to post
Share on other sites

Okay, here we go.

I was unable to do uninstalls from the control panel in safe mode, but I did make all suggested changes to the Java Runtime Components in your step "A". I then proceeded with Tasks 2 - 5. Below are the reports....

 

Rogue Killer -

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : www.search-results.com\":\"q\",\"home.
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");

Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\gdk3e1kb.default\minidumps [6 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/05/2013 at 16:25:47.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Thanks, let me know what to do next! I appreciate all your help.

 

M

Link to post
Share on other sites

Well I'm sorry but since you have evidence of cracked or pirated software you're using on the system I have no choice but to close this thread now.

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items.

Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

The presence of suppression of Adobe license checking indicates the presence of illegal program. We do not condone piracy.

See the forum policy on piracy http://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.