Jump to content

Recommended Posts

I recently installed Malwarebytes and have done several scans. The first scan found some things which were removed but the scans after that show nothing. However, I keep getting a balloon message saying that Malwarebytes has successfully blocked a potentially malicious website, incoming. They always have different numbers. This happens constantly so there must be a rootkit or something on my computer that isn't showing up during the scans. What can I do to fix this?

Link to post
Share on other sites

Hello Gobboling and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Ok, here are the results:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Owner at 11:08:54 on 2013-12-01
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.503.84 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.






uProxyOverride = localhost
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: hp view: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [backupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\23900770-0812-41df-9361-1d3f8ad450c1.exe /check
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe


TCP: NameServer = 192.168.7.254
TCP: Interfaces\{D4A6EE55-1EA4-4D28-B2CC-4B1D0FC8E7CD} : DHCPNameServer = 192.168.7.254
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xv26fizy.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2013-10-17 12:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-17 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-17 177864]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-19 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-19 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-19 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-19 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-19 46808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-18 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-18 22856]
.
=============== Created Last 30 ================
.
2013-11-18 22:09:53    --------    d-----w-    c:\documents and settings\owner\application data\Malwarebytes
2013-11-18 22:09:02    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-11-18 22:08:44    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-18 22:08:42    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-11-24 04:05:50    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-24 04:05:49    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 07:25:38    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 07:25:08    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-13 06:57:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-10 05:20:10    17813896    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-08 12:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 12:29:36    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14:01    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
.
============= FINISH: 11:12:34.45 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/10/2011 9:42:00 PM
System Uptime: 11/30/2013 9:36:43 PM (14 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | Gamila/Giovani/Neon series
Processor:                 Intel® Celeron® CPU 2.53GHz | Socket 478 | 2532/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 20.136 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.735 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP931: 10/30/2013 3:35:54 PM - System Checkpoint
RP932: 10/31/2013 5:34:40 PM - System Checkpoint
RP933: 11/1/2013 7:03:31 PM - System Checkpoint
RP934: 11/2/2013 7:58:01 PM - System Checkpoint
RP935: 11/3/2013 8:42:41 PM - System Checkpoint
RP936: 11/4/2013 11:33:24 PM - System Checkpoint
RP937: 11/6/2013 12:24:29 AM - System Checkpoint
RP938: 11/7/2013 12:54:46 AM - System Checkpoint
RP939: 11/8/2013 10:13:49 AM - System Checkpoint
RP940: 11/9/2013 10:36:53 AM - System Checkpoint
RP941: 11/10/2013 1:41:26 PM - System Checkpoint
RP942: 11/11/2013 5:27:54 PM - System Checkpoint
RP943: 11/12/2013 6:38:58 PM - System Checkpoint
RP944: 11/13/2013 3:02:24 PM - Software Distribution Service 3.0
RP945: 11/14/2013 7:43:50 PM - System Checkpoint
RP946: 11/15/2013 7:59:13 PM - System Checkpoint
RP947: 11/16/2013 9:09:16 PM - System Checkpoint
RP948: 11/17/2013 10:22:46 PM - System Checkpoint
RP949: 11/19/2013 1:35:12 PM - System Checkpoint
RP950: 11/20/2013 2:26:02 PM - System Checkpoint
RP951: 11/21/2013 3:05:26 PM - System Checkpoint
RP952: 11/22/2013 5:51:22 PM - System Checkpoint
RP953: 11/24/2013 3:54:18 PM - System Checkpoint
RP954: 11/25/2013 4:03:57 PM - System Checkpoint
RP955: 11/26/2013 5:57:52 PM - System Checkpoint
RP956: 11/27/2013 7:33:28 PM - System Checkpoint
RP957: 11/28/2013 11:31:17 PM - System Checkpoint
RP958: 11/30/2013 12:51:49 AM - System Checkpoint
RP959: 12/1/2013 1:48:49 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Agere Systems PCI Soft Modem
AiO_Scan
AiO_Scan_CDA
 

Link to post
Share on other sites

Sorry! I messed it up somehow without realizing it! Here we go:

 


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/10/2011 9:42:00 PM
System Uptime: 11/30/2013 9:36:43 PM (14 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | Gamila/Giovani/Neon series
Processor:                 Intel® Celeron® CPU 2.53GHz | Socket 478 | 2532/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 20.136 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.735 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP931: 10/30/2013 3:35:54 PM - System Checkpoint
RP932: 10/31/2013 5:34:40 PM - System Checkpoint
RP933: 11/1/2013 7:03:31 PM - System Checkpoint
RP934: 11/2/2013 7:58:01 PM - System Checkpoint
RP935: 11/3/2013 8:42:41 PM - System Checkpoint
RP936: 11/4/2013 11:33:24 PM - System Checkpoint
RP937: 11/6/2013 12:24:29 AM - System Checkpoint
RP938: 11/7/2013 12:54:46 AM - System Checkpoint
RP939: 11/8/2013 10:13:49 AM - System Checkpoint
RP940: 11/9/2013 10:36:53 AM - System Checkpoint
RP941: 11/10/2013 1:41:26 PM - System Checkpoint
RP942: 11/11/2013 5:27:54 PM - System Checkpoint
RP943: 11/12/2013 6:38:58 PM - System Checkpoint
RP944: 11/13/2013 3:02:24 PM - Software Distribution Service 3.0
RP945: 11/14/2013 7:43:50 PM - System Checkpoint
RP946: 11/15/2013 7:59:13 PM - System Checkpoint
RP947: 11/16/2013 9:09:16 PM - System Checkpoint
RP948: 11/17/2013 10:22:46 PM - System Checkpoint
RP949: 11/19/2013 1:35:12 PM - System Checkpoint
RP950: 11/20/2013 2:26:02 PM - System Checkpoint
RP951: 11/21/2013 3:05:26 PM - System Checkpoint
RP952: 11/22/2013 5:51:22 PM - System Checkpoint
RP953: 11/24/2013 3:54:18 PM - System Checkpoint
RP954: 11/25/2013 4:03:57 PM - System Checkpoint
RP955: 11/26/2013 5:57:52 PM - System Checkpoint
RP956: 11/27/2013 7:33:28 PM - System Checkpoint
RP957: 11/28/2013 11:31:17 PM - System Checkpoint
RP958: 11/30/2013 12:51:49 AM - System Checkpoint
RP959: 12/1/2013 1:48:49 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Agere Systems PCI Soft Modem
AiO_Scan
AiO_Scan_CDA
AIOMinimal
AiOSoftware
Apple Application Support
Apple Software Update
avast! Free Antivirus
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
CameraDrivers
Copy
Coupon Printer for Windows
CreativeProjects
Crystal Maze from Hewlett-Packard Desktops (remove only)
Director
DocProc
Fax
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photo Creations
HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
HP PSC & OfficeJet 3.5
HP PSC & OfficeJet 6.1.A
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ350
HPIZFix3
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.2_03
Java 7 Update 45
Java Auto Updater
KBD
Malwarebytes Anti-Malware version 1.75.0.1300
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
Overland
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen
PS_AIO_04_C4580_Software_Min
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
RecordNow!
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
SkinsHP2
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
Toolbox
Toolkit View(HP)
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
Word Symphony from Hewlett-Packard Desktops (remove only)
.
==== Event Viewer Messages From Past Week ========
.
11/29/2013 10:59:24 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
11/27/2013 10:18:27 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
11/26/2013 9:53:40 AM, error: Service Control Manager [7000]  - The Remote Access Connection Manager service failed to start due to the following error:  All pipe instances are busy.
11/26/2013 9:53:37 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Nla service.
11/26/2013 9:53:37 AM, error: Service Control Manager [7000]  - The Network Location Awareness (NLA) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/26/2013 9:53:07 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
11/26/2013 9:52:49 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/26/2013 9:52:49 AM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/25/2013 7:25:36 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
11/25/2013 7:25:36 AM, error: Service Control Manager [7000]  - The Application Layer Gateway Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/24/2013 12:25:20 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
11/24/2013 12:25:20 AM, error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/24/2013 12:25:20 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================
 

Link to post
Share on other sites

Please don't rush.

Step 1

Please uninstall this application: Coupon Printer for Windows

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Steps 1 and 2 are completed.  Moving on to step 3 now. Will let you know when it's completed. Here is the information you told me to post in my next reply:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Mon 12/02/2013 at 14:50:20.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1068343915-528927830-1823325418-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2AA29F3C-FE32-4255-B06E-F9A085894448}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.xpt"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files\dealio"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\trymedia"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\xv26fizy.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\xv26fizy.default\searchplugins\askcom.xml
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\xv26fizy.default\minidumps [23 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/02/2013 at 15:20:33.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Everything is done! Here is what you asked for:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-46E94OWX6A [administrator]

Protection: Enabled

12/2/2013 4:30:43 PM
mbam-log-2013-12-02 (16-30-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 680836
Time elapsed: 1 hour(s), 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Owner\My Documents\Downloads\ZipExtractorSetup.exe (PUP.Optional.JumpyApps.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\is1590112554\21003242_stp\BuzzSearchSetup.exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S47Y61RN\Setup[1].exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.

(end)


 

 

# AdwCleaner v3.014 - Report created 02/12/2013 at 15:49:52
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - YOUR-46E94OWX6A
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files\AskSearch
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\Common Files\Viewpoint
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Application Data\digitalsite
File Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnk
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xv26fizy.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xv26fizy.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2174 octets] - [02/12/2013 15:43:21]
AdwCleaner[s0].txt - [2139 octets] - [02/12/2013 15:49:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2199 octets] ##########


 

Link to post
Share on other sites

Step 1

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Thank you for your help thus far, Maniac! I tried the TFC but it froze up and I couldn't get it to do anything. May try again later. I'm going to try the ESET online scan either later tonight or tomorrow. I will let you know the results. I think the viruses are gone because after the PUP Optionals were removed yesterday, I'm no longer seeing those balloons saying a potentially malicious website was blocked. Very grateful for your help and I will let you know once the ESET scan is complete. Thank you! :D

Link to post
Share on other sites

The ESET scan is completed. Here are the results:

C:\Program Files\Common Files\uufm\uufmd\vocabulary    Win32/TrojanDownloader.TSUpdate.J trojan    cleaned by deleting - quarantined
C:\WINDOWS\Microsoft.NET\yalpcfm.bak1    Win32/Adware.Virtumonde.NEO application    cleaned by deleting - quarantined
C:\WINDOWS\Microsoft.NET\yalpcfm.bak2    Win32/Adware.Virtumonde.NEO application    cleaned by deleting - quarantined
C:\WINDOWS\Microsoft.NET\yalpcfm.ini    Win32/Adware.Virtumonde.NEO application    cleaned by deleting - quarantined
C:\WINDOWS\Microsoft.NET\yalpcfm.ini2    Win32/Adware.Virtumonde.NEO application    cleaned by deleting - quarantined
C:\WINDOWS\Microsoft.NET\yalpcfm.tmp    Win32/Adware.Virtumonde.NEO application    cleaned by deleting - quarantined



And here I thought everything had been cleaned off! This scan found 6 more infections! Thank you for all of your help! Id there are more scans that you think I should run, please let me know! :D

Link to post
Share on other sites

Good! :)

One last scan please:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

The Kaspersky scan is FINALLY completed! That took forever but it found 17 items still on my computer! After all of the scans I have done the past few days, why were there still so many on my computer? The other scans said they were removed! I don't understand this. Anyway, here are the results:

 


Status: Deleted   (events: 17)    
12/6/2013 5:43:00 PM    Deleted    Trojan program Trojan-Downloader.WMA.FakeDRM.bj    C:\Documents and Settings\shane ross\Desktop\angela\My Documents\FrostWire\Incomplete\CORRUPT-0-mechanic g unit hot new track.mp3    High    
12/6/2013 5:44:59 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe    High    
12/6/2013 5:43:01 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe    High    
12/6/2013 5:45:28 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe    High    
12/6/2013 5:45:14 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe    High    
12/6/2013 5:45:37 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe    High    
12/6/2013 5:45:44 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\RunLink_ret.exe    High    
12/6/2013 5:45:58 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe    High    
12/6/2013 5:46:15 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe    High    
12/6/2013 10:43:40 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353335.exe    High    
12/6/2013 10:43:41 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353334.exe    High    
12/6/2013 10:22:51 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353333.exe    High    
12/6/2013 10:44:18 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353336.exe    High    
12/6/2013 10:44:28 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353337.exe    High    
12/6/2013 10:44:34 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353338.exe    High    
12/6/2013 10:44:40 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353339.exe    High    
12/6/2013 10:44:47 PM    Deleted    Trojan program Trojan-Spy.Win32.Agent.bdrd    C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353340.exe    High    
 

Link to post
Share on other sites

Before I do this, I have a question. I have a printer installed on my computer and cannot reinstall it because my dvd player won't open anymore so I can't get the installation disc in there. Will this be erased from my computer? I've done whole system restores before and it always deletes my printer.

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.