Gobboling Posted December 1, 2013 ID:759709 Share Posted December 1, 2013 I recently installed Malwarebytes and have done several scans. The first scan found some things which were removed but the scans after that show nothing. However, I keep getting a balloon message saying that Malwarebytes has successfully blocked a potentially malicious website, incoming. They always have different numbers. This happens constantly so there must be a rootkit or something on my computer that isn't showing up during the scans. What can I do to fix this? Link to post Share on other sites More sharing options...
Maniac Posted December 1, 2013 ID:759722 Share Posted December 1, 2013 Hello Gobboling and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your log files in a new reply in this thread: http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
Gobboling Posted December 1, 2013 Author ID:759725 Share Posted December 1, 2013 Ok, here are the results:DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2Run by Owner at 11:08:54 on 2013-12-01Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.84 [GMT -6:00].AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Internet Security *Enabled*.============== Running Processes ================.C:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\ALCXMNTR.EXEC:\WINDOWS\System32\igfxtray.exeC:\Program Files\AVAST Software\Avast\avastUI.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k HPServiceC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uProxyOverride = localhostBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dllTB: <No Name>: - LocalServer32 - <no file>TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>EB: hp view: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - c:\windows\system32\shdocvw.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [backupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exemRun: [hpsysdrv] c:\windows\system\hpsysdrv.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exemRun: [HPHmon05] c:\windows\system32\hphmon05.exemRun: [KBD] c:\hp\kbd\KBD.EXEmRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [VTTimer] VTTimer.exemRun: [PS2] c:\windows\system32\ps2.exemRun: [Reminder] "c:\windows\creator\Remind_XP.exe"mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [AGRSMMSG] AGRSMMSG.exemRun: [AlcxMonitor] ALCXMNTR.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguimRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\23900770-0812-41df-9361-1d3f8ad450c1.exe /checkStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.htmlIE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} - <orphaned>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTCP: NameServer = 192.168.7.254TCP: Interfaces\{D4A6EE55-1EA4-4D28-B2CC-4B1D0FC8E7CD} : DHCPNameServer = 192.168.7.254Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllNotify: igfxcui - igfxsrvc.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\xv26fizy.default\FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dllFF - ExtSQL: 2013-10-17 12:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-17 49376]R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-17 177864]R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-19 24408]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-19 770344]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-19 369584]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-19 29816]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-17 66336]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-19 46808]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-18 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-18 701512]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-18 22856].=============== Created Last 30 ================.2013-11-18 22:09:53 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes2013-11-18 22:09:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2013-11-18 22:08:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-18 22:08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.==================== Find3M ====================.2013-11-24 04:05:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-11-24 04:05:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-10 05:20:10 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-08 12:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-10-08 12:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll.============= FINISH: 11:12:34.45 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 7/10/2011 9:42:00 PMSystem Uptime: 11/30/2013 9:36:43 PM (14 hours ago).Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon seriesProcessor: Intel® Celeron® CPU 2.53GHz | Socket 478 | 2532/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 70 GiB total, 20.136 GiB free.D: is FIXED (FAT32) - 5 GiB total, 0.735 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP931: 10/30/2013 3:35:54 PM - System CheckpointRP932: 10/31/2013 5:34:40 PM - System CheckpointRP933: 11/1/2013 7:03:31 PM - System CheckpointRP934: 11/2/2013 7:58:01 PM - System CheckpointRP935: 11/3/2013 8:42:41 PM - System CheckpointRP936: 11/4/2013 11:33:24 PM - System CheckpointRP937: 11/6/2013 12:24:29 AM - System CheckpointRP938: 11/7/2013 12:54:46 AM - System CheckpointRP939: 11/8/2013 10:13:49 AM - System CheckpointRP940: 11/9/2013 10:36:53 AM - System CheckpointRP941: 11/10/2013 1:41:26 PM - System CheckpointRP942: 11/11/2013 5:27:54 PM - System CheckpointRP943: 11/12/2013 6:38:58 PM - System CheckpointRP944: 11/13/2013 3:02:24 PM - Software Distribution Service 3.0RP945: 11/14/2013 7:43:50 PM - System CheckpointRP946: 11/15/2013 7:59:13 PM - System CheckpointRP947: 11/16/2013 9:09:16 PM - System CheckpointRP948: 11/17/2013 10:22:46 PM - System CheckpointRP949: 11/19/2013 1:35:12 PM - System CheckpointRP950: 11/20/2013 2:26:02 PM - System CheckpointRP951: 11/21/2013 3:05:26 PM - System CheckpointRP952: 11/22/2013 5:51:22 PM - System CheckpointRP953: 11/24/2013 3:54:18 PM - System CheckpointRP954: 11/25/2013 4:03:57 PM - System CheckpointRP955: 11/26/2013 5:57:52 PM - System CheckpointRP956: 11/27/2013 7:33:28 PM - System CheckpointRP957: 11/28/2013 11:31:17 PM - System CheckpointRP958: 11/30/2013 12:51:49 AM - System CheckpointRP959: 12/1/2013 1:48:49 AM - System Checkpoint.==== Installed Programs ======================.32 Bit HP CIO Components InstallerAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Agere Systems PCI Soft ModemAiO_ScanAiO_Scan_CDA Link to post Share on other sites More sharing options...
Maniac Posted December 1, 2013 ID:759743 Share Posted December 1, 2013 Your Attach.txt content is cut. Please post the entire content of Atach.txt . Link to post Share on other sites More sharing options...
Gobboling Posted December 1, 2013 Author ID:759749 Share Posted December 1, 2013 Sorry! I messed it up somehow without realizing it! Here we go: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 7/10/2011 9:42:00 PMSystem Uptime: 11/30/2013 9:36:43 PM (14 hours ago).Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon seriesProcessor: Intel® Celeron® CPU 2.53GHz | Socket 478 | 2532/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 70 GiB total, 20.136 GiB free.D: is FIXED (FAT32) - 5 GiB total, 0.735 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP931: 10/30/2013 3:35:54 PM - System CheckpointRP932: 10/31/2013 5:34:40 PM - System CheckpointRP933: 11/1/2013 7:03:31 PM - System CheckpointRP934: 11/2/2013 7:58:01 PM - System CheckpointRP935: 11/3/2013 8:42:41 PM - System CheckpointRP936: 11/4/2013 11:33:24 PM - System CheckpointRP937: 11/6/2013 12:24:29 AM - System CheckpointRP938: 11/7/2013 12:54:46 AM - System CheckpointRP939: 11/8/2013 10:13:49 AM - System CheckpointRP940: 11/9/2013 10:36:53 AM - System CheckpointRP941: 11/10/2013 1:41:26 PM - System CheckpointRP942: 11/11/2013 5:27:54 PM - System CheckpointRP943: 11/12/2013 6:38:58 PM - System CheckpointRP944: 11/13/2013 3:02:24 PM - Software Distribution Service 3.0RP945: 11/14/2013 7:43:50 PM - System CheckpointRP946: 11/15/2013 7:59:13 PM - System CheckpointRP947: 11/16/2013 9:09:16 PM - System CheckpointRP948: 11/17/2013 10:22:46 PM - System CheckpointRP949: 11/19/2013 1:35:12 PM - System CheckpointRP950: 11/20/2013 2:26:02 PM - System CheckpointRP951: 11/21/2013 3:05:26 PM - System CheckpointRP952: 11/22/2013 5:51:22 PM - System CheckpointRP953: 11/24/2013 3:54:18 PM - System CheckpointRP954: 11/25/2013 4:03:57 PM - System CheckpointRP955: 11/26/2013 5:57:52 PM - System CheckpointRP956: 11/27/2013 7:33:28 PM - System CheckpointRP957: 11/28/2013 11:31:17 PM - System CheckpointRP958: 11/30/2013 12:51:49 AM - System CheckpointRP959: 12/1/2013 1:48:49 AM - System Checkpoint.==== Installed Programs ======================.32 Bit HP CIO Components InstallerAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Agere Systems PCI Soft ModemAiO_ScanAiO_Scan_CDAAIOMinimalAiOSoftwareApple Application SupportApple Software Updateavast! Free AntivirusBlackhawk Striker from Hewlett-Packard Desktops (remove only)Blasterball 2 from Hewlett-Packard Desktops (remove only)Bounce Symphony from Hewlett-Packard Desktops (remove only)CameraDriversCopyCoupon Printer for WindowsCreativeProjectsCrystal Maze from Hewlett-Packard Desktops (remove only)DirectorDocProcFaxFive Card Frenzy from Hewlett-Packard Desktops (remove only)Google ChromeGoogle DriveGoogle Earth Plug-inGoogle Update HelperHigh Definition Audio Driver Package - KB835221Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB981793)HP Deskjet Preloaded Printer DriversHP Image Zone 3.5HP Image Zone Plus 3.5HP Instant SupportHP OrganizeHP Photo & Imaging 3.5 - HP DevicesHP Photo CreationsHP Photosmart C4500 All-In-One Driver 12.0 Rel .4HP PSC & OfficeJet 3.5HP PSC & OfficeJet 6.1.AHP Software Updatehpg2436hpg3970hpg4600hpg5530hpg8200HPIZ350HPIZFix3hpmdtabHpSdpAppCoreAppHPSystemDiagnosticsInstantShareIntel® Extreme Graphics DriverIntelliMover Data Transfer DemoInterVideo WinDVD Creator 2InterVideo WinDVD PlayerJava 2 Runtime Environment, SE v1.4.2_03Java 7 Update 45Java Auto UpdaterKBDMalwarebytes Anti-Malware version 1.75.0.1300Memories Disc Creator 2.0Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Plus! Digital Media EditionMicrosoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Works 7.0Mozilla Firefox 25.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetworkOrbital from Hewlett-Packard Desktops (remove only)Otto from Hewlett-Packard Desktops (remove only)Overball from Hewlett-Packard Desktops (remove only)OverlandPC-Doctor for WindowsPhotoGalleryPhotosmart 140,240,7200,7600,7700,7900 SeriesPolar Bowler from Hewlett-Packard Desktops (remove only)PrintScreenPS_AIO_04_C4580_Software_MinPS2PSShortcutsPPython 2.2 combined Win32 extensionsPython 2.2.1QFolderQuickProjectsQuickTimeReadmeRecordNow!ScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB2862772)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB2879017)Security Update for Windows Internet Explorer 8 (KB2888505)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2803821-v2)Security Update for Windows Media Player (KB2803821)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2847311)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2862152)Security Update for Windows XP (KB2862330)Security Update for Windows XP (KB2862335)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2868038)Security Update for Windows XP (KB2868626)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB2876331)Security Update for Windows XP (KB2883150)Security Update for Windows XP (KB2900986)Security Update for Windows XP (KB904706)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982381)Security Update for Windows XP (KB982665)SkinsHP1SkinsHP2Slyder from Hewlett-Packard Desktops (remove only)Sonic Update ManagerToolboxToolkit View(HP)Tradewinds from Hewlett-Packard Desktops (remove only)TrayAppUnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows XP (KB2345886)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Updates from HPWebFldrs XPWebRegWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows XP Service Pack 3Word Symphony from Hewlett-Packard Desktops (remove only).==== Event Viewer Messages From Past Week ========.11/29/2013 10:59:24 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.11/27/2013 10:18:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.11/26/2013 9:53:40 AM, error: Service Control Manager [7000] - The Remote Access Connection Manager service failed to start due to the following error: All pipe instances are busy.11/26/2013 9:53:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Nla service.11/26/2013 9:53:37 AM, error: Service Control Manager [7000] - The Network Location Awareness (NLA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/26/2013 9:53:07 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.11/26/2013 9:52:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.11/26/2013 9:52:49 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/25/2013 7:25:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.11/25/2013 7:25:36 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/24/2013 12:25:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.11/24/2013 12:25:20 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.11/24/2013 12:25:20 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}.==== End Of File =========================== Link to post Share on other sites More sharing options...
Gobboling Posted December 2, 2013 Author ID:759901 Share Posted December 2, 2013 Is someone going to help me with this problem, please? Link to post Share on other sites More sharing options...
Maniac Posted December 2, 2013 ID:760038 Share Posted December 2, 2013 Please don't rush. Step 1 Please uninstall this application: Coupon Printer for Windows Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 4Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
Gobboling Posted December 2, 2013 Author ID:760085 Share Posted December 2, 2013 Steps 1 and 2 are completed. Moving on to step 3 now. Will let you know when it's completed. Here is the information you told me to post in my next reply:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Microsoft Windows XP x86Ran by Owner on Mon 12/02/2013 at 14:50:20.00~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1068343915-528927830-1823325418-1003\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URLSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search BarSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search PageSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2AA29F3C-FE32-4255-B06E-F9A085894448}~~~ FilesSuccessfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll"Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.xpt"~~~ FoldersSuccessfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"Successfully deleted: [Folder] "C:\Program Files\aol toolbar"Successfully deleted: [Folder] "C:\Program Files\dealio"Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"Successfully deleted: [Folder] "C:\Program Files\trymedia"Successfully deleted: [Folder] "C:\Program Files\viewpoint"Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"~~~ FireFoxSuccessfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\xv26fizy.default\invalidprefs.jsSuccessfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\xv26fizy.default\searchplugins\askcom.xmlEmptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\xv26fizy.default\minidumps [23 files]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/02/2013 at 15:20:33.31End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Gobboling Posted December 2, 2013 Author ID:760160 Share Posted December 2, 2013 Everything is done! Here is what you asked for:Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.02.10Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Owner :: YOUR-46E94OWX6A [administrator]Protection: Enabled12/2/2013 4:30:43 PMmbam-log-2013-12-02 (16-30-43).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 680836Time elapsed: 1 hour(s), 5 minute(s), 31 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3C:\Documents and Settings\Owner\My Documents\Downloads\ZipExtractorSetup.exe (PUP.Optional.JumpyApps.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Owner\Local Settings\Temp\is1590112554\21003242_stp\BuzzSearchSetup.exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S47Y61RN\Setup[1].exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.(end) # AdwCleaner v3.014 - Report created 02/12/2013 at 15:49:52# Updated 01/12/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Owner - YOUR-46E94OWX6A# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!Folder Deleted : C:\Program Files\AskSearchFolder Deleted : C:\Program Files\openitFolder Deleted : C:\Program Files\Common Files\ViewpointFolder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\ViewpointFolder Deleted : C:\Documents and Settings\Owner\Application Data\digitalsiteFile Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnkFile Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.jsFile Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xv26fizy.default\user.js***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}Key Deleted : HKCU\Software\dsiteproductsKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!***** [ Browsers ] *****-\\ Internet Explorer v8.0.6001.18702-\\ Mozilla Firefox v25.0.1 (en-US)[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xv26fizy.default\prefs.js ]-\\ Google Chrome v31.0.1650.57[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [2174 octets] - [02/12/2013 15:43:21]AdwCleaner[s0].txt - [2139 octets] - [02/12/2013 15:49:52]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2199 octets] ########## Link to post Share on other sites More sharing options...
Maniac Posted December 3, 2013 ID:760443 Share Posted December 3, 2013 Step 1 Download TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete cleanStep 2 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
Gobboling Posted December 4, 2013 Author ID:760530 Share Posted December 4, 2013 Thank you for your help thus far, Maniac! I tried the TFC but it froze up and I couldn't get it to do anything. May try again later. I'm going to try the ESET online scan either later tonight or tomorrow. I will let you know the results. I think the viruses are gone because after the PUP Optionals were removed yesterday, I'm no longer seeing those balloons saying a potentially malicious website was blocked. Very grateful for your help and I will let you know once the ESET scan is complete. Thank you! Link to post Share on other sites More sharing options...
Maniac Posted December 4, 2013 ID:760683 Share Posted December 4, 2013 Thanks for letting me know! Link to post Share on other sites More sharing options...
Gobboling Posted December 5, 2013 Author ID:760917 Share Posted December 5, 2013 The ESET scan is completed. Here are the results:C:\Program Files\Common Files\uufm\uufmd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan cleaned by deleting - quarantinedC:\WINDOWS\Microsoft.NET\yalpcfm.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantinedC:\WINDOWS\Microsoft.NET\yalpcfm.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantinedC:\WINDOWS\Microsoft.NET\yalpcfm.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantinedC:\WINDOWS\Microsoft.NET\yalpcfm.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantinedC:\WINDOWS\Microsoft.NET\yalpcfm.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantinedAnd here I thought everything had been cleaned off! This scan found 6 more infections! Thank you for all of your help! Id there are more scans that you think I should run, please let me know! Link to post Share on other sites More sharing options...
Maniac Posted December 5, 2013 ID:761069 Share Posted December 5, 2013 Good! One last scan please: Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
Gobboling Posted December 7, 2013 Author ID:761618 Share Posted December 7, 2013 The Kaspersky scan is FINALLY completed! That took forever but it found 17 items still on my computer! After all of the scans I have done the past few days, why were there still so many on my computer? The other scans said they were removed! I don't understand this. Anyway, here are the results: Status: Deleted (events: 17) 12/6/2013 5:43:00 PM Deleted Trojan program Trojan-Downloader.WMA.FakeDRM.bj C:\Documents and Settings\shane ross\Desktop\angela\My Documents\FrostWire\Incomplete\CORRUPT-0-mechanic g unit hot new track.mp3 High 12/6/2013 5:44:59 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe High 12/6/2013 5:43:01 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe High 12/6/2013 5:45:28 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe High 12/6/2013 5:45:14 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe High 12/6/2013 5:45:37 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe High 12/6/2013 5:45:44 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\RunLink_ret.exe High 12/6/2013 5:45:58 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe High 12/6/2013 5:46:15 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe High 12/6/2013 10:43:40 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353335.exe High 12/6/2013 10:43:41 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353334.exe High 12/6/2013 10:22:51 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353333.exe High 12/6/2013 10:44:18 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353336.exe High 12/6/2013 10:44:28 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353337.exe High 12/6/2013 10:44:34 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353338.exe High 12/6/2013 10:44:40 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353339.exe High 12/6/2013 10:44:47 PM Deleted Trojan program Trojan-Spy.Win32.Agent.bdrd C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP964\A0353340.exe High Link to post Share on other sites More sharing options...
Maniac Posted December 8, 2013 ID:761966 Share Posted December 8, 2013 They should be gone after the following step: http://support.microsoft.com/kb/310405/en-US Please turn off and then turn on your System Restore. When you are ready, reboot your system and let me know how are things there. Link to post Share on other sites More sharing options...
Gobboling Posted December 10, 2013 Author ID:762950 Share Posted December 10, 2013 Before I do this, I have a question. I have a printer installed on my computer and cannot reinstall it because my dvd player won't open anymore so I can't get the installation disc in there. Will this be erased from my computer? I've done whole system restores before and it always deletes my printer. Link to post Share on other sites More sharing options...
Maniac Posted December 11, 2013 ID:763309 Share Posted December 11, 2013 I don't to restore your system. When you turn it off and then back turn it on, this action will clean all of your old restore points. Link to post Share on other sites More sharing options...
Gobboling Posted December 17, 2013 Author ID:765326 Share Posted December 17, 2013 Sorry I haven't responded lately but there was a death in the family. I will try the system restore tomorrow & let you know the results. Link to post Share on other sites More sharing options...
Maniac Posted December 17, 2013 ID:765477 Share Posted December 17, 2013 I'm so sorry about that! Take your time. Link to post Share on other sites More sharing options...
Gobboling Posted December 18, 2013 Author ID:765676 Share Posted December 18, 2013 Got it all done! It seems to be working fine. Thank you for all of your help! I greatly appreciate it. Link to post Share on other sites More sharing options...
Maniac Posted December 18, 2013 ID:765797 Share Posted December 18, 2013 Glad I could help! Step 1Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesStep 3 Please uninstall ESET Online Scanner and manually delete Kaspersky AVP Step 4 Some malware preventions: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 28, 2013 Root Admin ID:769778 Share Posted December 28, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts