I am infected with the viruses .. How can I deal with them

[smsm]

Hi

I cannot enable malicious website blocking. Now my computer is partially secure. i do not know what to do.

 

also i found the same problem solved in the other topic put i cannot do it all.

the steps that i do are 

 

STEP 01
Please create an mbam-check log:
 

• Download mbam-check.exe from here and save it to your desktop
• Double-click on mbam-check.exe to run it, it should then open a log file
• Please do not copy and paste the entire contents of the log into your next post, instead please attach the logCheckResults.txt file which should now be located on your desktop to your next post

 

STEP 02

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment. 

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt

• Save both reports to your desktop
• Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file

 

STEP 03

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

 

•  
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

 

steps written by Staff

 

I got four text files (CheckResults - dds - attach and Result) and I attached them.

 

but I do not know what to do next.

Result.txt

attach.txt

CheckResults.txt

dds.txt

[smsm]

After the scan i got 50 files infected. what next ... should i remove them .... will it affect my laptop if i remove them... what about the programs will affected??

[Maniac]

Hello smsm and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

[smsm]

Thanks Borislav for answer me and nice to meet you

 

I have  PRO version of Malwarebytes Anti-Malware

 

 

Also I did a Quick Scan and there are 42 object infected

 

Also I run dds.com and i got 2 text files (dds.txt and attach.txt)

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702

Run by Me at 22:02:54 on 2013-12-31

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2550.1453 [GMT -8:00]

.

AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

.

============== Running Processes ================

.

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

C:\WINDOWS\system32\ctfmon.exe

D:\VerbAce-Pro\VerbAce-Pro.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

c:\progra~1\optimi~1\OptProCrash.exe

C:\Program Files\Comodo\Dragon\dragon_updater.exe

D:\c-programs\Malwarebytes' Anti-Malware\mbamscheduler.exe

D:\c-programs\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Baidu Security\PC App Store\3.15.8.4011\PCAppStoreSvc.exe

D:\c-programs\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe

C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe

C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe

C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\c-programs\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uURLSearchHooks: BS Player ControlBar Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll

BHO: BS Player ControlBar Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll

TB: BS Player ControlBar Toolbar: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - c:\program files\bs_player\prxtbBS_0.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: BS Player ControlBar Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_0.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\me\local settings\application data\google\update\GoogleUpdate.exe" /c                                                                                                                                                                         

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe

mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave                                                                                                                                                                                           

mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe                                                                                                                                                                                                                             

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [baidu PC Faster 4.0.0.0] "c:\program files\baidu security\pc faster\4.0.0.0\PCFaster.exe" -auto -start

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\verbac~1.lnk - d:\verbace-pro\VerbAce-Pro.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

TCP: Interfaces\{72A0B4FE-7B23-4044-A81F-BCA5047AC4DA} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{D7F4B66A-29ED-4481-AD02-3BF736EB1DC3} : NameServer = 156.154.70.22,156.154.71.22

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

IFEO: mobogenie.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"

IFEO: uninst.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\me\application data\mozilla\firefox\profiles\pb4b21kd.default\

FF - prefs.js: browser.search.selectedEngine - Bing 

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP|http://mysearch.avg.com?cid={02C1B49E-7B52-4ED9-AFE8-B488B8E88CF7}&mid=794708177adb47d3ace9d15198ede596-0〈=en&ds=co011&coid=avgtbdisco&cmpid=&pr=sa&d=&v=17.2.0.38&pid=safeguard&sg=&sap=hp

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\documents and settings\me\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.2.0\npsitesafety.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll

FF - plugin: d:\verbace-pro\NPAPI_PI.dll

FF - ExtSQL: 2013-11-03 09:30; {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}; c:\documents and settings\me\application data\mozilla\firefox\profiles\pb4b21kd.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

FF - ExtSQL: 2013-11-06 15:10; verbacefirefox@verbace.com; d:\verbace-pro\FFExt.xpi

FF - ExtSQL: 2013-11-07 11:05; PrivDog@AdTrustMedia.com; c:\documents and settings\me\application data\mozilla\firefox\profiles\pb4b21kd.default\extensions\PrivDog@AdTrustMedia.com.xpi

FF - ExtSQL: 2013-11-29 04:47; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\me\application data\mozilla\firefox\profiles\pb4b21kd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-12-22 06:18; downloader@finalvideotools.com; c:\program files\finalvideodownloader\Firefox

FF - ExtSQL: 2013-12-22 07:17; avg@toolbar; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\17.2.0.38

FF - ExtSQL: 2013-12-31 18:44; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 Bhbase;Baidu Hook Base;c:\windows\system32\drivers\Bhbase.sys [2013-12-27 47456]

R1 BprotectEx;Baidu ProtectEx;c:\windows\system32\drivers\BprotectEx.sys [2013-12-27 95552]

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-6 36112]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-9-24 15704]

R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [2013-9-24 587864]

R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2013-10-6 14272]

R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\progra~1\optimi~1\OptProCrash.exe [2013-12-22 143488]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2013-10-20 4832192]

R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2013-11-11 2098880]

R2 MBAMScheduler;MBAMScheduler;d:\c-programs\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-7 418376]

R2 MBAMService;MBAMService;d:\c-programs\malwarebytes' anti-malware\mbamservice.exe [2013-11-7 701512]

R2 PCAppStoreSvc_{PCAppStore_3.15.8.4011};Baidu PC App Store Service 3.15.8.4011;c:\program files\baidu security\pc app store\3.15.8.4011\PCAppStoreSvc.exe [2013-12-16 576032]

R2 PCFasterSvc_{PCFaster_4.0.0.0};Baidu PC Faster Service 4.0.0.0;c:\program files\baidu security\pc faster\4.0.0.0\PCFasterSvc.exe [2013-12-5 676848]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2013-10-30 1739576]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-7 22856]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-31 40776]

R3 PCFApiUtil;PCFApiUtil;\??\c:\program files\baidu security\pc faster\4.0.0.0\pcfapiutil.sys --> c:\program files\baidu security\pc faster\4.0.0.0\PCFApiUtil.sys [?]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2013-8-21 12320]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]

S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-9-24 131288]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S4 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-11-14 70352]

S4 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-11-14 2327248]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]

.

=============== Created Last 30 ================

.

2014-01-01 06:01:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2014-01-01 05:20:39 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll

2014-01-01 02:45:28 -------- d-----w- c:\documents and settings\me\local settings\application data\Apple

2014-01-01 02:42:41 217176 ----a-w- c:\windows\system32\unrar.dll

2014-01-01 02:41:46 -------- d-----w- c:\program files\Mozilla Maintenance Service

2014-01-01 02:41:16 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2014-01-01 02:41:15 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe

2014-01-01 02:41:15 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2014-01-01 02:41:14 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2014-01-01 02:41:14 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2014-01-01 02:41:14 130672 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2014-01-01 02:41:13 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2014-01-01 02:41:13 3459696 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2014-01-01 02:41:13 194560 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2014-01-01 02:41:13 119408 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2013-12-28 04:14:31 -------- d-----w- c:\documents and settings\me\application data\Baidu Security

2013-12-28 04:14:15 95552 ----a-w- c:\windows\system32\drivers\BprotectEx.sys

2013-12-28 04:14:12 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys

2013-12-28 04:13:57 -------- d-----w- c:\documents and settings\all users\application data\Log

2013-12-28 04:11:14 -------- d-----w- c:\program files\Baidu Security

2013-12-28 04:11:14 -------- d-----w- c:\documents and settings\all users\application data\Baidu Security

2013-12-22 15:27:34 -------- d-----w- c:\documents and settings\me\application data\1O1L1I1PtF1F1C1N

2013-12-22 15:18:44 -------- d-----w- c:\documents and settings\me\local settings\application data\AVG SafeGuard toolbar

2013-12-22 15:17:39 -------- d-----w- c:\documents and settings\me\application data\AVG SafeGuard toolbar

2013-12-22 15:17:15 -------- d-----w- c:\program files\common files\AVG Secure Search

2013-12-22 15:17:13 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar

2013-12-22 15:17:10 -------- d-----w- c:\program files\AVG SafeGuard toolbar

2013-12-22 14:19:07 -------- d-----w- c:\documents and settings\me\application data\FinalVideoDownloader

2013-12-22 14:18:35 -------- d-----w- c:\documents and settings\me\local settings\application data\FileTypeAssistant

2013-12-22 14:18:10 -------- d-----w- c:\program files\File Type Assistant

2013-12-22 14:18:00 -------- d-----w- c:\program files\FinalVideoDownloader

2013-12-22 14:17:26 -------- d-----w- c:\documents and settings\me\application data\Optimizer Pro

2013-12-22 14:17:08 -------- d-----w- c:\program files\Optimizer Pro

2013-12-16 11:51:57 1409 ----a-w- c:\windows\QTFont.for

2013-12-10 22:55:35 -------- d-----w- c:\documents and settings\me\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2013-12-10 21:31:22 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe

2013-12-10 20:54:05 -------- d-----w- c:\program files\Nsasoft

.

==================== Find3M  ====================

.

2013-12-12 03:33:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-12 03:33:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-11-29 09:25:03 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-11-29 09:25:03 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-11-14 11:38:07 587864 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2013-11-14 11:38:01 36000 ----a-w- c:\windows\system32\cmdcsr.dll

2013-11-14 06:00:12 48392 ----a-w- c:\windows\system32\certsentry.dll

2013-11-07 19:08:54 1060864 ----a-w- c:\windows\system32\mfc71.dll

2013-11-07 19:08:53 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2013-11-03 21:15:01 172032 ------w- c:\windows\Setup1.exe

2013-11-03 21:15:00 73216 ----a-w- c:\windows\ST6UNST.EXE

2013-10-30 09:45:44 36664 ----a-w- c:\windows\system32\TURegOpt.exe

2013-10-30 09:45:38 36152 ----a-w- c:\windows\system32\uxtuneup.dll

2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-13 07:25:08 43520 ------w- c:\windows\system32\licmgr10.dll

2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-10-13 07:24:17 18944 ------w- c:\windows\system32\corpol.dll

2013-10-13 06:57:59 385024 ------w- c:\windows\system32\html.iec

2013-10-07 05:17:38 14272 ----a-w- c:\windows\system32\drivers\hmd.sys

2013-10-07 05:17:38 14272 ----a-w- c:\windows\inf\hmd\hmd.sys

.

============= FINISH: 22:03:45.35 ===============

 

 

 

Attach.txt

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/3/2013 11:43:14 AM

System Uptime: 12/31/2013 8:57:21 PM (2 hours ago)

.

Motherboard: Intel Corporation |  | MPAD-MSAE Customer Reference Boards

Processor: Genuine Intel® CPU           T2400  @ 1.83GHz | U1 | 1828/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 29 GiB total, 4.05 GiB free.

D: is FIXED (NTFS) - 45 GiB total, 43.614 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP15: 11/7/2013 9:50:20 AM - Installed AVG 2014

RP16: 11/7/2013 7:20:08 PM - Removed AVG 2014

RP17: 11/7/2013 7:25:17 PM - Removed AVG 2014

RP26: 11/25/2013 10:56:40 PM - Software Distribution Service 3.0

RP27: 11/25/2013 11:08:12 PM - Installed Windows Internet Explorer 8.

RP28: 11/25/2013 11:13:09 PM - Software Distribution Service 3.0

RP43: 12/31/2013 8:55:59 PM - Installed QuickTime

RP44: 12/31/2013 9:05:39 PM - Installed QuickTime

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS6

Adobe Reader 8.1.3

Adobe Reader Free Download Packages

ALShow

ALTools Update

Apple Application Support

Apple Software Update

AVG SafeGuard toolbar

Baidu PC Faster

Bing Bar

BS.Player FREE

BS_Player Toolbar

COMODO Antivirus

Comodo Dragon

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Plus Web Player

File Type Assistant

Final Video Downloader 2013

GeekBuddy

GOM Player

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Graphics Media Accelerator Driver

K-Lite Codec Pack 10.1.5 Full

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders  (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Mobogenie

Mozilla Firefox 25.0.1 (x86 en-ZA)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB941833)

Optimizer Pro v3.2

Paint Shop Pro 6.0 (ESD)

PDF Settings CS6

Photo-Brush 3.51

PrivDog

Product Key Explorer 3.5.6

QuickTime

Real Dominoes

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB2888505)

Security Update for Windows Internet Explorer 8 (KB982381)

Skype Click to Call

Skype™ 6.11

Smurfs

SPlayer

Super Mario Flash v1.0

Super Mario Ice 2 

Super Mario World

TOSHIBA Software Modem

TuneUp Utilities 2014

TuneUp Utilities 2014 (en-US)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2467659)

VC80CRTRedist - 8.0.50727.4053

Visual Studio 2012 x86 Redistributables

VLC media player 2.1.2

WebFldrs XP

Windows Internet Explorer 8

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

WinRAR archiver

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

12/31/2013 9:26:17 PM, error: Service Control Manager [7034]  - The Baidu PC Faster Service 4.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).

12/31/2013 5:59:01 PM, error: Service Control Manager [7034]  - The TuneUp Utilities Service service terminated unexpectedly.  It has done this 1 time(s).

12/29/2013 10:26:37 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/25/2013 2:27:29 PM, error: Service Control Manager [7000]  - The TuneUp Theme Extension service failed to start due to the following error:  The executable program that this service is configured to run in does not implement the service.

.

==== End Of File ===========================

[Maniac]

Step 1

Please uninstall the following applications:

AVG SafeGuard toolbar

Baidu PC Faster

BS_Player Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan button. Wait until is finished.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 4

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[smsm]

Happy new year 

 

Step 2 Done

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Microsoft Windows XP x86

Ran by Me on Wed 01/01/2014 at  0:48:20.95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\wmhelper.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"

Successfully deleted: [Folder] "C:\Documents and Settings\Me\Application Data\optimizer pro"

Successfully deleted: [Folder] "C:\Documents and Settings\Me\Local Settings\Application Data\big fish"

Successfully deleted: [Folder] "C:\Documents and Settings\Me\Local Settings\Application Data\conduit"

Successfully deleted: [Folder] "C:\Documents and Settings\Me\Local Settings\Application Data\filetypeassistant"

Successfully deleted: [Folder] "C:\Program Files\bearshare applications"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\optimizer pro"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\optimizer pro v3.2"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\pb4b21kd.default\user.js

Successfully deleted: [File] C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\pb4b21kd.default\extensions\firefox@luckyleap.net.xpi

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/01/2014 at  1:05:35.71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[smsm]

Step 3 Done

 

AdwCleaner[s0].txt

 

# AdwCleaner v3.016 - Report created 01/01/2014 at 01:14:45

# Updated 23/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Me - ME-A9DC4E05935A

# Running from : C:\Documents and Settings\Me\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : ca82e1a5

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files\Mobogenie

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\DocuMents and Settings\Me\Local Settings\Application Data\AVG SafeGuard toolbar

Folder Deleted : C:\DocuMents and Settings\Me\Local Settings\Application Data\Mobogenie

Folder Deleted : C:\DocuMents and Settings\Me\Start Menu\Programs\Mobogenie

Folder Deleted : C:\DocuMents and Settings\Me\My DocuMents\Mobogenie

Folder Deleted : C:\DocuMents and Settings\Me\My DocuMents\optimizer pro

Folder Deleted : C:\DocuMents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\pb4b21kd.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

File Deleted : C:\DOCUMe~1\Me\LOCALS~1\Temp\Uninstall.exe

File Deleted : C:\DocuMents and Settings\Me\Desktop\Optimizer Pro.lnk

File Deleted : C:\DocuMents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\pb4b21kd.default\searchplugins\bingp.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v25.0.1 (en-ZA)

 

[ File : C:\DocuMents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\pb4b21kd.default\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [4987 octets] - [01/01/2014 01:13:37]

AdwCleaner[s0].txt - [5022 octets] - [01/01/2014 01:14:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5082 octets] ##########

[smsm]

Step 4 Done

 

• Malwarebytes' Anti-Malware log

 

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.31.07

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Me :: ME-A9DC4E05935A [administrator]

 

Protection: Enabled

 

1/1/2014 1:24:38 AM

mbam-log-2014-01-01 (01-24-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198652

Time elapsed: 7 minute(s), 36 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\Documents and Settings\Me\Local Settings\Temp\SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

C:\Documents and Settings\Me\Local Settings\Temp\is1852162411\11176497_stp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

 

(end)

[Maniac]

Well done!

Step 1

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[smsm]

I can not do step 1 

I run the program for 1 hour and it dose not move even 1% and I do not know why

Also when I shutdown the computer there is windows ( rundll.exe) and it give me tow options one is cancel and the other is end now

[Maniac]

Please proceed with step 2.

[smsm]

Step 2 : ESETScan.txt

 

C:\Documents and Settings\All Users\Application Data\COMODO\Cis\Quarantine\data\{590BD9CF-2716-4D54-AE62-84190CE0D932} a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\COMODO\Cis\Quarantine\data\{74C0AC29-0F14-4F86-A78B-29F3721CB15D} a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined

C:\Documents and Settings\Me\Application Data\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined

C:\Documents and Settings\Me\Local Settings\Temp\tbBS_0.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined

C:\Documents and Settings\Me\Local Settings\Temp\is1852162411\11176610_stp\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined

C:\Documents and Settings\Me\Local Settings\Temp\{DA86D0B4-8C98-4187-A473-7CD6D928361B}\setup.exe multiple threats cleaned by deleting - quarantined

C:\Documents and Settings\Me\Local Settings\Temp\{F4EAB9B7-C424-4889-88FC-9775279922F3}\setup.exe multiple threats cleaned by deleting - quarantined

D:\FinalVideoDownloaderSetup.exe a variant of Win32/InstallCore.IJ application cleaned by deleting - quarantined

D:\Programs\cbsidlm-cbsi134-JetAudio_Basic-ORG-10013740.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined

[smsm]

I can not do step 1 

I run the program for 1 hour and it dose not move even 1% and I do not know why

Also when I shutdown the computer there is windows ( rundll.exe) and it give me tow options one is cancel and the other is end now

 

I mentioned earlier there is windows called rundll.exe but actually it is rundll32.exe 

Also my laptop became too slow 

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!