Jump to content

Recommended Posts

Hello, I am a Malwarebytes Pro user.  Over the last few months my laptop has had several problems.  First it was the FBI Ransom virus.  I escaped it by doing a system restore. I then purchased Malwarebytes Pro for realtime protection.  Once I had PRO running I often get the "Successfully blocked access to a potentially malicious website"  Type:  Outgoing.   These often pop up when I am not even using Internet Explorer.  Sometimes they rarely pop up and other times it's every 30 seconds.

 

In addition, last week I started getting a notice that said "System Shutdown"..."This system is shutting down......etc" and "Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly".  A clock counts down from 60 seconds and then restarts the computer....but then the same thing happens again.  I am able to intercept the cycle by doing a quick system restore.  What is this?

 

Obviously there is something on my computer that is causing this instability.  I regularly run Malwarebytes scans, as well as Malwarebytes Anti Rootkit and Super Anti Spyware. Usually they come up clean.  In addition, I just downloaded TDS Killer which found nothing. 

 

Please advise on how to clean up my computer once and for all.  Thank you!!

Link to post
Share on other sites

Hello kibo1224 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thanks Borislav!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 11:46:52 on 2014-01-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1122 [GMT -5:00]
.
.
============== Running Processes ================
.
D:\WINDOWS\System32\WLTRYSVC.EXE
D:\WINDOWS\System32\bcmwltry.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\WLTRAY.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\OA012Mon.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\regsvr32.exe
D:\Documents and Settings\Owner\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
D:\Program Files\WinZip\WZQKPICK32.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Ant.com\IE add-on\antmaintainer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - d:\program files\ant.com\ie add-on\Download.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - d:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - d:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [sUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Ant.com Update] regsvr32.exe "d:\documents and settings\owner\local settings\application data\ant.com\nvdxgiwrap.dll"
uRun: [Amazon Cloud Player] d:\documents and settings\owner\local settings\application data\amazon cloud player\Amazon Music Helper.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [broadcom Wireless Manager UI] d:\windows\system32\WLTRAY.exe
mRun: [igfxTray] d:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [Persistence] d:\windows\system32\igfxpers.exe
mRun: [synTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OA012Mon] d:\windows\OA012Mon.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - d:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - d:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - d:\program files\ant.com\ie add-on\Download.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02EE3EA8-2DF7-4DA3-B457-F61A891BF171} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "d:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-14 418376]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-19 701512]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-1-19 22856]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;d:\windows\system32\drivers\OA012Afx.sys [2012-1-8 134144]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;d:\windows\system32\drivers\OA012Ufd.sys [2012-1-8 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;d:\windows\system32\drivers\OA012Vid.sys [2012-1-8 272256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;d:\windows\system32\drivers\RtsUStor.sys [2012-1-8 162816]
S2 AntUpdaterService;Ant Toolbar updater service;d:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ewusbnet;HUAWEI USB-NDIS miniport;d:\windows\system32\drivers\ewusbnet.sys --> d:\windows\system32\drivers\ewusbnet.sys [?]
S3 Rts516xIR;Realtek IR Driver;d:\windows\system32\drivers\rts516xir.sys --> d:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-01-25 21:30:52 -------- d-----w- D:\SUPERDelete
2014-01-24 22:44:47 -------- d-----w- d:\windows\system32\wbem\repository\FS
2014-01-24 22:44:47 -------- d-----w- d:\windows\system32\wbem\Repository
2014-01-24 22:44:25 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-01-03 12:46:31 712264 ----a-w- d:\windows\isRS-000.tmp
.
==================== Find3M  ====================
.
2014-01-19 22:46:26 51416 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys
2014-01-03 14:33:15 692616 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2014-01-03 14:33:14 71048 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:48:31.78 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/8/2012 2:22:19 PM
System Uptime: 1/27/2014 11:31:08 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | CN0Y53
Processor:          Intel® Atom CPU N270   @ 1.60GHz | U1 | 1596/533mhz
.
==== Disk Partitions =========================
.
D: is FIXED (NTFS) - 112 GiB total, 10.415 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\CPL0002\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\CPL0002\2&DABA3FF&0
Service:
.
==== System Restore Points ===================
.
RP384: 10/31/2013 5:18:54 AM - System Checkpoint
RP385: 11/1/2013 9:50:55 AM - System Checkpoint
RP386: 11/2/2013 4:34:18 PM - System Checkpoint
RP387: 11/3/2013 3:59:25 PM - System Checkpoint
RP388: 11/4/2013 4:21:26 PM - System Checkpoint
RP389: 11/5/2013 4:39:40 PM - System Checkpoint
RP390: 11/6/2013 8:35:56 PM - System Checkpoint
RP391: 11/7/2013 10:17:09 PM - System Checkpoint
RP392: 11/9/2013 6:42:49 AM - System Checkpoint
RP393: 11/11/2013 12:31:24 AM - System Checkpoint
RP394: 11/12/2013 1:12:26 AM - System Checkpoint
RP395: 11/13/2013 11:29:25 AM - System Checkpoint
RP396: 11/14/2013 5:01:14 PM - System Checkpoint
RP397: 11/16/2013 5:09:00 PM - System Checkpoint
RP398: 11/18/2013 11:19:50 AM - System Checkpoint
RP399: 11/19/2013 11:48:26 AM - System Checkpoint
RP400: 11/20/2013 3:09:53 PM - System Checkpoint
RP401: 11/22/2013 2:52:59 PM - System Checkpoint
RP402: 11/23/2013 3:44:49 PM - System Checkpoint
RP403: 11/24/2013 4:33:41 PM - System Checkpoint
RP404: 11/25/2013 8:50:38 PM - System Checkpoint
RP405: 11/29/2013 3:40:35 PM - System Checkpoint
RP406: 12/1/2013 11:50:16 PM - System Checkpoint
RP407: 12/6/2013 8:43:28 AM - System Checkpoint
RP408: 12/24/2013 10:07:32 PM - System Checkpoint
RP409: 12/26/2013 12:36:06 AM - System Checkpoint
RP410: 12/28/2013 4:55:51 PM - System Checkpoint
RP411: 12/30/2013 3:25:23 PM - System Checkpoint
RP412: 1/3/2014 8:09:01 AM - Restore Operation
RP413: 1/3/2014 8:44:48 AM - Restore Operation
RP414: 1/4/2014 8:48:23 AM - System Checkpoint
RP415: 1/12/2014 12:21:36 AM - System Checkpoint
RP416: 1/13/2014 8:41:06 PM - System Checkpoint
RP417: 1/14/2014 11:26:27 PM - System Checkpoint
RP418: 1/17/2014 12:43:18 AM - System Checkpoint
RP419: 1/18/2014 2:10:24 PM - Malwarebytes Anti-Rootkit Restore Point
RP420: 1/19/2014 5:00:37 PM - Restore Operation
RP421: 1/19/2014 5:11:09 PM - Restore Operation
RP422: 1/19/2014 5:13:20 PM - Restore Operation
RP423: 1/19/2014 5:26:09 PM - xxx
RP424: 1/19/2014 10:32:09 PM - ddd
RP425: 1/23/2014 2:20:00 PM - System Checkpoint
RP426: 1/24/2014 3:43:03 PM - System Checkpoint
RP427: 1/24/2014 4:42:03 PM - Malwarebytes Anti-Rootkit Restore Point
RP428: 1/24/2014 5:43:34 PM - Restore Operation
RP429: 1/24/2014 6:43:44 PM - Clean
.
==== Installed Programs ======================
.
Adobe Audition 1.5
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 9.5.5
Amazon Cloud Player
Ant.com IE add-on
Ant.com Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Dell Touchpad
Dell Wireless WLAN Card Utility
doPDF 7.3 printer
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Integrated Webcam Driver (1.04.01.0708) 
Intel® Graphics Media Accelerator Driver
iTunes
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
PHOTOfunSTUDIO 6.0
PlayFLV
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Recuva
Savevid
Search Assistant WebSearch 1.74
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Ss.Helper 1.74
SUPERAntiSpyware
Tipard Video Converter 6.1.50
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
USB2.0 Card Reader Software
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
1/24/2014 6:43:09 PM, error: Service Control Manager [7023]  - The Background Intelligent Transfer Service service terminated with the following error:  The specified module could not be found.
1/24/2014 5:42:23 PM, error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/24/2014 5:42:11 PM, error: Service Control Manager [7022]  - The DCOM Server Process Launcher service hung on starting.
1/24/2014 5:37:13 PM, error: Service Control Manager [7001]  - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error:  The pipe state is invalid.
1/24/2014 5:37:13 PM, error: Service Control Manager [7000]  - The Terminal Services service failed to start due to the following error:  The pipe state is invalid.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Ant.com IE add-on

Ant.com Toolbar

Savevid

Search Assistant WebSearch 1.74

Ss.Helper 1.74

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Tue 02/04/2014 at 19:56:06.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/04/2014 at 20:16:47.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.018 - Report created 04/02/2014 at 19:49:21
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - DELLMINI10
# Running from : D:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9N2MS2ON\AdwCleaner[1].exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : D:\Documents and Settings\All Users\Application Data\DDOwnload ukEepeir
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Doownload keeper
Folder Deleted : D:\Program Files\DDOwnload ukEepeir
Folder Deleted : D:\Program Files\Doownload keeper

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v32.0.1700.107

[ File : D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [2427 octets] - [04/02/2014 19:44:27]
AdwCleaner[s0].txt - [2304 octets] - [04/02/2014 19:49:21]

########## EOF - D:\AdwCleaner\AdwCleaner[s0].txt - [2364 octets] ##########

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.04.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: DELLMINI10 [administrator]

Protection: Enabled

2/4/2014 8:21:39 PM
mbam-log-2014-02-04 (20-21-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280696
Time elapsed: 23 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.