Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

random system restarts


jbl
 Share

Recommended Posts

Hey, thanks for Anti-Malware and all the help you provide.

We've been getting the following message (and another related to svchost.exe which has not happened for a while) followed by a system restart:

"Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly."

It seems to be about once a day, but could be more at times. From what I've read, it seems like this could be an infection, so I was hoping someone could check it out. I've also become more concerned since I was not able to get GMER to save. I got it to run to completion the first time, but the computer froze when I tried to save, and every subsequent run (after re-downloading it) has frozen it again.

As background, I recently switched from a complete McAfee security solution (due to system slowness and compatibility problems) to Anti-Malware, Avira Personal and Windows Firewall. I also had problems loading Anti-Malware the first time months ago due to malicious infections and had to jump through some hoops (as outlined in posts in your forum) to get it to load and run the first time. We've since bought the full version and have the Protection Module enabled.

Below is the DDS log and Anti-Malware logs, and Attach.zip is attached. As I said above, I was not able to get GMER to save it's data.

mbam-log-2010-01-02(14-39-40)

--------------------------------------

Malwarebytes' Anti-Malware 1.43

Database version: 3480

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

1/2/2010 2:39:40 PM

mbam-log-2010-01-02 (14-39-40).txt

Scan type: Quick Scan

Objects scanned: 137040

Time elapsed: 16 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

protection-log-2010-01-03.txt:

-----------------------------------

09:05:44 Jasper MESSAGE Protection started successfully

09:05:53 Jasper MESSAGE IP Protection started successfully

09:09:45 Jasper IP-BLOCK 212.117.174.178

09:09:48 Jasper IP-BLOCK 212.117.174.178

09:09:54 Jasper IP-BLOCK 212.117.174.178

09:10:01 Jasper IP-BLOCK 213.174.149.74

09:10:04 Jasper IP-BLOCK 213.174.149.74

09:10:10 Jasper IP-BLOCK 213.174.149.74

09:37:50 Jasper IP-BLOCK 213.174.149.74

09:37:53 Jasper IP-BLOCK 213.174.149.74

09:37:59 Jasper IP-BLOCK 213.174.149.74

09:40:07 Jasper IP-BLOCK 212.117.174.179

09:40:09 Jasper IP-BLOCK 78.47.248.115

09:40:09 Jasper IP-BLOCK 212.117.174.179

09:40:12 Jasper IP-BLOCK 78.47.248.115

09:40:16 Jasper IP-BLOCK 212.117.174.179

09:40:18 Jasper IP-BLOCK 78.47.248.115

09:41:52 Jasper IP-BLOCK 78.47.248.115

09:41:55 Jasper IP-BLOCK 78.47.248.115

09:42:01 Jasper IP-BLOCK 78.47.248.115

09:42:30 Jasper IP-BLOCK 78.47.248.115

09:42:34 Jasper IP-BLOCK 78.47.248.115

09:42:40 Jasper IP-BLOCK 78.47.248.115

09:43:42 Jasper IP-BLOCK 78.47.248.115

09:43:45 Jasper IP-BLOCK 78.47.248.115

09:43:51 Jasper IP-BLOCK 78.47.248.115

09:49:49 Jasper IP-BLOCK 213.174.149.74

09:49:52 Jasper IP-BLOCK 213.174.149.74

09:49:58 Jasper IP-BLOCK 213.174.149.74

10:00:56 Jasper MESSAGE IP Protection stopped

10:01:03 Jasper MESSAGE Database updated successfully

10:01:05 Jasper MESSAGE IP Protection started successfully

10:09:15 Jasper IP-BLOCK 188.40.164.210

10:09:18 Jasper IP-BLOCK 188.40.164.210

10:09:24 Jasper IP-BLOCK 188.40.164.210

10:09:28 Jasper IP-BLOCK 78.47.248.115

10:09:31 Jasper IP-BLOCK 78.47.248.115

10:09:37 Jasper IP-BLOCK 188.40.164.211

10:09:37 Jasper IP-BLOCK 78.47.248.115

10:09:40 Jasper IP-BLOCK 188.40.164.211

10:09:46 Jasper IP-BLOCK 188.40.164.211

10:10:28 Jasper IP-BLOCK 212.117.174.178

10:10:31 Jasper IP-BLOCK 212.117.174.178

10:10:37 Jasper IP-BLOCK 212.117.174.178

10:10:40 Jasper IP-BLOCK 78.47.248.115

10:10:42 Jasper IP-BLOCK 78.47.248.115

10:10:49 Jasper IP-BLOCK 78.47.248.115

10:10:49 Jasper IP-BLOCK 213.174.149.74

10:10:52 Jasper IP-BLOCK 213.174.149.74

10:10:58 Jasper IP-BLOCK 213.174.149.74

10:28:49 Jasper IP-BLOCK 213.174.149.74

10:28:52 Jasper IP-BLOCK 213.174.149.74

10:28:58 Jasper IP-BLOCK 213.174.149.74

DDS log:

----------

DDS (Ver_09-12-01.01) - NTFSx86

Run by Jasper at 15:06:26.21 on Sat 01/02/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2054 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\Shutdownaware.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\Jasper\Desktop\downloads\Defogger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jasper\Desktop\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.dell.com

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [OfotoNow USB Detection] c:\windows\system32\rundll32.exe c:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNow

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [shutdownaware] c:\windows\Shutdownaware.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"

mRun: [stxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\jasper\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: turbotax.com

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://remote.ofoto.com/vdesk/terminal/urxvpn.cab#version=5400,0,50316,1

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe

DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://remote.ofoto.com/vdesk/terminal/urTermProxy.cab#version=5400,0,50412,1

DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://remote.ofoto.com/vdesk/terminal/urxshost.cab#version=2004,11,2,5

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://remote.ofoto.com/vdesk/terminal/urxhost.cab#version=5400,0,50316,1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: yakimufav - {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dll

SSODL: vonaregof - {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dll

SSODL: kobefisiv - {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dll

SSODL: wigugemab - {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dll

SSODL: nihawopot - {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dll

STS: tokatiluy: {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dll

STS: jugezatag: {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dll

STS: jugezatag: {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dll

STS: gahurihor: {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dll

STS: gahurihor: {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dll

LSA: Notification Packages = scecli lenipuna.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jasper\applic~1\mozilla\firefox\profiles\y4xyn0px.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\documents and settings\jasper\application data\mozilla\firefox\profiles\y4xyn0px.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLL

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\NPuroamHost.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-26 11608]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-29 214664]

R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2006-5-24 91136]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-26 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-26 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-26 56816]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-26 235344]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-26 19160]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2004-8-31 27968]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2005-4-8 10272]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-29 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-29 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-29 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-29 40552]

S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2006-5-24 23180]

=============== Created Last 30 ================

2067-02-24 23:21:18 79947 ----a-w- c:\windows\fw20.vxd

2010-01-02 23:00:33 0 ----a-w- c:\documents and settings\jasper\defogger_reenable

2009-12-27 02:28:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-27 02:28:24 0 d-----w- c:\program files\Avira

2009-12-27 02:28:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2009-12-26 23:48:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-26 23:48:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 23:48:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-19 22:37:46 0 d-----w- c:\windows\system32\NtmsData

2009-12-19 17:22:31 0 d-----w- c:\windows\pss

==================== Find3M ====================

2009-12-04 04:00:13 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT

2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe

2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-10-09 02:55:57 117748 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 15:10:03.18 ===============

Attach.zip

Link to post
Share on other sites

Okay

Please open malwarebytes, update to the latest definitions, run a quick scan. In your next reply, please post the fresh mbam log and dds log. Thanks

Here you go. Thanks again.

mbam-log-2010-01-05(18-55-29).txt:

-------------------------------------------

Malwarebytes' Anti-Malware 1.43

Database version: 3499

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

1/5/2010 6:55:29 PM

mbam-log-2010-01-05 (18-55-29).txt

Scan type: Quick Scan

Objects scanned: 137539

Time elapsed: 17 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Latest DDS.txt:

......................

DDS (Ver_09-12-01.01) - NTFSx86

Run by Jasper at 19:16:44.20 on Tue 01/05/2010

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1823 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\Shutdownaware.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\System32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jasper\Desktop\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.dell.com

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [OfotoNow USB Detection] c:\windows\system32\rundll32.exe c:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNow

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [shutdownaware] c:\windows\Shutdownaware.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"

mRun: [stxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\jasper\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: turbotax.com

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://remote.ofoto.com/vdesk/terminal/urxvpn.cab#version=5400,0,50316,1

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe

DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://remote.ofoto.com/vdesk/terminal/urTermProxy.cab#version=5400,0,50412,1

DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://remote.ofoto.com/vdesk/terminal/urxshost.cab#version=2004,11,2,5

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://remote.ofoto.com/vdesk/terminal/urxhost.cab#version=5400,0,50316,1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: yakimufav - {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dll

SSODL: vonaregof - {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dll

SSODL: kobefisiv - {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dll

SSODL: wigugemab - {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dll

SSODL: nihawopot - {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dll

STS: tokatiluy: {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dll

STS: jugezatag: {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dll

STS: jugezatag: {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dll

STS: gahurihor: {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dll

STS: gahurihor: {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dll

LSA: Notification Packages = scecli lenipuna.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jasper\applic~1\mozilla\firefox\profiles\y4xyn0px.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\documents and settings\jasper\application data\mozilla\firefox\profiles\y4xyn0px.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLL

FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\NPuroamHost.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-26 11608]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-29 214664]

R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2006-5-24 91136]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-26 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-26 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-26 56816]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-26 235344]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-26 19160]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2004-8-31 27968]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2005-4-8 10272]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-29 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-29 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-29 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-29 40552]

S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2006-5-24 23180]

=============== Created Last 30 ================

2067-02-24 23:21:18 79947 ----a-w- c:\windows\fw20.vxd

2010-01-03 07:33:19 0 ----a-w- c:\documents and settings\jasper\defogger_reenable

2009-12-27 02:28:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-27 02:28:24 0 d-----w- c:\program files\Avira

2009-12-27 02:28:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2009-12-26 23:48:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-26 23:48:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-26 23:48:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-19 22:37:46 0 d-----w- c:\windows\system32\NtmsData

2009-12-19 17:22:31 0 d-----w- c:\windows\pss

==================== Find3M ====================

2010-01-04 02:07:09 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT

2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe

2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-10-09 02:55:57 117748 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 19:19:34.31 ===============

Link to post
Share on other sites

Please download the OTM.exe by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "yakimufav"=-
    "vonaregof"=-
    "kobefisiv"=-
    "wigugemab"=-
    "nihawopot"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{4bcf1c46-134b-4ca4-97c4-4bab16958a87}"=-
    "{072ef229-399b-4f5a-9d98-4903df25d144}"=-
    "{bf9273ff-b5ad-408b-9fbe-702b84a8b3c7}"=-
    "{0a000c8e-0366-4adb-bf34-582a45532584}"=-
    "{449a65c2-4717-471f-a282-b656e961cf50}"=-
    [HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    :commands
    [emptytemp]


  • Return to OTMoveIt3, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Click Ok to allow OTM reboot your machine.
  • After reboot, a log file will appear. Copy the contents to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

How is everything running?

Link to post
Share on other sites

How is everything running?

Below are the contents of the OTM log file. The computer seems to be running very well and fast at this point. I don't see any of the "Windows must restart" due to DCOM or svchost errors in the Event Log going a few days back now.

...

All processes killed

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yakimufav deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vonaregof deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kobefisiv deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wigugemab deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\nihawopot deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{4bcf1c46-134b-4ca4-97c4-4bab16958a87} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bcf1c46-134b-4ca4-97c4-4bab16958a87}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{072ef229-399b-4f5a-9d98-4903df25d144} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{072ef229-399b-4f5a-9d98-4903df25d144}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf9273ff-b5ad-408b-9fbe-702b84a8b3c7}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0a000c8e-0366-4adb-bf34-582a45532584} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a000c8e-0366-4adb-bf34-582a45532584}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{449a65c2-4717-471f-a282-b656e961cf50} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449a65c2-4717-471f-a282-b656e961cf50}\ deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Jasper

->Temp folder emptied: 13893752 bytes

->Temporary Internet Files folder emptied: 91769647 bytes

->Java cache emptied: 38974836 bytes

->FireFox cache emptied: 115820645 bytes

User: jonah

->Temp folder emptied: 253048 bytes

->Temporary Internet Files folder emptied: 73288268 bytes

->FireFox cache emptied: 15439281 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 57859 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 509763 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 39097 bytes

%systemroot%\System32 .tmp files removed: 1162769 bytes

Windows Temp folder emptied: 170876862 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23910664 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112512938 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 628.00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 01062010_223144

Files moved on Reboot...

Registry entries deleted on Reboot...

...

Link to post
Share on other sites

How is everything running?

The system seems to be running great - and fast. No random restarts in days. Unless you think there is anything else to check, I think we're good. Thanks so much again for all of your help. Malwarebytes rules!

Link to post
Share on other sites

I seem to be having the same problem as jbl. A few months ago I started having problems with viruses. I'm still not able to start my computer in safe mode. In the last week my computer has began rebooting account the DCOM Server Process Launcher error.

Donmat, Please post your own topic.

Link to post
Share on other sites

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

3. Then go to Start > Run and type: Cleanmgr

4. Click "OK".

5. Click the "More Options" Tab.

6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.

How to Create a Restore Point.

How to use Cleanmgr.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.