jbl Posted January 3, 2010 ID:179191 Share Posted January 3, 2010 Hey, thanks for Anti-Malware and all the help you provide.We've been getting the following message (and another related to svchost.exe which has not happened for a while) followed by a system restart:"Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly."It seems to be about once a day, but could be more at times. From what I've read, it seems like this could be an infection, so I was hoping someone could check it out. I've also become more concerned since I was not able to get GMER to save. I got it to run to completion the first time, but the computer froze when I tried to save, and every subsequent run (after re-downloading it) has frozen it again.As background, I recently switched from a complete McAfee security solution (due to system slowness and compatibility problems) to Anti-Malware, Avira Personal and Windows Firewall. I also had problems loading Anti-Malware the first time months ago due to malicious infections and had to jump through some hoops (as outlined in posts in your forum) to get it to load and run the first time. We've since bought the full version and have the Protection Module enabled.Below is the DDS log and Anti-Malware logs, and Attach.zip is attached. As I said above, I was not able to get GMER to save it's data.mbam-log-2010-01-02(14-39-40)--------------------------------------Malwarebytes' Anti-Malware 1.43Database version: 3480Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.111/2/2010 2:39:40 PMmbam-log-2010-01-02 (14-39-40).txtScan type: Quick ScanObjects scanned: 137040Time elapsed: 16 minute(s), 22 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)protection-log-2010-01-03.txt:-----------------------------------09:05:44 Jasper MESSAGE Protection started successfully09:05:53 Jasper MESSAGE IP Protection started successfully09:09:45 Jasper IP-BLOCK 212.117.174.17809:09:48 Jasper IP-BLOCK 212.117.174.17809:09:54 Jasper IP-BLOCK 212.117.174.17809:10:01 Jasper IP-BLOCK 213.174.149.7409:10:04 Jasper IP-BLOCK 213.174.149.7409:10:10 Jasper IP-BLOCK 213.174.149.7409:37:50 Jasper IP-BLOCK 213.174.149.7409:37:53 Jasper IP-BLOCK 213.174.149.7409:37:59 Jasper IP-BLOCK 213.174.149.7409:40:07 Jasper IP-BLOCK 212.117.174.17909:40:09 Jasper IP-BLOCK 78.47.248.11509:40:09 Jasper IP-BLOCK 212.117.174.17909:40:12 Jasper IP-BLOCK 78.47.248.11509:40:16 Jasper IP-BLOCK 212.117.174.17909:40:18 Jasper IP-BLOCK 78.47.248.11509:41:52 Jasper IP-BLOCK 78.47.248.11509:41:55 Jasper IP-BLOCK 78.47.248.11509:42:01 Jasper IP-BLOCK 78.47.248.11509:42:30 Jasper IP-BLOCK 78.47.248.11509:42:34 Jasper IP-BLOCK 78.47.248.11509:42:40 Jasper IP-BLOCK 78.47.248.11509:43:42 Jasper IP-BLOCK 78.47.248.11509:43:45 Jasper IP-BLOCK 78.47.248.11509:43:51 Jasper IP-BLOCK 78.47.248.11509:49:49 Jasper IP-BLOCK 213.174.149.7409:49:52 Jasper IP-BLOCK 213.174.149.7409:49:58 Jasper IP-BLOCK 213.174.149.7410:00:56 Jasper MESSAGE IP Protection stopped10:01:03 Jasper MESSAGE Database updated successfully10:01:05 Jasper MESSAGE IP Protection started successfully10:09:15 Jasper IP-BLOCK 188.40.164.21010:09:18 Jasper IP-BLOCK 188.40.164.21010:09:24 Jasper IP-BLOCK 188.40.164.21010:09:28 Jasper IP-BLOCK 78.47.248.11510:09:31 Jasper IP-BLOCK 78.47.248.11510:09:37 Jasper IP-BLOCK 188.40.164.21110:09:37 Jasper IP-BLOCK 78.47.248.11510:09:40 Jasper IP-BLOCK 188.40.164.21110:09:46 Jasper IP-BLOCK 188.40.164.21110:10:28 Jasper IP-BLOCK 212.117.174.17810:10:31 Jasper IP-BLOCK 212.117.174.17810:10:37 Jasper IP-BLOCK 212.117.174.17810:10:40 Jasper IP-BLOCK 78.47.248.11510:10:42 Jasper IP-BLOCK 78.47.248.11510:10:49 Jasper IP-BLOCK 78.47.248.11510:10:49 Jasper IP-BLOCK 213.174.149.7410:10:52 Jasper IP-BLOCK 213.174.149.7410:10:58 Jasper IP-BLOCK 213.174.149.7410:28:49 Jasper IP-BLOCK 213.174.149.7410:28:52 Jasper IP-BLOCK 213.174.149.7410:28:58 Jasper IP-BLOCK 213.174.149.74DDS log:----------DDS (Ver_09-12-01.01) - NTFSx86 Run by Jasper at 15:06:26.21 on Sat 01/02/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2054 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\Shutdownaware.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXEC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\System32\RunDLL32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\palmOne\HOTSYNC.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Documents and Settings\Jasper\Desktop\downloads\Defogger.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Jasper\Desktop\downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://www.dell.comuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [OfotoNow USB Detection] c:\windows\system32\rundll32.exe c:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNowuRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenteruRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [bCMSMMSG] BCMSMMSG.exemRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [DVDSentry] c:\windows\system32\DSentry.exemRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exemRun: [shutdownaware] c:\windows\Shutdownaware.exemRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"mRun: [stxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\jasper\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllTrusted Zone: turbotax.comDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cabDPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://remote.ofoto.com/vdesk/terminal/urxvpn.cab#version=5400,0,50316,1DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cabDPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exeDPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://remote.ofoto.com/vdesk/terminal/urTermProxy.cab#version=5400,0,50412,1DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cabDPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://remote.ofoto.com/vdesk/terminal/urxshost.cab#version=2004,11,2,5DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://remote.ofoto.com/vdesk/terminal/urxhost.cab#version=5400,0,50316,1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSSODL: yakimufav - {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dllSSODL: vonaregof - {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dllSSODL: kobefisiv - {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dllSSODL: wigugemab - {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dllSSODL: nihawopot - {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dllSTS: tokatiluy: {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dllSTS: jugezatag: {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dllSTS: jugezatag: {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dllSTS: gahurihor: {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dllSTS: gahurihor: {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dllLSA: Notification Packages = scecli lenipuna.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\jasper\applic~1\mozilla\firefox\profiles\y4xyn0px.default\FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - component: c:\documents and settings\jasper\application data\mozilla\firefox\profiles\y4xyn0px.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLLFF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLLFF - plugin: c:\program files\mozilla firefox\plugins\NPuroamHost.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\---- FIREFOX POLICIES ----FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-26 11608]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-29 214664]R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2006-5-24 91136]R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-26 108289]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-26 185089]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-26 56816]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-26 235344]R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-26 19160]R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2004-8-31 27968]S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2005-4-8 10272]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-29 79816]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-29 35272]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-29 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-29 40552]S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2006-5-24 23180]=============== Created Last 30 ================2067-02-24 23:21:18 79947 ----a-w- c:\windows\fw20.vxd2010-01-02 23:00:33 0 ----a-w- c:\documents and settings\jasper\defogger_reenable2009-12-27 02:28:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys2009-12-27 02:28:24 0 d-----w- c:\program files\Avira2009-12-27 02:28:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira2009-12-26 23:48:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-12-26 23:48:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-12-26 23:48:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2009-12-19 22:37:46 0 d-----w- c:\windows\system32\NtmsData2009-12-19 17:22:31 0 d-----w- c:\windows\pss==================== Find3M ====================2009-12-04 04:00:13 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll2009-10-09 02:55:57 117748 ---ha-w- c:\windows\system32\mlfcache.dat============= FINISH: 15:10:03.18 ===============Attach.zip Link to post Share on other sites More sharing options...
sjpritch25 Posted January 5, 2010 ID:180165 Share Posted January 5, 2010 Sorry for the delayDo you still need assistance? Link to post Share on other sites More sharing options...
jbl Posted January 5, 2010 Author ID:180172 Share Posted January 5, 2010 Sorry for the delayDo you still need assistance?If you have the time to look at what I posted above, that would be great. No catastrophic failures, but still seems like we might be infected. Link to post Share on other sites More sharing options...
sjpritch25 Posted January 5, 2010 ID:180263 Share Posted January 5, 2010 OkayPlease open malwarebytes, update to the latest definitions, run a quick scan. In your next reply, please post the fresh mbam log and dds log. Thanks Link to post Share on other sites More sharing options...
jbl Posted January 6, 2010 Author ID:180452 Share Posted January 6, 2010 OkayPlease open malwarebytes, update to the latest definitions, run a quick scan. In your next reply, please post the fresh mbam log and dds log. ThanksHere you go. Thanks again.mbam-log-2010-01-05(18-55-29).txt:-------------------------------------------Malwarebytes' Anti-Malware 1.43Database version: 3499Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.111/5/2010 6:55:29 PMmbam-log-2010-01-05 (18-55-29).txtScan type: Quick ScanObjects scanned: 137539Time elapsed: 17 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Latest DDS.txt:......................DDS (Ver_09-12-01.01) - NTFSx86 Run by Jasper at 19:16:44.20 on Tue 01/05/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1823 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\Shutdownaware.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\System32\RunDLL32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\palmOne\HOTSYNC.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Jasper\Desktop\downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://www.dell.comuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%sBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [OfotoNow USB Detection] c:\windows\system32\rundll32.exe c:\progra~1\ofoto\ofotonow\OFUSBS.DLL,WatchForConnection OfotoNowuRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenteruRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [bCMSMMSG] BCMSMMSG.exemRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [DVDSentry] c:\windows\system32\DSentry.exemRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exemRun: [shutdownaware] c:\windows\Shutdownaware.exemRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"mRun: [stxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\jasper\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllTrusted Zone: turbotax.comDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cabDPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://remote.ofoto.com/vdesk/terminal/urxvpn.cab#version=5400,0,50316,1DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cabDPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exeDPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - hxxps://remote.ofoto.com/vdesk/terminal/urTermProxy.cab#version=5400,0,50412,1DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cabDPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://remote.ofoto.com/vdesk/terminal/urxshost.cab#version=2004,11,2,5DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://remote.ofoto.com/vdesk/terminal/urxhost.cab#version=5400,0,50316,1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSSODL: yakimufav - {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dllSSODL: vonaregof - {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dllSSODL: kobefisiv - {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dllSSODL: wigugemab - {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dllSSODL: nihawopot - {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dllSTS: tokatiluy: {449a65c2-4717-471f-a282-b656e961cf50} - c:\windows\system32\zorobite.dllSTS: jugezatag: {4bcf1c46-134b-4ca4-97c4-4bab16958a87} - c:\windows\system32\tehasebi.dllSTS: jugezatag: {072ef229-399b-4f5a-9d98-4903df25d144} - c:\windows\system32\yosusimu.dllSTS: gahurihor: {bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} - c:\windows\system32\dibiyowa.dllSTS: gahurihor: {0a000c8e-0366-4adb-bf34-582a45532584} - c:\windows\system32\rojawati.dllLSA: Notification Packages = scecli lenipuna.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\jasper\applic~1\mozilla\firefox\profiles\y4xyn0px.default\FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - component: c:\documents and settings\jasper\application data\mozilla\firefox\profiles\y4xyn0px.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dllFF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLLFF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLLFF - plugin: c:\program files\mozilla firefox\plugins\NPuroamHost.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\---- FIREFOX POLICIES ----FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-26 11608]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-29 214664]R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2006-5-24 91136]R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-26 108289]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-26 185089]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-26 56816]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-26 235344]R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-26 19160]R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2004-8-31 27968]S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2005-4-8 10272]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-29 79816]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-29 35272]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-29 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-29 40552]S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2006-5-24 23180]=============== Created Last 30 ================2067-02-24 23:21:18 79947 ----a-w- c:\windows\fw20.vxd2010-01-03 07:33:19 0 ----a-w- c:\documents and settings\jasper\defogger_reenable2009-12-27 02:28:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys2009-12-27 02:28:24 0 d-----w- c:\program files\Avira2009-12-27 02:28:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira2009-12-26 23:48:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-12-26 23:48:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-12-26 23:48:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2009-12-19 22:37:46 0 d-----w- c:\windows\system32\NtmsData2009-12-19 17:22:31 0 d-----w- c:\windows\pss==================== Find3M ====================2010-01-04 02:07:09 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll2009-10-09 02:55:57 117748 ---ha-w- c:\windows\system32\mlfcache.dat============= FINISH: 19:19:34.31 =============== Link to post Share on other sites More sharing options...
sjpritch25 Posted January 6, 2010 ID:180787 Share Posted January 6, 2010 Please download the OTM.exe by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it.Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"yakimufav"=-"vonaregof"=-"kobefisiv"=-"wigugemab"=-"nihawopot"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{4bcf1c46-134b-4ca4-97c4-4bab16958a87}"=-"{072ef229-399b-4f5a-9d98-4903df25d144}"=-"{bf9273ff-b5ad-408b-9fbe-702b84a8b3c7}"=-"{0a000c8e-0366-4adb-bf34-582a45532584}"=-"{449a65c2-4717-471f-a282-b656e961cf50}"=-[HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\Lsa]"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00:commands[emptytemp] Return to OTMoveIt3, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.Click the red Moveit! button.Click Ok to allow OTM reboot your machine.After reboot, a log file will appear. Copy the contents to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTMHow is everything running? Link to post Share on other sites More sharing options...
jbl Posted January 7, 2010 Author ID:180986 Share Posted January 7, 2010 How is everything running?Below are the contents of the OTM log file. The computer seems to be running very well and fast at this point. I don't see any of the "Windows must restart" due to DCOM or svchost errors in the Event Log going a few days back now....All processes killed========== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\yakimufav deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vonaregof deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kobefisiv deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wigugemab deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\nihawopot deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{4bcf1c46-134b-4ca4-97c4-4bab16958a87} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bcf1c46-134b-4ca4-97c4-4bab16958a87}\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{072ef229-399b-4f5a-9d98-4903df25d144} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{072ef229-399b-4f5a-9d98-4903df25d144}\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{bf9273ff-b5ad-408b-9fbe-702b84a8b3c7} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf9273ff-b5ad-408b-9fbe-702b84a8b3c7}\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0a000c8e-0366-4adb-bf34-582a45532584} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a000c8e-0366-4adb-bf34-582a45532584}\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{449a65c2-4717-471f-a282-b656e961cf50} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449a65c2-4717-471f-a282-b656e961cf50}\ deleted successfully.HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32768 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytesUser: Jasper->Temp folder emptied: 13893752 bytes->Temporary Internet Files folder emptied: 91769647 bytes->Java cache emptied: 38974836 bytes->FireFox cache emptied: 115820645 bytesUser: jonah->Temp folder emptied: 253048 bytes->Temporary Internet Files folder emptied: 73288268 bytes->FireFox cache emptied: 15439281 bytesUser: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 57859 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 509763 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 39097 bytes%systemroot%\System32 .tmp files removed: 1162769 bytesWindows Temp folder emptied: 170876862 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23910664 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112512938 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 628.00 mbOTM by OldTimer - Version 3.1.4.0 log created on 01062010_223144Files moved on Reboot...Registry entries deleted on Reboot...... Link to post Share on other sites More sharing options...
sjpritch25 Posted January 8, 2010 ID:181331 Share Posted January 8, 2010 Open OTM and click on CleanupHow is everything running? Link to post Share on other sites More sharing options...
jbl Posted January 8, 2010 Author ID:181393 Share Posted January 8, 2010 How is everything running?The system seems to be running great - and fast. No random restarts in days. Unless you think there is anything else to check, I think we're good. Thanks so much again for all of your help. Malwarebytes rules! Link to post Share on other sites More sharing options...
donmat Posted January 10, 2010 ID:182230 Share Posted January 10, 2010 I seem to be having the same problem as jbl. A few months ago I started having problems with viruses. I'm still not able to start my computer in safe mode. In the last week my computer has began rebooting account the DCOM Server Process Launcher error. Link to post Share on other sites More sharing options...
Bobc11 Posted January 10, 2010 ID:182428 Share Posted January 10, 2010 I seem to be having the same problem as jbl. A few months ago I started having problems with viruses. I'm still not able to start my computer in safe mode. In the last week my computer has began rebooting account the DCOM Server Process Launcher error.Donmat, Please post your own topic. Link to post Share on other sites More sharing options...
sjpritch25 Posted January 11, 2010 ID:182635 Share Posted January 11, 2010 Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.To SET A NEW RESTORE POINT:1. Go to Start > Programs > Accessories > System Tools and click "System Restore".2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.3. Then go to Start > Run and type: Cleanmgr4. Click "OK".5. Click the "More Options" Tab.6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.Graphics for doing this are in the following links if you need them.How to Create a Restore Point.How to use Cleanmgr. Link to post Share on other sites More sharing options...
jbl Posted January 13, 2010 Author ID:183514 Share Posted January 13, 2010 Done. Thanks again for all of your help. Link to post Share on other sites More sharing options...
Recommended Posts