Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92322 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Please help, internet explorer keeps shutting down


  • This topic is locked This topic is locked
8 replies to this topic

#1 HeyItsRey

HeyItsRey

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 21 September 2009 - 06:33 PM

Hello whatthetech forums. I'm here because I've tried everything I could think of, my problem is still persistant, and because a friend directed me here. I'll try to explain my problem the best that I can... Well when I start up my internet explorer I get a blank window (attached), and when I close that window my internet explorer works like it normally would. That is, untill I brouse a few webpages. Then my internet explorer pull up a window that says "windows explorer has stopped working..." and then "windows explorer is restarting..." and it restarts and brings up that blank window again. At first I thought the problem was just internet explorer, but on firefox it does the same thing: brouse a few pages, quits and restarts. I honestly don't know what the problem is. I did at least two full scans with my avast (no viruses each time) and I've tried defragmentizing my computer, and neither of those helped me. And so, I have come here for ask for help, it would be greatly appreciated :) Here are my logs to help. Also if it helps any I'm using windows vista home premium. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/21 16:41 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name:  Image Path:  Address: 0x8E9C6000 Size: 65536 File Visible: No Signed: - Status: Hidden from the Windows API! Name:  Image Path:  Address: 0x8E9D6000 Size: 172032 File Visible: No Signed: - Status: Hidden from the Windows API! Name: bowser Image Path: \FileSystem\bowser Address: 0x9A889000 Size: 102400 File Visible: No Signed: - Status: Hidden from the Windows API! Name: downloads[1].sys Image Path: C:\Windows\system32\drivers\downloads[1].sys Address: 0xBB3A9000 Size: 49152 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8ED0B000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8ED00000 Size: 45056 File Visible: No Signed: - Status: - Name: HTTP Image Path: \Driver\HTTP Address: 0x9A801000 Size: 438272 File Visible: No Signed: - Status: Hidden from the Windows API! Name: mpsdrv Image Path: \Driver\mpsdrv Address: 0x9A8A2000 Size: 86016 File Visible: No Signed: - Status: Hidden from the Windows API! Name: MRxDAV Image Path: \FileSystem\MRxDAV Address: 0x9A8B7000 Size: 131072 File Visible: No Signed: - Status: Hidden from the Windows API! Name: mrxsmb Image Path: \FileSystem\mrxsmb Address: 0x9A8D7000 Size: 126976 File Visible: No Signed: - Status: Hidden from the Windows API! Name: mrxsmb20 Image Path: \FileSystem\mrxsmb20 Address: 0x9A92F000 Size: 98304 File Visible: No Signed: - Status: Hidden from the Windows API! Name: PEAUTH Image Path: \Driver\PEAUTH Address: 0x9AC02000 Size: 909312 File Visible: No Signed: - Status: Hidden from the Windows API! Name: srv2 Image Path: \FileSystem\srv2 Address: 0x9A947000 Size: 159744 File Visible: No Signed: - Status: Hidden from the Windows API! Name: srvnet Image Path: \FileSystem\srvnet Address: 0x9A86C000 Size: 118784 File Visible: No Signed: - Status: Hidden from the Windows API! Name: •楬散獮䥥㵤笢扢㈸昴愵攭㜰ⴵㄴ㘱愭戴ⴱ㈵挹㡥挶㌹㘱≽砠汭獮猺㵸產湲洺数㩧灭来ㄲ Image Path: •楬散獮䥥㵤笢扢㈸昴愵攭㜰ⴵㄴ㘱愭戴ⴱ㈵挹㡥挶㌹㘱≽砠汭獮猺㵸產湲洺数㩧灭来ㄲ Address: 0x9ACE0000 Size: 40960 File Visible: No Signed: - Status: Hidden from the Windows API! Name: 䱍⼲䱓瘯∲砠汭獮琺㵭栢瑴㩰⼯睷⹷業牣獯景⹴潣⽭剄⽍牘䱍⼲䵔瘯∲㰾㩲楴汴㹥楗摮睯⡳䵔 Image Path: 䱍⼲䱓瘯∲砠汭獮琺㵭栢瑴㩰⼯睷⹷業牣獯景⹴潣⽭剄⽍牘䱍⼲䵔瘯∲㰾㩲楴汴㹥楗摮睯⡳䵔 Address: 0x9ACEA000 Size: 49152 File Visible: No Signed: - Status: Hidden from the Windows API! Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1268 Status: Locked to the Windows API! SSDT ------------------- #: 013 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x87017310 #: 014 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x870173f0 #: 018 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x870134a0 #: 054 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x86ec23a0 #: 067 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x87017070 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x870146a0 #: 147 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x870132f0 #: 156 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x87017150 #: 158 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x87017230 #: 177 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x87f52810 #: 184 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x87016f48 #: 195 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x870145e0 #: 202 Function Name: NtOpenThreadToken Status: Hooked by "<unknown>" at address 0x87014fd0 #: 282 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x87f38440 #: 289 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x87014f10 #: 305 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x87f52670 #: 306 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x87014e30 #: 330 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x87016e68 #: 331 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x87014c70 #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x87017ac0 #: 335 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x87014d50 #: 348 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x87f52750 #: 358 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x870133d0 ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by Reynard at 16:46:01.29 on Mon 09/21/2009 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2941.1213 [GMT -7:00] AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\TOSHIBA\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\taskeng.exe C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Reynard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V6NXOAQ\downloads[1].scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.6.2.4500\NPIEAddOn.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.5.960\ssd.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [NDSTray.exe] NDSTray.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [TP CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe StartupFolder: c:\users\reynard\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\users\reynard\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-16 114768] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-27 20352] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-16 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-2-16 51792] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168] S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2008-2-12 212280] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-27 937984] =============== Created Last 30 ================ 2009-09-21 16:41 0 a------- c:\users\reynard\settings.dat 2009-09-08 12:10 897,608 a------- c:\windows\system32\drivers\tcpip.sys 2009-09-08 12:10 104,960 a------- c:\windows\system32\netiohlp.dll 2009-09-08 12:10 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-09-08 12:10 19,968 a------- c:\windows\system32\ARP.EXE 2009-09-08 12:10 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-09-08 12:10 17,920 a------- c:\windows\system32\netevent.dll 2009-09-08 12:10 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-09-08 12:10 10,240 a------- c:\windows\system32\finger.exe 2009-09-08 12:10 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-09-08 12:10 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-09-08 12:09 2,501,921 a------- c:\windows\system32\wlan.tmf 2009-09-08 12:09 513,024 a------- c:\windows\system32\wlansvc.dll 2009-09-08 12:09 302,592 a------- c:\windows\system32\wlansec.dll 2009-09-08 12:09 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-09-08 12:09 127,488 a------- c:\windows\system32\L2SecHC.dll 2009-09-08 12:09 2,868,224 a------- c:\windows\system32\mf.dll 2009-09-02 22:55 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-09-02 22:55 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-26 03:01 2,048 a------- c:\windows\system32\tzres.dll ==================== Find3M ==================== 2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-07-18 09:06 827,904 a------- c:\windows\system32\wininet.dll 2009-07-18 09:01 78,336 a------- c:\windows\system32\ieencode.dll 2009-07-18 02:46 26,624 a------- c:\windows\system32\ieUnatt.exe 2009-07-17 07:35 71,680 a------- c:\windows\system32\atl.dll 2009-07-14 06:00 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-14 05:59 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-14 05:58 7,680 a------- c:\windows\system32\spwmp.dll 2009-07-14 03:59 8,147,456 a------- c:\windows\system32\wmploc.DLL 2008-11-11 17:01 86,016 a------- c:\windows\inf\infstor.dat 2008-11-11 17:01 51,200 a------- c:\windows\inf\infpub.dat 2008-11-11 17:01 665,600 a------- c:\windows\inf\drvindex.dat 2008-11-11 17:01 86,016 a------- c:\windows\inf\infstrng.dat 2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

Attached Images

  • problemwindow.jpg

Attached Files


    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 25 September 2009 - 07:59 PM

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • MBAM Log
  • Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 HeyItsRey

HeyItsRey

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 26 September 2009 - 06:26 AM

Thank you so much! That annoying window is gone and my internet doesn't crash anymore. :lol: Heres both the reports: Malwarebytes' Anti-Malware 1.41 Database version: 2861 Windows 6.0.6001 Service Pack 1 9/25/2009 7:31:01 PM mbam-log-2009-09-25 (19-31-01).txt Scan type: Quick Scan Objects scanned: 85106 Time elapsed: 3 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 26 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 19 Files Infected: 34 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\System Search Dispatcher\1.3.5.960\ssd.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPCommon.dll (Adware.DoubleD) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500 (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Delete on reboot. C:\Program Files\System Search Dispatcher\1.3.5.960 (Adware.DoubleD) -> Delete on reboot. C:\Program Files\System Search Dispatcher\1.3.5.960\Data (Adware.DoubleD) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\System Search Dispatcher\1.3.5.960\ssd.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPCommon.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.41 Database version: 2861 Windows 6.0.6001 Service Pack 1 9/25/2009 7:31:01 PM mbam-log-2009-09-25 (19-31-01).txt Scan type: Quick Scan Objects scanned: 85106 Time elapsed: 3 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 26 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 19 Files Infected: 34 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\System Search Dispatcher\1.3.5.960\ssd.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPCommon.dll (Adware.DoubleD) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500 (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Delete on reboot. C:\Program Files\System Search Dispatcher\1.3.5.960 (Adware.DoubleD) -> Delete on reboot. C:\Program Files\System Search Dispatcher\1.3.5.960\Data (Adware.DoubleD) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\System Search Dispatcher\1.3.5.960\ssd.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\NPCommon.dll (Adware.DoubleD) -> Delete on reboot. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Internet Saving Optimizer\3.6.2.4500\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Program Files\System Search Dispatcher\1.3.5.960\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, September 25, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, September 26, 2009 03:40:30 Records in database: 2922293 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 136995 Threats found: 2 Infected objects found: 2 Suspicious objects found: 0 Scan duration: 01:39:22 File name / Threat / Threats count C:\Users\Reynard\Documents\LimeWire\Saved\flagpole sitta.mp3 Infected: Trojan-Downloader.WMA.Wimad.r 1 C:\Users\Reynard\Documents\LimeWire\Saved\The Lonely Island - Punch You in the Jeans.wma Infected: Trojan-Downloader.WMA.Wimad.v 1 Selected area has been scanned.

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 September 2009 - 07:27 AM

Hi,

Please do the following:

  • Go to Start->Run and type in notepad and hit OK.
  • Then copy and paste the content of the following codebox into Notepad:

    @echo off 
    if exist "%temp%\log.txt" del "%temp%\log.txt"
    
    for %%g in ( 
    "C:\Users\Reynard\Documents\LimeWire\Saved\flagpole sitta.mp3"
    "C:\Users\Reynard\Documents\LimeWire\Saved\The Lonely Island - Punch You in the Jeans.wma"
    ) do ( 
    del /a/f/q %%g
    if exist %%g echo.%%g >>"%temp%\log.txt" 
    )>nul 2>&1 
    
    if exist "%temp%\log.txt" (start notepad "%temp%\log.txt" 
    ) else echo.Deleted Successfully! 
    echo. 
    pause 
    del %0
  • Save the file to your DESKTOP as "find.bat". Make sure to save it with the quotes.
  • Once saved, the icon to click should look like this on your desktop:

    Posted Image
  • Double click find.bat. to run it. A small black box should open and close - this is normal.
  • A notepad file will open copy/paste the content in your next reply.

NEXT

Post a fresh DDS and Attach.txt and advise how your computer is running and if there are any outstanding issues

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 HeyItsRey

HeyItsRey

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 27 September 2009 - 02:43 PM

Okay, did my "find.bat" with no problems, and here's my second DDS report and Attachment: DDS (Ver_09-06-26.01) - NTFSx86 Run by Reynard at 13:39:42.66 on Sun 09/27/2009 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2941.1066 [GMT -7:00] AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\TOSHIBA\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Reynard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V6NXOAQ\downloads[1].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [NDSTray.exe] NDSTray.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [TP CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\reynard\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\users\reynard\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\hmelyofflabs\vhtoolkit\Skype4COM.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-16 114768] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-8-27 20352] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-16 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-2-16 51792] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168] S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2008-2-12 212280] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-8-27 937984] =============== Created Last 30 ================ 2009-09-27 03:34 <DIR> --d----- c:\program files\VideoLAN 2009-09-27 02:23 <DIR> --d----- c:\program files\HmelyoffLabs 2009-09-25 19:24 <DIR> --d----- c:\users\reynard\appdata\roaming\Malwarebytes 2009-09-25 19:24 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-25 19:24 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-25 19:24 <DIR> --d----- c:\programdata\Malwarebytes 2009-09-25 19:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-25 19:24 <DIR> --d----- c:\progra~2\Malwarebytes 2009-09-21 16:41 0 a------- c:\users\reynard\settings.dat 2009-09-08 12:10 897,608 a------- c:\windows\system32\drivers\tcpip.sys 2009-09-08 12:10 104,960 a------- c:\windows\system32\netiohlp.dll 2009-09-08 12:10 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-09-08 12:10 19,968 a------- c:\windows\system32\ARP.EXE 2009-09-08 12:10 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-09-08 12:10 17,920 a------- c:\windows\system32\netevent.dll 2009-09-08 12:10 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-09-08 12:10 10,240 a------- c:\windows\system32\finger.exe 2009-09-08 12:10 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-09-08 12:10 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-09-08 12:09 2,501,921 a------- c:\windows\system32\wlan.tmf 2009-09-08 12:09 513,024 a------- c:\windows\system32\wlansvc.dll 2009-09-08 12:09 302,592 a------- c:\windows\system32\wlansec.dll 2009-09-08 12:09 293,376 a------- c:\windows\system32\wlanmsm.dll 2009-09-08 12:09 127,488 a------- c:\windows\system32\L2SecHC.dll 2009-09-08 12:09 2,868,224 a------- c:\windows\system32\mf.dll 2009-09-02 22:55 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-09-02 22:55 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll ==================== Find3M ==================== 2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-07-18 09:06 827,904 a------- c:\windows\system32\wininet.dll 2009-07-18 09:01 78,336 a------- c:\windows\system32\ieencode.dll 2009-07-18 02:46 26,624 a------- c:\windows\system32\ieUnatt.exe 2009-07-17 07:35 71,680 a------- c:\windows\system32\atl.dll 2009-07-14 06:00 313,344 a------- c:\windows\system32\wmpdxm.dll 2009-07-14 05:59 4,096 a------- c:\windows\system32\dxmasf.dll 2009-07-14 05:58 7,680 a------- c:\windows\system32\spwmp.dll 2009-07-14 03:59 8,147,456 a------- c:\windows\system32\wmploc.DLL 2008-11-11 17:01 86,016 a------- c:\windows\inf\infstor.dat 2008-11-11 17:01 51,200 a------- c:\windows\inf\infpub.dat 2008-11-11 17:01 665,600 a------- c:\windows\inf\drvindex.dat 2008-11-11 17:01 86,016 a------- c:\windows\inf\infstrng.dat 2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 13:40:14.17 ===============

Attached Files



#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 27 September 2009 - 02:53 PM

Hi,

You are clean,

just some housekeeping to do now:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16)


NEXT

Now we need to create a new clean SYSTEM RESTORE point.

  • Close and save any documents that you may have open.
  • Open up the Start Menu and right-click on "Computer", and then select "Properties"
  • This will take you into the System area of Control Panel. Click on the "Advanced system settings" on the left hand side.
  • Now select the "System Protection" tab to get to the System Restore section.
  • Click the "Create" button to create a new restore point. You'll be prompted for a name, and you might want to give it a useful name that you'll be able to easily identify later.
  • Click the Create button, and then the system will create the restore point.
  • When it's all finished, you'll get a message saying it's completed successfully.
  • You will now have a new restore point

Then remove all previous Restore Points
  • Click Start Menu > Run > copy and paste
  • cleanmgr into the run box
  • At the top, click on the More Options tab, under System Restore and Shadow Copies group,
  • Click the Clean up button,
  • Vista will ask you if you’re sure, click on Yes button.
  • When finished, click on Cancel button to exit.


NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If there are any remaining logs on your desktop after using this tool, right click and delete them.


NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.


  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 HeyItsRey

HeyItsRey

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 29 September 2009 - 05:53 PM

Thank you, CatByte! Thank you, thank you, THANK YOU! :wub:

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 29 September 2009 - 05:54 PM

You are more than welcome stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 04 October 2009 - 08:09 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users