36 replies to this topic

[wotanidiot]

Yes I'm still here. I can run the CFScript and get the ComboFix log back to you this evening. Thanks again for all your help.

[jeffce]

No problem.....I probably won't be able to respond until tomorrow then because I have a final exam tonight.   I hope that is not a problem.  

[wotanidiot]

No problem at all. Good luck with the exam, although in my experience, luck doesn't come into it so, no doubt you've prepared well and will therefore do well.

 

The following is the log created by ComboFix;

 

ComboFix 13-12-10.01 - Owner 10/12/2013  22:58:15.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1791.999 [GMT 0:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

FILE ::

"c:\program files\BitComet\BitComet.exe"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Aswbomsna

.

.

(((((((((((((((((((((((((   Files Created from 2013-11-10 to 2013-12-10  )))))))))))))))))))))))))))))))

.

.

2013-12-10 19:16 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1904D778-A958-4845-84B3-81070F6D104C}\mpengine.dll

2013-12-09 18:27 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-03 19:42 . 2013-12-03 19:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\KODAK AiO Home Center489310287

2013-11-27 23:33 . 2013-12-05 18:44 -------- d-----w- c:\program files\Anvisoft

2013-11-27 23:33 . 2013-11-27 23:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Anvisoft

2013-11-26 23:43 . 2013-11-26 23:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVAST Software

2013-11-24 11:42 . 2013-11-24 11:42 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software

2013-11-18 17:20 . 2013-11-18 17:21 -------- d-----w- C:\AdwCleaner

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-03 18:41 . 2013-05-23 13:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-03 18:41 . 2013-05-23 13:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-11-24 11:39 . 2013-05-25 19:06 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-11-24 11:39 . 2013-05-25 19:06 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-11-24 11:39 . 2013-05-25 19:06 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-11-24 11:39 . 2013-05-25 19:06 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-11-24 11:39 . 2013-05-25 19:06 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-11-24 11:39 . 2013-05-25 19:06 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-11-24 11:39 . 2013-05-25 19:06 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-11-24 11:39 . 2013-05-25 19:06 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-11-24 11:39 . 2013-05-25 19:06 269216 ----a-w- c:\windows\system32\aswBoot.exe

2013-11-24 11:39 . 2013-05-25 19:05 43152 ----a-w- c:\windows\avastSS.scr

2013-11-19 10:21 . 2013-05-23 14:16 230048 ------w- c:\windows\system32\MpSigStub.exe

2013-10-13 07:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-13 07:25 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-10-13 07:25 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-10-13 07:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-13 06:57 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 01:14 . 2013-05-23 13:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-09-27 09:53 . 2013-01-20 14:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2001-10-05 10:53 . 2013-05-25 19:52 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-11-24 11:38 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-25 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]

"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]

"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 28672]

"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-10 295512]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-24 3568312]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-5-29 3225712]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-6-14 113664]

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr [2007-4-19 64864]

NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2013-5-25 49220]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AdFender\\AdFender.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=

"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9322:TCP"= 9322:TCP:EKDiscovery

"5353:UDP"= 5353:UDP:Bonjour Port 5353

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [25/05/2013 19:06 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [25/05/2013 19:06 178304]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/11/2013 21:23 368616]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [07/11/2013 21:23 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [07/11/2013 21:23 909728]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/05/2013 19:06 774392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/05/2013 19:06 403440]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [07/11/2013 21:35 260760]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [07/11/2013 21:23 202280]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/05/2013 19:06 35656]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25/05/2013 19:06 70384]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [07/11/2013 21:37 580728]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [15/03/2013 14:07 395640]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [15/01/2013 12:07 780152]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 14:19 39056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/05/2013 11:49 1691480]

S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [07/11/2013 21:37 62688]

S3 pctplsm;pctplsm;c:\windows\system32\drivers\pctplsm.sys [07/11/2013 21:35 68272]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [07/11/2013 21:34 403416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-06 18:27 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-10 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-25 11:38]

.

2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]

.

2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]

.

2013-12-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 15:01]

.

2013-11-23 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 14:19]

.

2013-12-10 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]

.

2013-12-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]

.

2013-12-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]

.

2013-12-10 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://uk.yahoo.com/

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-12-10 23:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4???N????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\????????wb??????C@?\???\???$??sN???\??????s\????&3?5??s?&3??C@?x???`|?w\?????@ 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(820)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(1552)

c:\windows\system32\WININET.dll

c:\windows\system32\ctagent.dll

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\CTHELPER.EXE

c:\program files\AdFender\AdFender.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2013-12-10  23:16:44 - machine was rebooted

ComboFix-quarantined-files.txt  2013-12-10 23:16

ComboFix2.txt  2013-12-03 20:48

.

Pre-Run: 118,788,960,256 bytes free

Post-Run: 118,889,562,112 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - F5FE317B0D031C6EAB5FBAFA468383BC

8F558EB6672622401DA993E1E865C861

[jeffce]

and also let me know how your system is running now.

 

[jeffce]

Still need help?

[jeffce]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

[wotanidiot]

Message  for Jeff, sorry for continual delays in my responses - running small business single-handed (since Feb.) takes up almost ALL my time.

 

My system seems to be running smoothly thanks to you - can you tell me what started the problem so I can avoid in future?

 

Thanks again for all your hard work - and patience!

 

Best wishes,

 

Wotanidiot!

[jeffce]

Message  for Jeff, sorry for continual delays in my responses - running small business single-handed (since Feb.) takes up almost ALL my time.
 
My system seems to be running smoothly thanks to you - can you tell me what started the problem so I can avoid in future?
 
Thanks again for all your hard work - and patience!

 
Hi,
 
I went ahead and merged the two topics that you have together and we can just go from here.   
 
Good to hear that your system is running better but we have just a bit more to do ok? 

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

----------

[wotanidiot]

Hello again. I have the following: MBAM-log-2013-12-16 (22-44-37), and then the ESET Online Scan results.

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.16.08

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: OWNER-3FC151321 [administrator]

 

16/12/2013 22:33:47

MBAM-log-2013-12-16 (22-44-37).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 224783

Time elapsed: 10 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Documents and Settings\All Users\Application Data\InstallMate\{4EA1B56B-24D1-44D3-A638-6CF39542979D}\Custom.dll (PUP.Optional.InstalleRex) -> No action taken.

 

(end)

 

C:\Documents and Settings\All Users\Application Data\InstallMate\{4EA1B56B-24D1-44D3-A638-6CF39542979D}\Custom.dll Win32/InstalleRex.L application

C:\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D application

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\Z1MO.js.vir Win32/Adware.MultiPlug.H application

 

As I'm now shutting down and retiring for the night, I don't know as yet how my system is running after performing these scans. What I can tell you is this; earlier when I used the Search Bar in Internet Explorer, this is the message I got when the search results list finished loading:

this tab has been recovered, Internet Explorer has encountered a problem and needs to close.

I clicked on the 'send details' option and Internet Explorer closed.

 

Thanks, as always, for your continued support.

[jeffce]

Hi,
 
Thanks for letting me know. 
 
Run Malwarebytes again and then remove anything that is found.  Post that new log when you get it. 
--------------
 
First open a command prompt > Click Start > Run > and type cmd and press Enter.
This will open the command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter
  (You won't actually see anything happen)

del C:\Downloads\ccsetup407.exe

Close the Command Prompt box.

[wotanidiot]

Hello again, I've just completed these tasks and the log follows.

 

Malwarebytes found 1 maliscious application, and I instructed it to remove it.

 

My system seems to be running faster. The Internet Explorer problem still persists although, I haven't yet re-booted after deleting that 'maliscious application' so that might be rectified then.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.16.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-3FC151321 [administrator]

17/12/2013 21:34:56
mbam-log-2013-12-17 (21-34-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224686
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\All Users\Application Data\InstallMate\{4EA1B56B-24D1-44D3-A638-6CF39542979D}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.

(end)

 

Thank you for keeping with this.

[jeffce]

Ok let me know exactly what Internet Explorer is (or isn't) doing? 

[wotanidiot]

Using Internet Explorer and Yahoo home page.

 

The problem occurs when I click on 'Search' or hit the return key after typing something (anything) into the search engine.

 

EXAMPLE

1st attempt

I type: star wars a new hope, and click on search.

 

Internet Explorer window pops up:

Internet Explorer has encounteres a problem and needs to close. We are sorry for any inconvenience.

I send Error Report

 

Yahoo home page reloads with bubble on tab that reads: This tab has been recovered
A problem with this web site has caused Internet Explorer to close and reopen the tab

 

2nd attempt

 

I type: star wars a new hope, and hit return key.

 

Search results page launches but with Internet Explorer window in front:

Internet Explorer has encounteres a problem and needs to close. We are sorry for any inconvenience.
I send Error Report

 

Page refreshes with:

Website restore error
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
What you can do:
Go to your home page
Try to return to yahoo.com
More information

 

I choose option: Try to return to yahoo.com

Search results page launches again but clears and again replaced with

Website restore error
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
What you can do:
Go to your home page
Try to return to yahoo.com
More information

 

I choose the option: Go to your home page

launches Yahoo home page okay.

[jeffce]

  Download  Windows Repair (all in one)  from this site

Install and then run the program.

On the Start Repairs tab click Start



When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.

Now press Start
----------

 

Once done with this let me know if you are still experiencing the problems with IE. 

[wotanidiot]

Hi, I've downloaded the tweaking.com prog. but I'm out of time tonight. I'm hoping I will be able to run this tomorrow evening - the closer to the weekend it gets, the busier my shop gets, but I'll definitely keep you posted.