Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

malware infection: trying to type in data entry fields triggers pop-up

malware infection

  • This topic is locked This topic is locked
36 replies to this topic

#16 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 10 December 2013 - 08:10 AM

Yes I'm still here. I can run the CFScript and get the ComboFix log back to you this evening. Thanks again for all your help.


    Advertisements

Register to Remove


#17 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 December 2013 - 09:30 AM

No problem.....I probably won't be able to respond until tomorrow then because I have a final exam tonight.   I hope that is not a problem.  :)


Posted Image
 
 

#18 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 10 December 2013 - 05:25 PM

No problem at all. Good luck with the exam, although in my experience, luck doesn't come into it so, no doubt you've prepared well and will therefore do well.

 

The following is the log created by ComboFix;

 

ComboFix 13-12-10.01 - Owner 10/12/2013  22:58:15.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.1791.999 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\program files\BitComet\BitComet.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Aswbomsna
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-10 to 2013-12-10  )))))))))))))))))))))))))))))))
.
.
2013-12-10 19:16 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1904D778-A958-4845-84B3-81070F6D104C}\mpengine.dll
2013-12-09 18:27 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-03 19:42 . 2013-12-03 19:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\KODAK AiO Home Center489310287
2013-11-27 23:33 . 2013-12-05 18:44 -------- d-----w- c:\program files\Anvisoft
2013-11-27 23:33 . 2013-11-27 23:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Anvisoft
2013-11-26 23:43 . 2013-11-26 23:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVAST Software
2013-11-24 11:42 . 2013-11-24 11:42 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
2013-11-18 17:20 . 2013-11-18 17:21 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 18:41 . 2013-05-23 13:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-03 18:41 . 2013-05-23 13:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-24 11:39 . 2013-05-25 19:06 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-24 11:39 . 2013-05-25 19:06 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-24 11:39 . 2013-05-25 19:06 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-24 11:39 . 2013-05-25 19:06 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-24 11:39 . 2013-05-25 19:06 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-24 11:39 . 2013-05-25 19:06 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-24 11:39 . 2013-05-25 19:06 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-24 11:39 . 2013-05-25 19:06 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-24 11:39 . 2013-05-25 19:06 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-24 11:39 . 2013-05-25 19:05 43152 ----a-w- c:\windows\avastSS.scr
2013-11-19 10:21 . 2013-05-23 14:16 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:25 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2013-05-23 13:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 09:53 . 2013-01-20 14:59 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2001-10-05 10:53 . 2013-05-25 19:52 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-24 11:38 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 40960]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-10 295512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-24 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-5-29 3225712]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-6-14 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr [2007-4-19 64864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2013-5-25 49220]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [25/05/2013 19:06 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [25/05/2013 19:06 178304]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [07/11/2013 21:23 368616]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [07/11/2013 21:23 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [07/11/2013 21:23 909728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25/05/2013 19:06 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/05/2013 19:06 403440]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [07/11/2013 21:35 260760]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [07/11/2013 21:23 202280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/05/2013 19:06 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [25/05/2013 19:06 70384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [07/11/2013 21:37 580728]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [15/03/2013 14:07 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [15/01/2013 12:07 780152]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 14:19 39056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/05/2013 11:49 1691480]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [07/11/2013 21:37 62688]
S3 pctplsm;pctplsm;c:\windows\system32\drivers\pctplsm.sys [07/11/2013 21:35 68272]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [07/11/2013 21:34 403416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 18:27 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-25 11:38]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-25 19:06]
.
2013-12-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 15:01]
.
2013-11-23 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 14:19]
.
2013-12-10 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2013-12-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2013-12-10 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2013-12-10 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-10 23:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTStartup = c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???\????????\?w? ?w???????w???w4???????.??w4???????4????>?s4???N????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\????????wb??????C@?\???\???$??sN???\??????s\????&3?5??s?&3??C@?x???`|?w\?????@ 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1552)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\AdFender\AdFender.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-12-10  23:16:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-10 23:16
ComboFix2.txt  2013-12-03 20:48
.
Pre-Run: 118,788,960,256 bytes free
Post-Run: 118,889,562,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F5FE317B0D031C6EAB5FBAFA468383BC
8F558EB6672622401DA993E1E865C861


#19 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 10 December 2013 - 08:53 PM

and also let me know how your system is running now.

 

:)


Posted Image
 
 

#20 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 December 2013 - 06:34 AM

Still need help?


Posted Image
 
 

#21 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 December 2013 - 06:33 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Posted Image
 
 

#22 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 13 December 2013 - 02:29 PM

Message  for Jeff, sorry for continual delays in my responses - running small business single-handed (since Feb.) takes up almost ALL my time.
 
My system seems to be running smoothly thanks to you - can you tell me what started the problem so I can avoid in future?
 
Thanks again for all your hard work - and patience!
 
Best wishes,
 
Wotanidiot!


#23 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 December 2013 - 06:19 PM

Message  for Jeff, sorry for continual delays in my responses - running small business single-handed (since Feb.) takes up almost ALL my time.
 
My system seems to be running smoothly thanks to you - can you tell me what started the problem so I can avoid in future?
 
Thanks again for all your hard work - and patience!

 
Hi,
 
I went ahead and merged the two topics that you have together and we can just go from here.  :) 
 
Good to hear that your system is running better but we have just a bit more to do ok? 

GUZVCQN.jpgMalwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


Posted Image
 
 

#24 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 December 2013 - 06:00 PM

Hello again. I have the following: MBAM-log-2013-12-16 (22-44-37), and then the ESET Online Scan results.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.16.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-3FC151321 [administrator]
 
16/12/2013 22:33:47
MBAM-log-2013-12-16 (22-44-37).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224783
Time elapsed: 10 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Documents and Settings\All Users\Application Data\InstallMate\{4EA1B56B-24D1-44D3-A638-6CF39542979D}\Custom.dll (PUP.Optional.InstalleRex) -> No action taken.
 
(end)
 
C:\Documents and Settings\All Users\Application Data\InstallMate\{4EA1B56B-24D1-44D3-A638-6CF39542979D}\Custom.dll Win32/InstalleRex.L application
C:\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D application
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlbkijojjfgcojdkdlpbfniilapcodpp\1.6\Z1MO.js.vir Win32/Adware.MultiPlug.H application
 
As I'm now shutting down and retiring for the night, I don't know as yet how my system is running after performing these scans. What I can tell you is this; earlier when I used the Search Bar in Internet Explorer, this is the message I got when the search results list finished loading:
this tab has been recovered, Internet Explorer has encountered a problem and needs to close.
I clicked on the 'send details' option and Internet Explorer closed.
 
Thanks, as always, for your continued support.


#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 December 2013 - 06:52 PM

Hi,
 
Thanks for letting me know.  :)
 
Run Malwarebytes again and then remove anything that is found.  Post that new log when you get it. 
--------------
 
First open a command prompt > Click Start > Run > and type cmd and press Enter.
This will open the command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter
  (You won't actually see anything happen)

del C:\Downloads\ccsetup407.exe

Close the Command Prompt box.


Posted Image
 
 

    Advertisements

Register to Remove


#26 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 17 December 2013 - 04:11 PM

Hello again, I've just completed these tasks and the log follows.

 

Malwarebytes found 1 maliscious application, and I instructed it to remove it.

 

My system seems to be running faster. The Internet Explorer problem still persists although, I haven't yet re-booted after deleting that 'maliscious application' so that might be rectified then.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.16.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-3FC151321 [administrator]

17/12/2013 21:34:56
mbam-log-2013-12-17 (21-34-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224686
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\All Users\Application Data\InstallMate\{4EA1B56B-24D1-44D3-A638-6CF39542979D}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.

(end)

 

Thank you for keeping with this.



#27 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 December 2013 - 06:58 PM

Ok let me know exactly what Internet Explorer is (or isn't) doing?  :)


Posted Image
 
 

#28 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 18 December 2013 - 02:23 PM

Using Internet Explorer and Yahoo home page.

 

The problem occurs when I click on 'Search' or hit the return key after typing something (anything) into the search engine.

 

EXAMPLE

1st attempt

I type: star wars a new hope, and click on search.

 

Internet Explorer window pops up:

Internet Explorer has encounteres a problem and needs to close. We are sorry for any inconvenience.

I send Error Report

 

Yahoo home page reloads with bubble on tab that reads: This tab has been recovered
A problem with this web site has caused Internet Explorer to close and reopen the tab

 

2nd attempt

 

I type: star wars a new hope, and hit return key.

 

Search results page launches but with Internet Explorer window in front:

Internet Explorer has encounteres a problem and needs to close. We are sorry for any inconvenience.
I send Error Report

 

Page refreshes with:

Website restore error
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
What you can do:
Go to your home page
Try to return to yahoo.com
More information

 

I choose option: Try to return to yahoo.com

Search results page launches again but clears and again replaced with

Website restore error
Internet Explorer has stopped trying to restore this website. It appears that the website continues to have a problem.
What you can do:
Go to your home page
Try to return to yahoo.com
More information

 

I choose the option: Go to your home page

launches Yahoo home page okay.



#29 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 December 2013 - 04:15 PM

n1eMMmT.jpg  Download  Windows Repair (all in one)  from this site

Install and then run the program.

On the Start Repairs tab click Start
DwysfIW.jpg


When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.

Now press Start
----------

 

Once done with this let me know if you are still experiencing the problems with IE.  :)


Posted Image
 
 

#30 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 December 2013 - 04:30 PM

Hi, I've downloaded the tweaking.com prog. but I'm out of time tonight. I'm hoping I will be able to run this tomorrow evening - the closer to the weekend it gets, the busier my shop gets, but I'll definitely keep you posted.


Related Topics




Also tagged with one or more of these keywords: malware infection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users