Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blank Tabs Open Until The Computer Freezes Cannot Stop It


  • This topic is locked This topic is locked
11 replies to this topic

#1 richard_high

richard_high

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 15 January 2009 - 06:30 PM

I have a Dell Desktop (unsure which dimension) with Windows XP Home Edition

It's completely updated. I use Norton Antivirus and have a firewall enabled.

Sometimes when I am online tabs spontaneously open. They keep opening until the computer freezes and locks up. I cannot stop them. They say blank.

Here is the results of the DDS scan:


DDS (Ver_09-01-07.01) - NTFSx86
Run by Rick at 17:22:22.92 on Thu 01/15/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.441 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.alot.com/?client_id=1497BCD001C9598900143140&install_time=09-12-2008:21:57&src_id=11078&camp_id=176&tb_version=2.3.0.342
mStart Page = hxxp://home.sweetim.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\CMPDPSRV.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2008-12-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2008-12-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090113.003\IDSxpx86.sys [2009-1-14 274808]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090115.004\naveng.sys [2009-1-15 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090115.004\navex15.sys [2009-1-15 876112]
R4 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2008-12-18 115560]

=============== Created Last 30 ================

2009-01-14 11:05 <DIR> --d----- c:\documents and settings\rick\Contacts
2008-12-19 18:03 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-19 18:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 18:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-19 18:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2008-12-11 21:08 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-22 20:45 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-06-12 18:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061220080613\index.dat

============= FINISH: 17:22:54.29 ===============


PLEASE help! Thanx.

Attached Files



BC AdBot (Login to Remove)

 


#2 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:03 AM

Posted 29 January 2009 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.
Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.



* Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.scr
DDS.pif

* Double click on the DDS icon, allow it to run.
* A small box will open, with an explaination about the tool. No input is needed, the scan is running.
* Notepad will open with the results, click no to the Optional_Scan
* Follow the instructions that pop up for posting the results.
* Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#3 richard_high

richard_high
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 03 February 2009 - 10:35 PM

Thanks so much for responding. Sorry for the lateness of MY reply but I thought I had my e-mail notification on when I apparently did not. Will preform all the tests, ect that you instructed and post the results. Again, thanks so much. Paid technicians do not even do as good of a job as you guys. It's hard to believe this is a free service. :thumbsup:

#4 richard_high

richard_high
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 04 February 2009 - 01:00 AM

Malwarebytes' Anti-Malware 1.33
Database version: 1725
Windows 5.1.2600 Service Pack 3

2/3/2009 11:45:30 PM
mbam-log-2009-02-03 (23-45-30).txt

Scan type: Quick Scan
Objects scanned: 56191
Time elapsed: 1 hour(s), 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 23:49:51.56 on Tue 02/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.172 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

mStart Page = hxxp://home.sweetim.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
c:\docume~1\owner\locals~1\temp\rarsfx0\temp00
c:\docume~1\owner\locals~1\temp\rarsfx0\temp00
c:\docume~1\owner\locals~1\temp\rarsfx0\temp00
c:\docume~1\owner\locals~1\temp\rarsfx0\temp00
c:\docume~1\owner\locals~1\temp\rarsfx0\temp00
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aquafresh.com\www
Trusted Zone: smartsource.com\coupons
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-02-03 22:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-03 22:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 22:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 21:44 <DIR> --d----- c:\program files\CCleaner
2009-01-28 20:10 <DIR> --d----- c:\program files\FinePixViewerS

==================== Find3M ====================

2008-12-11 21:08 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-08-19 19:03 3,932 a------- c:\docume~1\owner\applic~1\CMLayout.dat
2008-08-19 19:03 268 a------- c:\docume~1\owner\applic~1\CMCPaper.dat
2008-06-12 18:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061220080613\index.dat

============= FINISH: 23:53:24.34 ===============

Attached Files



#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:03 AM

Posted 04 February 2009 - 01:29 AM

Follow these steps to use the Reset Internet Explorer Settings feature from Internet Explorer 7:

1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

Then take a look at IE7, browse around for a bit and see what is what.

I do believe I am done for the night though. So post up the results, and I will get them tomorrow.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 richard_high

richard_high
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 07 February 2009 - 10:14 PM

Yes this seems to have fixed the problem! Thank you so much. If you don't mind I have a second computer that is running REAL slow. Could I possibly have you look @ it's test results without getting back in line? Thanks so much.

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:03 AM

Posted 07 February 2009 - 10:42 PM

Sure. If it is running slow try running Malwarebytes' Anti-Malware scan and also Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 richard_high

richard_high
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 08 February 2009 - 09:18 PM

Thanks so much for getting back to me. Downloaded and ran the CCleaner program but it didn't seem to helo the situation. Ran the DDS program on the current computer in question. Here are the results:



DDS (Ver_09-02-01.01) - NTFSx86
Run by Pamela at 20:13:58.89 on 2009-02-08
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.116 [GMT -6:00]

AV: Norton Security Online *On-access scanning enabled* (Updated)
FW: Norton Security Online *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pamela\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc1110.mail.yahoo.com/mc/welcome?&.rand=1217239534&da=0
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
TB: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Microsoft Works Update Detection] ???\WkDetect.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\CMPDPSRV.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\progra~1\symantec\osCheck.exe"
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware Reboot] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156212678295
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156212514451
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - hxxp://support.f-secure.com/ols3/fscax.cab
DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - hxxp://www.piclens.com/shared/plinstll.cab
DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} - hxxp://mail.lycos.com/hanmail-ax/AttachMail.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
AppInit_DLLs: NVDESK32.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-26 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090208.016\NAVENG.SYS [2009-2-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090208.016\NAVEX15.SYS [2009-2-8 876112]
R3 SG760_XP;EDUP 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2008-12-21 260608]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-4-12 1174664]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2008-4-12 54272]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\program files\malwarebytes' anti-malware\catchme.sys --> c:\program files\malwarebytes' anti-malware\catchme.sys [?]

============== File Associations ===============

inffile=%
regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-02-08 20:04 <DIR> --d----- c:\program files\CCleaner
2009-01-26 18:36 <DIR> --d----- c:\program files\Messenger
2009-01-26 18:35 <DIR> --d----- c:\windows\system32\scripting
2009-01-26 18:35 <DIR> --d----- c:\windows\l2schemas
2009-01-26 18:34 <DIR> --d----- c:\windows\system32\en
2009-01-26 15:06 151,552 -c------ c:\windows\system32\dllcache\wmidx.dll
2009-01-26 15:05 86,016 -c------ c:\windows\system32\dllcache\sl_anet.acm
2009-01-26 15:04 412,160 -------- c:\windows\system32\photometadatahandler.dll
2009-01-26 15:03 844,314 -c------ c:\windows\system32\dllcache\msdxm.ocx
2009-01-26 15:02 6,144 -------- c:\windows\system32\kbdpash.dll
2009-01-26 15:02 6,144 -------- c:\windows\system32\kbdnepr.dll
2009-01-26 15:02 6,144 -------- c:\windows\system32\kbdiultn.dll
2009-01-26 15:02 6,144 -------- c:\windows\system32\kbdbhc.dll
2009-01-26 15:02 1,261 -------- c:\windows\system32\pid.inf
2009-01-26 15:02 144,384 -------- c:\windows\system32\drivers\hdaudbus.sys
2009-01-26 15:00 8,192 -c------ c:\windows\system32\dllcache\asferror.dll
2009-01-26 15:00 136,192 -------- c:\windows\system32\aaclient.dll
2009-01-26 12:50 <DIR> --d----- c:\program files\Norton Security Scan
2009-01-26 12:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-26 12:08 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-26 12:08 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-26 12:08 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-26 12:07 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-26 12:07 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-25 18:35 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-25 18:34 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-25 18:33 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-25 18:33 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-25 18:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-25 18:10 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-25 18:04 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-01-26 18:40 78,207 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-26 16:56 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-26 16:56 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-26 16:56 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-26 16:56 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-04-13 17:28 0 a------- c:\program files\temp01
2001-05-21 10:54 3,932 a------- c:\docume~1\pamela\applic~1\CMLayout.dat

============= FINISH: 20:15:27.76 ===============

Attached Files



#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:03 AM

Posted 08 February 2009 - 09:54 PM

Can you run Malwarebytes' Anti-Malware also please?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 richard_high

richard_high
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 13 February 2009 - 01:32 AM

So sorry it took so long to reply. My kid has been really sick with a very high fever. Here is the results:

Malwarebytes' Anti-Malware 1.34
Database version: 1756
Windows 5.1.2600 Service Pack 3

2009-02-13 00:31:43
mbam-log-2009-02-13 (00-31-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164159
Time elapsed: 3 hour(s), 21 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:03 AM

Posted 13 February 2009 - 02:18 AM

Are you still getting tabs opening up? Do they take you to a specific site or group of sites?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:03 AM

Posted 18 February 2009 - 02:23 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users