Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"cannot find http://<random characters>make sure the path or internet address is correct"


  • This topic is locked This topic is locked
11 replies to this topic

#1 piercedgeek

piercedgeek

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 18 December 2010 - 02:52 PM

"cannot find http://<random characters>make sure the path or internet address is correct"

Symptoms:
1) Internet Explorer will often not open if it or a shortcut are double clicked.
It is seen in task manager, trying again results in another iexplore.exe showing up in task manager.
Ending task on it and retrying a few times will usually get it to open.

2) If it does open, clicking a link will usually result in the "cannot find http://<random characters>" error.
Manually typing links in the address bar works fine.
I'm pretty sure I had the "cannot find" error in safemode as well, I can check that again if anyone needs me to.

I'm using Chrome as my primary browser now, it seems to work fine, though now and then I get the "chrome has crashed" error, unsure if this is the result of some sort of malware/hijacker as well, or running the beta version of Chrome with a lot of tabs open.

Company laptop, has Trend MICRO on it, though it finds nothing. The windows firewall is disabled by group policy, and the Trend Micro firewall is used instead.
Installed Avast!, it found a few things in the temp internet folder and cleaned them, still have issues.
the items were:
Threat:HTML:Framer-inf [Trj]
Threat:JS:Downloader-AIS [Trj]
Threat:JS:Pdfka-AUQ [Expl]
Threat:HTML:Iframe-inf

When I first ran gmer, it closed without warning or error after about 4 or 5 minutes... tried it again and ran fully.

Thanks in advance for any help offered!



DDS (Ver_10-12-12.02) - NTFSx86
Run by CHardy at 12:15:32.79 on Sat 12/18/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2122 [GMT -7:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {30C7B84B-49D9-4B5D-B5EC-5B68D5BB1773}
FW: Trend Micro Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
C:\WINDOWS\System32\svchost.exe -k Cognizance
svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\chardy\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Documents and Settings\chardy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chardy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chardy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chardy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\chardy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\chardy\Desktop\dds\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by COMPANYNAME Systems
mStart Page = about:blank
uInternet Settings,ProxyServer = proxy1.usana.com:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -
BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} -
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -
uRun: [COMPANYNAMELoginScript] Wscript c:\COMPANYNAMEtools\VPNLogin.vbs
uRun: [Google Update] "c:\documents and settings\chardy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [AgentUiRunKey] "c:\program files\iron mountain\connected backuppc\Agent.exe" -ni -sss -e http://localhost:16386/
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [iPassConnect] "c:\program files\ipass\ipassconnect\iPassConnectGUI.exe" /S
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\chardy\startm~1\programs\startup\954-47~1.lnk - c:\documents and settings\chardy\my documents\my dropbox\backup\954-471-7642bak.bat
StartupFolder: c:\docume~1\chardy\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\chardy\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: NoDispScrSavPage = 1 (0x1)
uPolicies-system: HideLogonScripts = 1 (0x1)
uPolicies-system: HideLegacyLogonScripts = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: COMPANYNAME.com
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxp://witskb/WorkSite/includes/iManFile.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.atl.COMPANYNAME.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://vpn.atl.COMPANYNAME.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://intranet/Help%20Desk/apps/SAXFile.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D1A7314E-03BD-40E0-BA6A-F37AB575FECF} - hxxps://cdn.COMPANYNAME.com/DownloadXPro.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://COMPANYNAME.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remote.agoc.com/dana-cached/setup/JuniperSetupSP1.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OneCard - c:\program files\hpq\iam\bin\AsWlnPkg.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-15 165584]
R2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2010-5-21 7587232]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2001-8-23 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-15 40384]
R2 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2008-8-1 45384]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-8 51792]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2009-6-10 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-6-10 36432]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-15 40384]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-8-24 88192]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-1-4 340496]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2009-7-15 497008]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-7-15 689416]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-2-11 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-2-11 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-29 112640]
S3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-29 103680]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
S3 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
S3 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]

=============== Created Last 30 ================

2010-12-16 22:37:08 72080 ----a-w- c:\documents and settings\chardy\g2mdlhlpx.exe
2010-12-15 07:40:19 38848 ----a-w- c:\windows\avastSS.scr
2010-12-15 07:40:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-14 16:22:55 24704016 ----a-w- c:\temp\wfm 10.0.5\cognos\disk1\setupwin32.exe
2010-12-14 16:08:53 -------- d---a-w- c:\windows\New_Screen_Saver_Pics_Low
2010-12-14 16:08:53 -------- d---a-w- c:\windows\New_Screen_Saver_Pics_High
2010-12-14 15:15:10 351772184 ----a-w- c:\temp\wfm 10.0.5\suitecd1_applicationcomponents\appserver\weblogic8\server816_win32.exe
2010-12-14 15:13:51 16396824 ----a-w- c:\temp\wfm 10.0.5\suitecd1_applicationcomponents\appserver\setupAppServerWin32.exe
2010-12-06 07:44:06 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-06 07:44:03 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-01 14:52:10 1600285 ----a-w- c:\windows\COMPANYNAME_New_Screen_Saver_3.scr
2010-12-01 14:50:49 1587265 ----a-w- c:\windows\COMPANYNAME_New_Screen_Saver.scr

==================== Find3M ====================

2010-11-08 08:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-30 18:56:27 61208 ----a-w- c:\windows\system32\MPEG4E-uninstall.exe
2010-10-22 14:09:01 12 ----a-w- C:\CHP_Ver_2.EXE

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS72101 rev.MCZI -> Harddisk0\DR0 -> \Device\000000d7

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys >>UNKNOWN [0x8A65C446]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a662504]; MOV EAX, [0x8a662580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B0B4758]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AFB71B8]
5 hpdskflt[0xF74D8FFD] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\000000bd[0x8B07AB58]
7 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AFB5030]
\Driver\iaStor[0x8AFEE978] -> IRP_MJ_CREATE -> 0x8A65C446
kernel: MBR read successfully
_asm { ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHTS721010G9SA00_________________________MCZIC15V#4&7ddf5d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x8A65C292
user != kernel MBR !!!
error: Read A device attached to the system is not functioning.
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 12:16:45.40 ===============

BC AdBot (Login to Remove)

 


#2 piercedgeek

piercedgeek
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 18 December 2010 - 05:13 PM

Did something wrong while attaching my logs, let me try that again

Attached Files



#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 28 December 2010 - 01:13 PM

Hello piercedgeek ,

Posted Image

Sorry for the delay. :( If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 piercedgeek

piercedgeek
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 29 December 2010 - 05:46 PM

No problem, I understand how backed up a forum with free help can get :)
I'm not using the laptop much anyways since the wife and I are visiting family this time of year (out in your state today btw, League City, TX!)


Looks like whatever this is, is starting to impact Chrome(or I'm just now noticing it). I googled "HijackThis", the first link was:
http://free.antivirus.com/hijackthis/
clicking it sends me to:
http://cdn.stopadwares.com/free-anti-adware-spyware-virus-downloads/?wb=admkeyalg

if I right click the google result, copy/paste the link into my browsers address bar, it actually loads the HiJackThis page.

Also, prior to getting forwarded to the junk page, the loading bar shows "waiting for urlfraudcheck.com ..." hah, riiight!


Since I usually kill off a lot of processes and services after my computer starts up, I did a reboot before running the scans to give a complete view.
After scanning, I tested googling for HijackThis again, and now I am not forwarded to the junk pages, I get the correct page by clicking.

Just tested, IE still gives me the original "unable to find" error

Thanks!

Attached Files



#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 29 December 2010 - 07:14 PM

Hi there,

Welcome to Texas, even for a short while. :thumbup2: Funnily enough, at the moment I'm in Ohio. :lol:

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 piercedgeek

piercedgeek
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 29 December 2010 - 09:40 PM

Ah Ohio, one of the few states I've actually not been to yet!

I ran the scan, it did detected an item, which I told it to cure then rebooted.
Re-ran the scan after, and it shows me as clean. Attached are the logs.

Is there anything else to check?

Also, something that I think is most likely related to an issue with legitimate software I have installed, but figured I'd mention anyways just-in-case it's related to this:
right clicking on some file types causes a very long delay (sometimes upwards of 1 minute) before I get the menu. Again, pretty sure it's unrelated, and I have a path I'm going to follow to work on it, but let me know if you think it may be related...

Thank you very much for your help on this!

Attached Files



#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 29 December 2010 - 10:36 PM

Hi there,

Look back at your original post and let me know if any of the original problems remain. :)

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 piercedgeek

piercedgeek
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 December 2010 - 12:07 PM

Internet Explorer opens quickly and consistently. None of the clicks redirect me. Not having any redirects in Chrome.

Downloaded and ran Malwarebytes Anti-Malware, only item that was found was a PUP, a tool I use to view wireless keys in Windows XP, nothing too threatening :)


Thank you for your help in getting me cleaned up!

Attached Files



#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 30 December 2010 - 12:24 PM

Hi there,

You're most welcome. :)

The only thing left I see would be to make sure you update your Java. :thumbup2: Otherwise I think we're done here. :)

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 piercedgeek

piercedgeek
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 December 2010 - 05:36 PM

Will do! Probably a good idea to change my passwords too?

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 30 December 2010 - 06:16 PM

Well that certainly never hurts. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 03 January 2011 - 02:30 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users