Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Needed to remove Adware.FunWeb


  • This topic is locked This topic is locked
33 replies to this topic

#1 add72701

add72701

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 04 August 2011 - 04:58 PM

Operating System: Windows Vista Service Pack 2

Symptoms: Mozilla Firefox not responding, other windows programs not responding, computer locks up and has to be restarted when trying to run Windows Defender, Malware Bytes or Avast Anti Virus. When running a full scan, the computer locks up in the same folder, but at different .dll files.
C:\Program Files\Common Files\Install Shield\Professional\Run Time\11\50\Intel 32\iGdi.dll or setup.dll or iuser.dll or iKernel.dll

What I've done: Ran a Quick Scan with Malware Bytes and removed the malicious file. Ran Eusing Registry Cleaner. Restored as far back as possible and said various curse words.

What Malware Bytes Found: b4ody+0z.exe.part (Adware.FunWeb)

Thanks in advance for your help.

Edited by add72701, 04 August 2011 - 05:11 PM.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:49 AM

Posted 04 August 2011 - 07:10 PM

Hi add72701,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button. (The latest update is 7379).
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

:step3: Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

:step4: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • MiniToolBox log
  • Malarebytes log
  • SUPERAntiSpyware log
  • GMER log
  • How's the computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 August 2011 - 06:24 PM

Mini Tool Box Log:

MiniToolBox by Farbar 
Ran by Hop Shack (administrator) on 04-08-2011 at 20:19:08
Windows Vista (TM) Home Basic Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ============================== 

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : HopShack-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 00-22-5F-D4-56-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8951:4388:d968:2e7b%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, August 04, 2011 8:07:21 PM
   Lease Expires . . . . . . . . . . : Monday, September 11, 2147 2:47:26 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 301998687
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-04-3B-44-00-1E-33-CE-EA-6F
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-1E-33-CE-EA-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24f9:3fea:3f57:fdfc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24f9:3fea:3f57:fdfc%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  
Address:  192.168.2.1

Name:    google.com
Addresses:  74.125.113.106
	  74.125.113.147
	  74.125.113.99
	  74.125.113.103
	  74.125.113.104
	  74.125.113.105



Pinging google.com [74.125.115.147] with 32 bytes of data:

Reply from 74.125.115.147: bytes=32 time=46ms TTL=51

Reply from 74.125.115.147: bytes=32 time=47ms TTL=51



Ping statistics for 74.125.115.147:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 46ms, Maximum = 47ms, Average = 46ms

Server:  
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  67.195.160.76
	  69.147.125.65
	  72.30.2.43
	  98.137.149.56
	  209.191.122.70



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:

Reply from 69.147.125.65: bytes=32 time=37ms TTL=53

Reply from 69.147.125.65: bytes=32 time=51ms TTL=53



Ping statistics for 69.147.125.65:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 37ms, Maximum = 51ms, Average = 44ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 22 5f d4 56 7f ...... Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
 10 ...00 1e 33 ce ea 6f ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}
 12 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 15 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 23 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    281
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     18 2001::/32                On-link
 13    266 2001:0:4137:9e76:24f9:3fea:3f57:fdfc/128
                                    On-link
 11    281 fe80::/64                On-link
 13    266 fe80::/64                On-link
 13    266 fe80::24f9:3fea:3f57:fdfc/128
                                    On-link
 11    281 fe80::8951:4388:d968:2e7b/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/04/2011 08:08:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2011 05:27:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2011 05:26:30 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/04/2011 04:33:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2011 04:07:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2011 03:54:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/04/2011 03:51:37 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/04/2011 03:51:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/04/2011 03:51:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/04/2011 03:51:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (08/04/2011 08:09:00 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (08/04/2011 08:08:17 PM) (Source: Service Control Manager) (User: )
Description: SPCA1528 Video Camera Service%%2

Error: (08/04/2011 05:27:28 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/04/2011 05:27:25 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/04/2011 05:27:12 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/04/2011 05:27:12 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/04/2011 05:27:12 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/04/2011 05:27:12 PM) (Source: Service Control Manager) (User: )
Description: AFD
aswRdr
aswSnx
aswSP
aswTdi
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
RtlProt
Smb
spldr
tdx
Wanarpv6

Error: (08/04/2011 05:27:12 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/04/2011 05:27:12 PM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
5600 (Version: 82.0.242.000)
5600_Help (Version: 82.0.242.000)
5600Trb (Version: 82.0.242.000)
7-Zip 4.65
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.1.0.5790)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Akamai NetSession Interface
Amazon Links (Version: 1.0)
Apple Application Support (Version: 1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
avast! Free Antivirus (Version: 6.0.1203.0)
BeerSmith
Bonjour (Version: 1.0.106)
BreWater 3.0
BufferChm (Version: 82.0.173.000)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
CDDRV_Installer (Version: 4.60)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Copy (Version: 120.0.214.000)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
DVD MovieFactory for TOSHIBA (Version: 5.51)
erLT (Version: 1.20.0137)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
FileZilla Client 3.5.0 (Version: 3.5.0)
Free FLV Converter V 6.7.4 (Version: 6.7.4.0)
Google Earth Plug-in (Version: 6.0.3.2197)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 6.6.1409.1944)
Google Update Helper (Version: 1.3.21.57)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP LaserJet P1000 series
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Print Diagnostic Utility (Version: 1.51.0000)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.005.006)
HPCarePackCore (Version: 10.0.0.1)
HPCarePackProducts (Version: 1.0.0.1)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 9.0.1.8)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
Java(TM) 6 Update 6 (Version: 1.6.0.60)
KhalInstallWrapper (Version: 2.00.0000)
LeapFrog Connect (Version: 2.3.11.8936)
LeapFrog Didj Plugin (Version: 2.3.11.8936)
LeapFrog Tag Junior Plugin (Version: 2.3.11.8936)
Logitech SetPoint (Version: 4.80)
Logitech Vid (Version: 1.70.1044)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.50917.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MrvlUsgTracking (Version: 1.0.7)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NetObjects Fusion Essentials
Personal Ancestral File 5
Picasa 3 (Version: 3.6)
QuickBooks (Version: 20.0.4012.807)
QuickBooks Pro 2010 (Version: 20.0.4012.807)
QuickTime (Version: 7.64.17.73)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5599)
REALTEK RTL8187B Wireless LAN Driver (Version: Package:1.00.0026 Driver:6.1116.1226.2007)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20130)
Realtek WiFi Protected Setup Library (Version: 1.00.0026)
Scan (Version: 8.1.0.0)
SolutionCenter (Version: 82.0.188.000)
SPCA1528 PC Driver (Version: 2.2.2.0)
Status (Version: 110.0.180.000)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
Toolbox (Version: 82.0.173.000)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA ConfigFree (Version: 7.2.20)
TOSHIBA Desktop Links (Version: 1.7)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 1.31.14)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Hardware Setup (Version: 2.00.08)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Service Station (Version: 1.1.14)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.04)
TOSHIBA Value Added Package (Version: 1.1.24)
TrayApp (Version: 110.0.180.000)
UnloadSupport (Version: 1.00.0000)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
WebReg (Version: 82.0.173.000)
WildTangent Games (Version: 1.0.0.62)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
WinRAR archiver
X-Chat 2.8.6-2 (Version: 2.8.6-2)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 2939.26 MB
Available physical RAM: 1581.77 MB
Total Pagefile: 6082.82 MB
Available Pagefile: 4760.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.82 MB

========================= Partitions: =====================================

1 Drive c: (SQ004981V02) (Fixed) (Total:224.2 GB) (Free:138.15 GB) NTFS

========================= Users: ========================================

User accounts for \\HOPSHACK-PC

Administrator            ASPNET                   Guest                    
Hop Shack                


== End of log == 

Malware Bytes (THIS TIME):
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7379

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/4/2011 8:29:26 PM
mbam-log-2011-08-04 (20-29-26).txt

Scan type: Quick scan
Objects scanned: 174206
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malware Bytes Log from when I first found the issue(for reference/help on issue?):

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7326

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/30/2011 10:53:20 AM
mbam-log-2011-07-30 (10-53-20).txt

Scan type: Quick scan
Objects scanned: 172891
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\hop shack\AppData\Local\Temp\b4ody+0z.exe.part (Adware.FunWeb) -> Quarantined and deleted successfully.

SuperAntiSpyware Quick Scan Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2011 at 05:52 PM

Application Version : 5.0.1108

Core Rules Database Version : 7515
Trace Rules Database Version: 5327

Scan type : Quick Scan
Total Scan Time : 00:07:16

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 335
Memory threats detected : 0
Registry items scanned : 30296
Registry threats detected : 0
File items scanned : 11149
File threats detected : 17

Adware.Tracking Cookie
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@2o7[2].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@ad.yieldmanager[2].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@adbrite[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@ads.pointroll[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@atdmt[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@doubleclick[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@firstroi.112.2o7[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@liveperson[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@liveperson[3].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@pointroll[2].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@realmedia[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@sales.liveperson[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@sales.liveperson[3].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@statse.webtrendslive[2].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@www.burstnet[1].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@www.windowsmedia[2].txt
C:\Users\Hop Shack\AppData\Roaming\Microsoft\Windows\Cookies\hop_shack@zedo[1].txt

SuperAntiSpyware Complete Scan Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2011 at 06:39 PM

Application Version : 5.0.1108

Core Rules Database Version : 7515
Trace Rules Database Version: 5327

Scan type : Complete Scan
Total Scan Time : 00:45:06

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 342
Memory threats detected : 0
Registry items scanned : 38502
Registry threats detected : 0
File items scanned : 60847
File threats detected : 36

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\HOP SHACK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\HOP SHACK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\HOP SHACK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\HOP SHACK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
8tracks.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
accounts.key.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
broadcast.piximedia.fr [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
cdn.insights.gravity.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
cdn4.specificclick.net [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
content.yieldmanager.edgesuite.net [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
core.insightexpressai.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
ia.media-imdb.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
interclick.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.bimvid.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.giantbomb.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.heavy.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.ign.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.kyte.tv [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.mtvnservices.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.nbcphiladelphia.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.noob.us [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.scanscout.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media.stereofame.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
media1.break.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
mediastore.verizonwireless.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
msnbcmedia.msn.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
objects.tremormedia.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
piximedia.fr [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
s0.2mdn.net [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
secure-us.imrworldwide.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
serving-sys.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
spe.atdmt.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
spilgames.oberon-media.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
static.2mdn.net [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
udn.specificclick.net [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]
www.naiadsystems.com [ C:\USERS\HOP SHACK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V7W9XXDU ]

Gmer:

Shut down unexpectedly EVERY time. I would get the error message that the program quit unexpectedly. The Fifth Time I tried to run it, I got a blue screen. Windows provided me with the following on the restart

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033

Additional information about the problem:
BCCode: c5
BCP1: 01FDDB58
BCP2: 00000002
BCP3: 00000000
BCP4: 81F40770
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini080711-01.dmp
C:\Users\Hop Shack\AppData\Local\Temp\WER-48999-0.sysdata.xml
C:\Users\Hop Shack\AppData\Local\Temp\WER13BE.tmp.version.txt




The first several times I tried to run SuperAntiSpyware, the computer would lock up in the SAME spot on the scan.
C:\Program Files\Common Files\Install Shield\Professional\Run Time\11\50\Intel 32\iuser.dll
After 1/2 hour or so, the computer would turn to a dark grey screen and would have to be rebooted. SO, I ran a Quick Scan and removed the 17 adware cookies and then ran the complete scan as directed. I included both scans.


I haven't tried to run the computer normally, yet. But, I'll reply here shortly after I reboot in Normal Mode from Safe Mode. But, I don't expect it to run too correctly since GMER wouldn't run properly.

Thanks in advance for your help. I apologize that I I couldn't post the results sooner. I had issues with the programs running (along with a hectic schedule)

Edited by add72701, 07 August 2011 - 06:26 PM.


#4 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 August 2011 - 07:25 PM

Okay, starting in Normal Mode provided a few challenges.
The first was taking SEVERAL minutes to go from the login screen to the Desktop View(iexplorer.exe??)
The second is that Windows Defender continutes to try to scan my system. I can not set it to not come on at startup. Currently, it's locking up at C:\Program Files\Common Files\Intuit\ShippingManager\ZRush_ShipRush4_QB.ocx and not finishing the scan. I cannot stop the scan in progress, but can exit the program from the Start Menu ToolBar.

On the first two reboots, the computer does seem to be running a little quicker and Firefox has not locked up, yet. However, it feels as though things still aren't back to normal.

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:49 AM

Posted 07 August 2011 - 08:33 PM

Hi add72701,

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 August 2011 - 09:11 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x8E206000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81E0F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E0F000 PnpManager 3907584 bytes
0x81E0F000 RAW 3907584 bytes
0x81E0F000 WMIxWDM 3907584 bytes
0x96CA0000 Win32k 2113536 bytes
0x96CA0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8EC00000 C:\Windows\system32\drivers\RTKVHDA.sys 2093056 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8A004000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x89C0C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x89E06000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAC30B000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x89F2C000 C:\Windows\System32\Drivers\dump_iaStor.sys 843776 bytes
0x89A0A000 C:\Windows\system32\DRIVERS\iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x80C33000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E8EA000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8DC0E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8060E000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x89B23000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80414000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x80D3A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8EF9C000 C:\Windows\system32\DRIVERS\RTL8187B.sys 327680 bytes (Realtek Semiconductor Corporation , Realtek RTL8187B NDIS Driver)
0xAC2BC000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x80740000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8EE4F000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80697000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8A152000 C:\Windows\system32\DRIVERS\tos_sps32.sys 274432 bytes (TOSHIBA Corporation, tos_sps2)
0x8049D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DD76000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8E9A0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8EF32000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89D42000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAC243000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A114000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89BBE000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x821C9000 ACPI_HAL 208896 bytes
0x821C9000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x89AD8000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EE97000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DCDA000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8DD47000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x807AB000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89D17000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x89B94000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x80CF3000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAC294000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A1AC000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EE000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x807D8000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x89DA8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8EF0A000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x89F0B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAC203000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8DC9B000 C:\Windows\system32\DRIVERS\Rtlh86.sys 135168 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x805CA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAC224000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80DA7000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x89EF0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x80C18000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x80DC4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DD29000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAC27C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8EF78000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8DDC2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB9006000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EEC9000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8EE25000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x80DDD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89DDF000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89DCB000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8EE3B000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8DCBC000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x80D27000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8EEF7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A1D3000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8079A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80484000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89B0A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x80CE3000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8078A000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E9ED000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x89D99000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x80C09000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A19D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80715000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8DDE4000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E9DE000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80731000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x96EE0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EEE9000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EE0E000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8EF8F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8DC00000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8068A000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAC3F3000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x805BE000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E989000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8DCCF000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8DD0C000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x805F3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DDD9000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DDB7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x89D7D000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E995000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80727000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8EFEC000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8DDF5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x80D1D000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8EF6E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8EEDF000 C:\Windows\system32\DRIVERS\rtlprot.sys 40960 bytes (Windows ® Codename Longhorn DDK provider, Realtek Utility I/O Driver)
0xAC3E9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8DD17000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)
0xB9020000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB9032000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8A1E4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x89DF4000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x89B1A000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8EE1C000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96EC0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89D88000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DD000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8DD21000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0x80495000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x89D91000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x806E6000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x89A00000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x805EB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A195000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x89BF3000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x80600000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8040D000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x89C00000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8DD41000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8EF2C000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x80DF2000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x8A14D000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8A1FA000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB901C000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x80724000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8DDF3000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DD0A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:49 AM

Posted 07 August 2011 - 09:18 PM

Hi add72701,

:step1: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button. (the latest update is 7404)
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

:step2: Follow these steps to disable Windows Defender: http://www.vista4beginners.com/How-to-disable-Windows-Defender.


Has it always taken several minutes to go from the login screen to the desktop view, or is this new?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 08 August 2011 - 08:01 AM

MalwareBytes continues to lock up the entire computer requiring a reboot.

It still stops in the C:\Program Files\Common Files\Install Shield\Professional\Run Time\11\50\Intel 32\ folder. The last two spots were at DotNetInstaller.exe and ctor.dll

It used to take some time like about 2-3 minutes to load up the desktop because of all of the programs I have loaded, but not 10 -13 that it's been taking lately.

On some of the restarts, Windows takes me through CHKDSK, other times it does not. Some times it displays an older version of my desktop with a lot more icons before it switches to the current desktop. Sometimes it stays with the back ground color of my desktop, but without the background pic.

The last section reminded me that the dark grey color I described previously is actually the background color of my desktop.

Thanks for the help in disabling Windows Defender. I was trying that previously, but not of the options would let me check or uncheck any boxes.

Edited by add72701, 08 August 2011 - 08:35 AM.


#9 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 08 August 2011 - 09:19 AM

I tried running all of the separate checks in MalwareBytes individually.

Memory Items: No malicious files
Registry: No malicious files
Extra and Heuristics: No malicious files
File System: LOCK UP at same spot C:\Program Files\Common Files\Install Shield\Professional\Run Time\11\50\Intel 32\

#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:49 AM

Posted 08 August 2011 - 12:30 PM

Hi add72701,

How old is this computer? With chkdsk automatically running, it makes me think the hard drive might be failing, which would also cause the computer to take some time to load the desktop.

:step1: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 08 August 2011 - 01:40 PM

The computer is just under 2 years old. Tomorrow it will be 23 months since the date of purchase. It is used everyday for business and then at home about half of the time, so a hard drive failure doesn't seem out of the question, but it ran fine until a few weeks ago when I noticed the adware.

On the first attempt of installing ESET, there was a proxy settings error on step 2 of 4. I hit the back button and tried again. The second time, "unexpected error 2002". I hit the back button and tried again. The third time it downloaded all of the new definitions and got 56% through the scan stopping at C:\Program Files\Common Files\Install Shield\Professional\Run Time\11\50\Intel 32\setup.dll (again, stopping at the same folder) However, the scan time is still moving on the ESET application where it completely stops on MalwareBytes.

It shows that there was one threat detected (infected file) and states at the bottom of the screen that it is a variant of Win32/Adinstaller application.
I stopped the scan since it had been more than 15 minutes at the same location. I looked at the list of threats and it was the file that I have in the Recycle Bin from the first MalwareBytes Scan a week or so ago "b4ody+0z.exe.part"

Also, I'm not sure if I mentioned that ctrl-alt-delete does not go to the screen where I can choose the task manager to end tasks. In the past, nothing happened. Just now when trying this to terminate ESET, it shows a small window that says "Login Process has failed to create the security options dialog"

I will continue to try the ESET until I hear back.

Thanks for your continued effort on this.

#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:49 AM

Posted 08 August 2011 - 01:47 PM

A quick Google search of "Login Process has failed to create the security options dialog" leads to possible hard drive failure.

When first starting your computer, are you given a diagnostics option? Try running a diagnostic test and see if it fails when testing the hard drive.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 08 August 2011 - 02:13 PM

I did not have an option on Startup for diagnostics. It does show a Windows Repair Option. There are two users ASPNET (which is a Microsoft entity?) and My Account. I backed out of the repair section and restarted in Safe Mode.

I ran a Toshiba Diagnostic tool from Safe Mode and it says that the Hard Drive Passed.

I'm not seeing any other options in Windows for a Diagnostic Check. Is there a program that you recommend for diagnostics?

Edited by add72701, 08 August 2011 - 02:38 PM.


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:49 AM

Posted 08 August 2011 - 02:49 PM

Other hard drive diagnostic programs depend on the model of hard drive.

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online
Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 add72701

add72701
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 08 August 2011 - 03:18 PM

http://speccy.piriform.com/results/pcxiafzNoQwkIwidfZcQHbg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users