Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opens Multiple Browsers & Files, Mouse Arrow Strobes, Freezes


  • This topic is locked This topic is locked
7 replies to this topic

#1 willowscarclan

willowscarclan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 21 April 2013 - 07:46 PM

Thank you so much for helping.

 

I'm writing in safe mode. It's the first time I've been able to use a browser at all. When I turn on the tower, there is an unfamiliar series of beeps. When I attempt to open a browser, it opens up to 95! browsers instead of one. I haven't seen any adware, they all seem to be blanks (my default.) Same thing if I try to open a file, it opens many instead of one. I've tried an alternate mouse, did not fix it.

If I try to open a program, the mouse arrow/hourglass strobes and will not open the program.

 

I've run complete scans from MSE and a troubleshooter scan at Microsoft. They detect nothing.

Have had the problem about 3 days. Sometimes I haven't been able to shutdown normally, and have to pull the electrical plug. If I get out of this, I'm going to ditch IE, d/l a foxfire browser and replace MSE with recommended protection.

 

I was able to d/l dds and here is that log. Appreciate you! ~willow~

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Compaq at 18:10:55 on 2013-04-21
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.447.57 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1363406373291
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{0B74AF71-7D3F-4964-A484-A99C4A7C5F6F} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6FCFC8CA-E2A3-46F3-B731-7A1D79001DA3} : DHCPNameServer = 192.168.15.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 195296]
S1 MpKslb2bc582f;MpKslb2bc582f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74a2fd2-f4d6-4e00-bc30-26e4eb27d674}\MpKslb2bc582f.sys [2013-4-20 29904]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2013-2-7 32384]
.
=============== Created Last 30 ================
.
2013-04-21 03:46:35 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74a2fd2-f4d6-4e00-bc30-26e4eb27d674}\offreg.dll
2013-04-21 03:46:35 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74a2fd2-f4d6-4e00-bc30-26e4eb27d674}\MpKslb2bc582f.sys
2013-04-21 03:34:31 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74a2fd2-f4d6-4e00-bc30-26e4eb27d674}\mpengine.dll
2013-04-19 01:51:53 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2013-04-16 14:21:16 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 14:21:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-20 20:58:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 20:58:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-20 20:58:35 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-20 20:58:35 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 08:45:25 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-21 08:45:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 18:11:30.48 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 22 April 2013 - 08:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The signal will give you an indication of the type of problems with the computer.

Visit this site and see what your can find.
http://www.computerhope.com/beep.htm

Keep me posted

#3 willowscarclan

willowscarclan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 23 April 2013 - 10:42 AM

Thank you for helping, nasdaq, and thank you for pointing me to this teaching regarding beeps. Interesting! Perversely, my computer is making :zero: beeps now on starting up! Also it is acting correctly: no multiple windows or files. I don't feel out of the woods though. Can you see anything in my dds text that might be causing the problem? ~willow~



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 23 April 2013 - 12:08 PM

Your DDS log is clean. Run these tools.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 willowscarclan

willowscarclan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 25 April 2013 - 01:47 AM

Top of the mornin' Nasdaq.

 

Combofix log:

 

ComboFix 13-04-25.01 - Compaq 04/24/2013  23:00:11.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.447.221 [GMT -6:00]
Running from: c:\documents and settings\Compaq\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-25 to 2013-04-25  )))))))))))))))))))))))))))))))
.
.
2013-04-24 15:00 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1BE99775-0DFE-413D-BA3A-14FFD1758D41}\mpengine.dll
2013-04-23 02:17 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-12 04:08 . 2008-04-14 11:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2013-04-11 00:29 . 2013-04-11 00:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 14:21 . 2013-02-07 21:16 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 14:21 . 2013-02-07 21:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 10:33 . 2013-02-08 16:02 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-20 20:58 . 2013-03-20 20:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 20:58 . 2013-03-20 20:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-20 20:58 . 2013-02-08 15:35 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-20 20:58 . 2013-02-08 15:35 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-08 08:36 . 2008-04-14 11:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2008-04-14 06:57 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-14 00:01 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2008-04-14 11:42 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2008-04-14 11:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 02:06 . 2008-04-14 11:41 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 01:25 . 2008-04-14 07:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 06:07 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2013-02-07 17:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 08:45 . 2013-02-21 08:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-21 08:45 . 2013-02-21 08:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-02-12 00:32 . 2008-04-14 06:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 11:42 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-02-21 295072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\YourFileDownloader\\Downloader.exe"=
"c:\\Program Files\\YourFileDownloader\\YourFile.exe"=
.
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2/7/2013 1:53 PM 32384]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-07 14:21]
.
2013-04-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
2013-04-25 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
2013-03-13 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1409082233-515967899-1801674531-1004.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 03:33]
.
2013-04-25 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1409082233-515967899-1801674531-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 03:31]
.
2013-04-21 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1409082233-515967899-1801674531-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 03:31]
.
2013-04-25 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1409082233-515967899-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 22:30]
.
2013-04-25 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1409082233-515967899-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 22:30]
.
2013-04-25 c:\windows\Tasks\User_Feed_Synchronization-{0DEE20CE-A41C-4849-9D5D-C61FAC4C8F2A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2013-04-25 c:\windows\Tasks\YourFile DownloaderUpdate.job
- c:\program files\YourFileDownloader\YourFileUpdater.exe [2013-02-21 09:51]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-24 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2888)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-04-24  23:11:01
ComboFix-quarantined-files.txt  2013-04-25 05:10
.
Pre-Run: 71,978,815,488 bytes free
Post-Run: 72,090,304,512 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 35A5003AE89CDB0F29E0C9AD50F8E856
 

 

Checkup text:

 

 Results of screen317's Security Check version 0.99.63 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 17 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

Adware log:

 

# AdwCleaner v2.202 - Logfile created 04/24/2013 at 23:48:58
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Compaq - PRESARIO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\yourfiledownloader
File Deleted : C:\Documents and Settings\All Users\Desktop\YourFile Downloader.lnk
Folder Deleted : C:\Documents and Settings\Compaq\Application Data\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\YourFileDownloader

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1052 octets] - [24/04/2013 23:48:58]

########## EOF - C:\AdwCleaner[S1].txt - [1112 octets] ##########

 

 

The computer has been running well. That I have :no beeps at all: on bootup worries me a bit. That the multiple windows & cursor strobing stopped as suddenly as it began also worries me a bit. I keep waiting for the other shoe to drop. I did nothing to cure those symptoms. I unplugged the powercord and ethernet, let it sit a couple of days, and came here for help asap.

 

Not quite sure where I picked up MyFileDownloader, that adware is pointing out, unless it's part of the RealPlayer program. I'll do without it, if it's causing grief.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 25 April 2013 - 08:26 AM

Not quite sure where I picked up MyFileDownloader, that adware is pointing out, unless it's part of the RealPlayer program. I'll do without it, if it's causing grief.
If it was installed without your knowledge I would forget about it.
To many applications now include these unwanted programs in a mean to get revenue from the source.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 17

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
This may take one or 2 hours. Do it when you will not be needing the computer.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 02 May 2013 - 08:18 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 08 May 2013 - 07:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users