1,105,177 Community Members

Internet Explorer keeps opening on it's own every 30 seconds! Help please!

Member Avatar
torres9
Newbie Poster
2 posts since Feb 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi Everyone, I was just reading a news article, when i accidentally clicked on a link to download a some adobe flash 11 plugin. Unfortunately after that, internet explorer just keeps opening to the homepage roughly every 20 to 30 seconds. I have absolutely no idea how to fix it. I read alot of similar posts but i wasn't sure how similar so i started a new thread. I would greatly appreciate it if anyone could help me fix this?

Thanks in advance :)

Member Avatar
MalindaOnline
Newbie Poster
8 posts since Feb 2012
Reputation Points: -6 [?]
Q&As Helped to Solve: 1 [?]
Skill Endorsements: 0 [?]
 
0
 

For me its seems like, this has nothing to do with Adobe flash plug in. Guessing from the facts that you have given, this is a Virus..

I suggest you to clean your computer with updated anti virus and start using Internet security application..

Member Avatar
PhilliePhan
Central Scrutinizer
1,667 posts since Dec 2006
Reputation Points: 171 [?]
Q&As Helped to Solve: 115 [?]
Skill Endorsements: 5 [?]
Team Colleague
 
0
 

I would greatly appreciate it if anyone could help me fix this?

Please follow the steps in the linky below and post the results so that one of our volunteers can take a look at what is going on with your machine:

http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Cheers :)
PP

Member Avatar
torres9
Newbie Poster
2 posts since Feb 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Thank you so much for replying, here are the logs:

MalwareBytes, Anti-Malware log:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

2/6/2012 11:51:20 PM
mbam-log-2012-02-06 (23-51-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391913
Time elapsed: 2 hour(s), 16 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.2345.com/?4415) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\User\Desktop\Games\Left 4 Dead 2\left4dead2\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Quarantined and deleted successfully.

(end)

GMER One:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-06 10:38:27
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: m8dj85zj.exe; Driver: C:\Users\User\AppData\Local\Temp\kwldapob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88EA61E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88EA6212]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88EA61FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88EA61D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [88D0F360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [88D0F360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [88D0F360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\agq4sehg \Device\Scsi\agq4sehg1 86907388
Device \Driver\agq4sehg \Device\Scsi\agq4sehg1Port1Path0Target0Lun0 86907388
Device 85AC01F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMER Two:

I was unable to complete this scan because my computer keeps crashing whenever i try to.

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by User at 11:47:53 on 2012-02-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1977.813 [GMT 8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conhost.exe
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pxcubvaw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=travelmate_8471&r=27050110z506l0321z205x4981k327
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=travelmate_8471&r=27050110z506l0321z205x4981k327
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=travelmate_8471&r=27050110z506l0321z205x4981k327
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\user\appdata\local\hrkiqsqg\pxcubvaw.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110921093818.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [PxcUbvaw] c:\users\user\appdata\local\hrkiqsqg\pxcubvaw.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ODDPwr] "c:\program files\acer\optical drive power management\ODDPwr.exe"
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\pxcubvaw.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{27A62490-2F3E-44A2-8450-76476D1CA094} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{27A62490-2F3E-44A2-8450-76476D1CA094} : DhcpNameServer = 10.5.254.38 223.27.64.1
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC}\035464732463 : DhcpNameServer = 122.255.99.236 122.255.99.228
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC}\2656C6B696E6E273337323 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC}\2656C6B696E6E273337323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC}\662716E636963786F6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC}\77962756C6563737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B0A69983-EC7F-480B-9E6C-95EF9DCE29BC}\955637C244D4C425 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\2v53ltt8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-2-5 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-9-21 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-9-21 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-9-21 165032]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-26 172032]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-10-20 107016]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-10-20 690720]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2009-12-10 22528]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-7-22 3450368]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-6 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-9-14 94880]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-9-21 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-9-21 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-9-21 141792]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-9-24 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\acer\optical drive power management\ODDPWRSvc.exe [2009-10-20 118784]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-10-20 253952]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-10-20 240160]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-10-26 5174272]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-10-26 111104]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-10-26 5946368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-6 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-21 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-9-21 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-9-21 314088]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-10-27 6114816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-20 167936]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-21 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-21 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-21 271480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-10 29472]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-9-21 56064]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-20 39264]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-6 40776]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-9-21 84488]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-3-24 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-3-24 79104]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-20 4232192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-18 50432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]
.
=============== Created Last 30 ================
.
2012-02-06 15:48:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-06 15:48:08 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-02-06 15:47:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-06 15:47:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 15:47:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 18:19:47 -------- d-----w- C:\Rbackup
2012-02-05 18:18:45 -------- d-----w- c:\program files\Perfect Uninstaller
2012-02-05 18:13:14 3563888 ----a-w- c:\users\user\PerfectUninstaller_Setup.exe
2012-02-05 17:00:06 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-02-05 17:00:06 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-02-05 17:00:06 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-02-05 17:00:06 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-02-05 17:00:05 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-02-05 17:00:03 -------- d-----w- c:\users\user\appdata\roaming\Simply Super Software
2012-02-05 17:00:03 -------- d-----w- c:\programdata\Simply Super Software
2012-02-05 17:00:03 -------- d-----w- c:\program files\Trojan Remover
2012-02-05 16:57:32 11659328 ----a-w- c:\users\user\trjsetup682.exe
2012-02-05 16:51:54 -------- d-----w- c:\users\user\appdata\local\{6B84E4E6-C34A-4E79-8A1A-DADBF5E4974B}
2012-02-05 16:51:31 -------- d-----w- c:\users\user\appdata\local\{B9CE2D5E-03B1-4D37-A3CE-F5A0B10F70F7}
2012-02-05 15:52:30 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-05 13:48:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-05 13:26:12 -------- d-----w- c:\users\user\appdata\local\Sunbelt Software
2012-02-05 13:20:58 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-05 13:20:47 -------- d-----w- c:\program files\Lavasoft
2012-02-05 13:17:01 12410880 ----a-w- c:\users\user\Ad-Aware96Install.msi
2012-02-05 12:57:40 98276 --s---w- c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\pxcubvaw.exe
2012-02-05 12:57:40 -------- d-----w- c:\users\user\appdata\local\hrkiqsqg
2012-02-01 01:06:54 -------- d-----w- c:\users\user\appdata\local\{AFC72C43-B436-4FA0-84DD-AF93D380641D}
2012-02-01 01:06:39 -------- d-----w- c:\users\user\appdata\local\{8610FCD7-EE40-43BD-8FD3-628FB4D3D0C5}
2012-01-31 12:29:15 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 12:29:15 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 12:29:15 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 12:29:14 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 12:29:14 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 12:29:14 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-31 12:29:14 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 12:29:14 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 12:29:14 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 12:29:14 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-25 04:11:52 -------- d-----w- C:\games
2012-01-24 04:13:05 -------- d-----w- c:\users\user\appdata\local\{1E1CF68D-0956-41AC-824E-7491DCCBBF30}
2012-01-24 04:12:53 -------- d-----w- c:\users\user\appdata\local\{2895F006-1B69-46A8-928C-2BC6D0D3F2DE}
2012-01-19 15:08:47 -------- d-----w- c:\users\user\appdata\local\{F4AC2072-814E-4CCE-B0C0-BF372DDF21E3}
2012-01-19 15:08:23 -------- d-----w- c:\users\user\appdata\local\{92469ECA-C3F2-4EC9-B76B-EB077E4D8782}
2012-01-15 12:30:22 -------- d-----w- c:\users\user\appdata\local\{C3EFD032-1AAF-4D4F-A16A-D68DCA36A862}
2012-01-15 12:29:55 -------- d-----w- c:\users\user\appdata\local\{CDF38C72-74D8-4F19-BA54-3D77DFE1DF6D}
2012-01-14 13:04:06 -------- d-----w- c:\users\user\appdata\local\{B54509B1-E94D-416B-B3A6-A9CE544065EA}
2012-01-14 13:03:37 -------- d-----w- c:\users\user\appdata\local\{C656BFD5-E3F4-4147-84E3-86855517256F}
2012-01-12 02:34:57 -------- d-----w- c:\users\user\appdata\local\{6D97BF45-9198-47E7-9C56-BCD829ECF612}
2012-01-10 22:27:47 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 22:27:47 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 22:05:44 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-10 21:47:26 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 02:55:51 -------- d-----w- c:\users\user\appdata\local\{42DA3B9B-3FA0-466A-B663-305B7F37AEEC}
2012-01-10 02:55:36 -------- d-----w- c:\users\user\appdata\local\{B0F02866-6BD1-43D5-8D70-45DA8F8E8FD3}
2012-01-09 14:55:05 -------- d-----w- c:\users\user\appdata\local\{0DCA444C-AC2A-49D5-AD87-DF2D2889CE6C}
2012-01-09 14:54:48 -------- d-----w- c:\users\user\appdata\local\{CDB018E8-DB49-4211-8654-BD3C263109E0}
.
==================== Find3M ====================
.
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 04:13:14 28719616 ----a-w- c:\users\user\PhysX-9.11.1107-SystemSoftware.msi
2011-11-12 18:01:22 5944736 ----a-w- c:\users\user\Setup-SopCast-3.4.0-2011-6-9.exe
.
============= FINISH: 11:51:03.30 ===============

Attachments Attach.zip (3.61KB)
Member Avatar
PhilliePhan
Central Scrutinizer
1,667 posts since Dec 2006
Reputation Points: 171 [?]
Q&As Helped to Solve: 115 [?]
Skill Endorsements: 5 [?]
Team Colleague
 
0
 

Thank you so much for replying, here are the logs...

Happy to help - sorry for the late reply.

You still have some malware showing in the logs. Probably due to P2P - gotta be careful there.

Let's do this:
Please follow the steps in the link below to run combofix. Be sure to run it exactly as the steps in the link instruct you to.
Once combofix finishes, please post the resulting log and we'll go from there:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Let me know if you have any trouble - I'll try to check back tonight, EST.

PP:)

Question Answered as of 2 Years Ago by PhilliePhan and MalindaOnline
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: