TechSpot

[A] Repeated windows opening

By Wadoman
May 24, 2012
  1. I downloaded what I thought was Internet Explorer 8 and now I have windows opening repeatedly. I followed the instructions on the malware forum and here are the items:

    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-05-24 14:58:48
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST340014A rev.8.16
    Running: bb6rx1i0.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\fxlyapob.sys

    ---- Devices - GMER 1.0.15 ----
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A68BAEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A68BAEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A68BAEA
    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST340014A_______________________________8.16____#4a3547583556524a202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- EOF - GMER 1.0.15 ----

    NOTEPAD (I don't know how to zip up things)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/01/2005 02:25:57 p.m.
    System Uptime: 24/05/2012 02:31:26 p.m. (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0F5949
    Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 34 GiB total, 15,322 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Linksys WUSB100 RangePlus Wireless USB Adapter
    Device ID: USB\VID_1737&PID_0070\5&2F058105&0&2
    Manufacturer: Linksys, A Division of Cisco Systems, Inc.
    Name: Linksys WUSB100 RangePlus Wireless USB Adapter #2
    PNP Device ID: USB\VID_1737&PID_0070\5&2F058105&0&2
    Service: rt2870
    .
    ==== System Restore Points ===================
    .
    RP2509: 05/04/2012 08:46:51 a.m. - System Checkpoint
    RP2510: 06/04/2012 09:46:53 a.m. - System Checkpoint
    RP2511: 07/04/2012 10:46:51 a.m. - System Checkpoint
    RP2512: 08/04/2012 11:46:51 a.m. - System Checkpoint
    RP2513: 09/04/2012 12:01:26 p.m. - System Checkpoint
    RP2514: 10/04/2012 12:48:40 p.m. - System Checkpoint
    RP2515: 11/04/2012 01:46:47 p.m. - System Checkpoint
    RP2516: 12/04/2012 03:03:59 p.m. - System Checkpoint
    RP2517: 13/04/2012 04:02:47 p.m. - System Checkpoint
    RP2518: 14/04/2012 04:46:47 p.m. - System Checkpoint
    RP2519: 15/04/2012 05:27:47 p.m. - System Checkpoint
    RP2520: 16/04/2012 06:27:47 p.m. - System Checkpoint
    RP2521: 17/04/2012 07:27:46 p.m. - System Checkpoint
    RP2522: 18/04/2012 08:27:47 p.m. - System Checkpoint
    RP2523: 19/04/2012 09:08:54 p.m. - System Checkpoint
    RP2524: 20/04/2012 09:20:33 p.m. - System Checkpoint
    RP2525: 21/04/2012 10:20:33 p.m. - System Checkpoint
    RP2526: 22/04/2012 11:20:34 p.m. - System Checkpoint
    RP2527: 24/04/2012 12:20:31 a.m. - System Checkpoint
    RP2528: 25/04/2012 01:20:31 a.m. - System Checkpoint
    RP2529: 25/04/2012 09:35:50 a.m. - Avg Update
    RP2530: 26/04/2012 12:07:21 p.m. - System Checkpoint
    RP2531: 27/04/2012 12:10:18 p.m. - System Checkpoint
    RP2532: 28/04/2012 12:20:31 p.m. - System Checkpoint
    RP2533: 29/04/2012 01:20:31 p.m. - System Checkpoint
    RP2534: 30/04/2012 03:06:11 p.m. - System Checkpoint
    RP2535: 01/05/2012 03:20:26 p.m. - System Checkpoint
    RP2536: 02/05/2012 04:23:05 p.m. - System Checkpoint
    RP2537: 03/05/2012 05:14:51 p.m. - System Checkpoint
    RP2538: 04/05/2012 05:16:00 p.m. - System Checkpoint
    RP2539: 05/05/2012 06:16:00 p.m. - System Checkpoint
    RP2540: 06/05/2012 07:16:00 p.m. - System Checkpoint
    RP2541: 08/05/2012 10:15:08 a.m. - System Checkpoint
    RP2542: 09/05/2012 10:25:15 a.m. - System Checkpoint
    RP2543: 10/05/2012 12:05:27 p.m. - System Checkpoint
    RP2544: 11/05/2012 12:36:42 p.m. - System Checkpoint
    RP2545: 12/05/2012 01:15:52 p.m. - System Checkpoint
    RP2546: 13/05/2012 02:15:56 p.m. - System Checkpoint
    RP2547: 14/05/2012 03:15:56 p.m. - System Checkpoint
    RP2548: 15/05/2012 03:24:18 p.m. - System Checkpoint
    RP2549: 16/05/2012 04:21:20 p.m. - System Checkpoint
    RP2550: 17/05/2012 05:15:51 p.m. - System Checkpoint
    RP2551: 18/05/2012 06:15:51 p.m. - System Checkpoint
    RP2552: 19/05/2012 07:15:51 p.m. - System Checkpoint
    RP2553: 20/05/2012 08:15:52 p.m. - System Checkpoint
    RP2554: 21/05/2012 09:15:51 p.m. - System Checkpoint
    RP2555: 22/05/2012 02:58:19 p.m. - Installed Windows Internet Explorer 8.
    RP2556: 23/05/2012 10:49:48 a.m. - Installed AVG 2012
    RP2557: 23/05/2012 10:51:53 a.m. - Removed AVG 9.0
    RP2558: 23/05/2012 10:57:51 a.m. - Installed AVG 2012
    RP2559: 24/05/2012 12:11:52 p.m. - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    2009 Iowa Law CD-ROM
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 9.5.0
    AVG 2012
    AVG PC Tuneup
    Banctec Service Agreement
    Broadcom Management Programs
    CCleaner
    Compact Wireless-G USB Network Adapter with SpeedBooster
    Compatibility Pack for the 2007 Office system
    Dell Driver Reset Tool
    Dell Networking Guide
    Dell Picture Studio v3.0
    Dell Support
    Dell Support Center (Support Software)
    DellSupport
    Google Updater
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics Driver
    Internet Explorer Default Page
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 24
    Linksys WUSB100 RangePlus Wireless USB Adapter
    LogMeIn
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Mozilla Firefox (3.0.10)
    Mozilla Thunderbird 12.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch® Jukebox
    My Way Search Assistant
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Tabs3/PracticeMaster Programs
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WordPerfect Office 12
    Works Upgrade
    WVID Filter (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    22/05/2012 02:49:58 p.m., error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    22/05/2012 02:49:58 p.m., error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    .
    ==== End Of File ===========================
    Thank you

    Wadoman
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    I still need DDS.txt and MBAM logs.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...