Inactive [A] Repeated windows opening

Status
Not open for further replies.
W

Wadoman

I downloaded what I thought was Internet Explorer 8 and now I have windows opening repeatedly. I followed the instructions on the malware forum and here are the items:

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-24 14:58:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST340014A rev.8.16
Running: bb6rx1i0.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\fxlyapob.sys

---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A68BAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A68BAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A68BAEA
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST340014A_______________________________8.16____#4a3547583556524a202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----

NOTEPAD (I don't know how to zip up things)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/01/2005 02:25:57 p.m.
System Uptime: 24/05/2012 02:31:26 p.m. (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 15,322 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys WUSB100 RangePlus Wireless USB Adapter
Device ID: USB\VID_1737&PID_0070\5&2F058105&0&2
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys WUSB100 RangePlus Wireless USB Adapter #2
PNP Device ID: USB\VID_1737&PID_0070\5&2F058105&0&2
Service: rt2870
.
==== System Restore Points ===================
.
RP2509: 05/04/2012 08:46:51 a.m. - System Checkpoint
RP2510: 06/04/2012 09:46:53 a.m. - System Checkpoint
RP2511: 07/04/2012 10:46:51 a.m. - System Checkpoint
RP2512: 08/04/2012 11:46:51 a.m. - System Checkpoint
RP2513: 09/04/2012 12:01:26 p.m. - System Checkpoint
RP2514: 10/04/2012 12:48:40 p.m. - System Checkpoint
RP2515: 11/04/2012 01:46:47 p.m. - System Checkpoint
RP2516: 12/04/2012 03:03:59 p.m. - System Checkpoint
RP2517: 13/04/2012 04:02:47 p.m. - System Checkpoint
RP2518: 14/04/2012 04:46:47 p.m. - System Checkpoint
RP2519: 15/04/2012 05:27:47 p.m. - System Checkpoint
RP2520: 16/04/2012 06:27:47 p.m. - System Checkpoint
RP2521: 17/04/2012 07:27:46 p.m. - System Checkpoint
RP2522: 18/04/2012 08:27:47 p.m. - System Checkpoint
RP2523: 19/04/2012 09:08:54 p.m. - System Checkpoint
RP2524: 20/04/2012 09:20:33 p.m. - System Checkpoint
RP2525: 21/04/2012 10:20:33 p.m. - System Checkpoint
RP2526: 22/04/2012 11:20:34 p.m. - System Checkpoint
RP2527: 24/04/2012 12:20:31 a.m. - System Checkpoint
RP2528: 25/04/2012 01:20:31 a.m. - System Checkpoint
RP2529: 25/04/2012 09:35:50 a.m. - Avg Update
RP2530: 26/04/2012 12:07:21 p.m. - System Checkpoint
RP2531: 27/04/2012 12:10:18 p.m. - System Checkpoint
RP2532: 28/04/2012 12:20:31 p.m. - System Checkpoint
RP2533: 29/04/2012 01:20:31 p.m. - System Checkpoint
RP2534: 30/04/2012 03:06:11 p.m. - System Checkpoint
RP2535: 01/05/2012 03:20:26 p.m. - System Checkpoint
RP2536: 02/05/2012 04:23:05 p.m. - System Checkpoint
RP2537: 03/05/2012 05:14:51 p.m. - System Checkpoint
RP2538: 04/05/2012 05:16:00 p.m. - System Checkpoint
RP2539: 05/05/2012 06:16:00 p.m. - System Checkpoint
RP2540: 06/05/2012 07:16:00 p.m. - System Checkpoint
RP2541: 08/05/2012 10:15:08 a.m. - System Checkpoint
RP2542: 09/05/2012 10:25:15 a.m. - System Checkpoint
RP2543: 10/05/2012 12:05:27 p.m. - System Checkpoint
RP2544: 11/05/2012 12:36:42 p.m. - System Checkpoint
RP2545: 12/05/2012 01:15:52 p.m. - System Checkpoint
RP2546: 13/05/2012 02:15:56 p.m. - System Checkpoint
RP2547: 14/05/2012 03:15:56 p.m. - System Checkpoint
RP2548: 15/05/2012 03:24:18 p.m. - System Checkpoint
RP2549: 16/05/2012 04:21:20 p.m. - System Checkpoint
RP2550: 17/05/2012 05:15:51 p.m. - System Checkpoint
RP2551: 18/05/2012 06:15:51 p.m. - System Checkpoint
RP2552: 19/05/2012 07:15:51 p.m. - System Checkpoint
RP2553: 20/05/2012 08:15:52 p.m. - System Checkpoint
RP2554: 21/05/2012 09:15:51 p.m. - System Checkpoint
RP2555: 22/05/2012 02:58:19 p.m. - Installed Windows Internet Explorer 8.
RP2556: 23/05/2012 10:49:48 a.m. - Installed AVG 2012
RP2557: 23/05/2012 10:51:53 a.m. - Removed AVG 9.0
RP2558: 23/05/2012 10:57:51 a.m. - Installed AVG 2012
RP2559: 24/05/2012 12:11:52 p.m. - System Checkpoint
.
==== Installed Programs ======================
.
2009 Iowa Law CD-ROM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.5.0
AVG 2012
AVG PC Tuneup
Banctec Service Agreement
Broadcom Management Programs
CCleaner
Compact Wireless-G USB Network Adapter with SpeedBooster
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
Dell Networking Guide
Dell Picture Studio v3.0
Dell Support
Dell Support Center (Support Software)
DellSupport
Google Updater
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 24
Linksys WUSB100 RangePlus Wireless USB Adapter
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.10)
Mozilla Thunderbird 12.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
My Way Search Assistant
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Tabs3/PracticeMaster Programs
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Office 12
Works Upgrade
WVID Filter (remove only)
.
==== Event Viewer Messages From Past Week ========
.
22/05/2012 02:49:58 p.m., error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
22/05/2012 02:49:58 p.m., error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
.
==== End Of File ===========================
Thank you

Wadoman
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

I still need DDS.txt and MBAM logs.
 
Status
Not open for further replies.

Similar threads

midian182
HP Smart app mysteriously appears on non-HP Windows PCs
Replies
1
Views
304
Mark Fuller
M
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
midian182
Microsoft rolls out fix for Windows 11 File Explorer bug after 15-month wait
Replies
9
Views
341
zamroni111
Z

Latest posts

Back