Jump to content

Windows Defender Malware and IE Pop-Up Problems

Recommended Posts

Ok, where to start. About two weeks or so ago I encountered some malware on my system. A pop-up would appear in the taskbar giving me various "danger" and "warning" messages. I thought it looked bogus so I opened up the task manager, found the odd looking program and closed it. The only lasting effect was that I couldn't open Google Chrome. I had to go into options>LAN settings and turn off proxy settings as apparently the malware was forcing Chrome to use a proxy. Things seemed fine.

A few days after that the pop up appeared again. This time it refused to go away and I tried a system restore which worked for a while, but of course that would not be enough to solve the problem permanently. Today it showed up again and now it's worse than ever. I followed instructions to use mbam and ccsetup232 but the problem has not been solved.

First off, the instructions I followed told me to boot my computer up in safe mode and run mbam which I did. I should note that the problems still occurred while in safe mode however I was able to run a quick scan (not full scan) in mbam. In every instance that I've tried to run a full scan, my computer has turned itself off. I can't tell if this is a hardware/cooling issue (which would be strange because my computer has never done that before) or if the malware is forcing my computer to turn itself off whenever I perform the scan. That being said, mbam found 14 infected files after I performed a quick scan which I instructed it to remove. I then rebooted my computer in normal mode and ran ccsetup232_slim to clear my system of any temporary files. However I'm beginning to wonder if I made a mistake by doing that because now, my system will continually open IE and connect to random ad sites. It'll also download small files to my desktop on occasion.

I have attempted to follow the stickied thread at the top of the page but I am currently running into a few problems. First off, I cannot run mbam right now. My computer is running in normal mode and I'm thinking that the windows defender malware is preventing me from running the program because it's given me pop-ups about mbam being malware which is obviously not true. Secondly, I've ran defogger and saved the DDS and Attach logs to my desktop. I can post those below. Third, I attempted to run GMER Rootkit scanner but was unable to do so. At this point I am lost and have no idea what to do. I shall await a response before posting any logs so as to avoid having too much clutter in my initial post. Thanks in advance and I appreciate the help with this headache.

Link to post
Share on other sites

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20081014.001\IDSvix86.sys [2008-10-14 270384]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-6-25 20384]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-17 149352]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-11 23888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-13 99376]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-6-25 954368]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-11 38224]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]

S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-5-5 1245064]

============== File Associations ===============


=============== Created Last 30 ================

2010-06-11 18:48:34 54016 ----a-w- c:\windows\system32\drivers\fgrp.sys

2010-06-11 18:29:32 0 d-----w- c:\program files\CCleaner

2010-06-11 18:28:30 0 d-----w- c:\users\hauoli\appdata\roaming\Malwarebytes

2010-06-11 18:28:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-11 18:28:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-11 18:28:21 0 d-----w- c:\programdata\Malwarebytes

2010-06-11 18:28:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-11 18:14:09 0 d-----w- c:\users\hauoli\appdata\roaming\Defense Center

2010-05-26 04:50:25 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2009-11-25 08:41:31 86016 ----a-w- c:\windows\inf\infstor.dat

2009-11-25 08:41:31 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-25 08:41:31 143360 ----a-w- c:\windows\inf\infstrng.dat

2008-08-25 21:08:38 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-08-22 21:51:10 14 --sh--r- c:\windows\system32\drivers\fbd.sys

2008-08-22 21:51:10 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 14:00:08.51 ===============

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.