Problem with internet after removing antimalware doctor with malwarebytes

[pappy21200]

Hello,

I was recently infected with the "Antimalware Doctor" virus. Through some other forums I found out that malwarebytes could get rid of it. I followed the instructions and sure enough the virus was located and destroyed.... thanks a bunch!!!!

Unfortunately, since then I have been having problems with my internet access. I have an internet/telephone service pack and I don't think there is a problem with it because the phone service works fine. I can open the internet to my home page (msn.com) and everything seems fine. However, when I try to go to certain sites like hotmail, aolmail, weather (in fact everything I have in my "favorites index" ) the computer acts like it's opening the site but in fact after a few minutes it says that the web site is broken or not availible (404 error). If I enter the address directly in to the address bar, same problem. Google seems to work fine but when I click on sites it is hit and miss. Sometimes I can get to them, sometimes I can't... Final thing, occassionaly, everthing is back to normal and I can get to all my sites just fine... but I never know when the problem will come back. I use the computer for work so it's important to get the problem fixed.

I've tried: reinstalling explorer 8 (my web platform), rescanning with malwarebytes, scanning with Noton 360, dumping everything with CCleaner, nothing works.

The one thing I did notice is that there is an error message on my desktop from my initial scan with malwarebytes (I didn't notice until now, my desk top is cluttered). I have included it here below.

Thank in advance for your time and help. I really appreciate it.

#

# An unexpected error has been detected by HotSpot Virtual Machine:

#

# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x1600255c, pid=2704, tid=580

#

# Java VM: Java HotSpot Client VM (1.5.0_11-b03 mixed mode)

# Problematic frame:

# C 0x1600255c

#

--------------- T H R E A D ---------------

Current thread (0x05211800): JavaThread "thread applet-vmain.class" [_thread_in_native, id=580]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000004

Registers:

EAX=0x00000000, EBX=0x216e2fa0, ECX=0x216e2fa0, EDX=0x00000000

ESP=0x1938f808, EBP=0x255a255a, ESI=0x216e2fa0, EDI=0x05211800

EIP=0x1600255c, EFLAGS=0x00010246

Top of Stack: (sp=0x1938f808)

0x1938f808: 1938f830 216e3578 00000000 216e2fa0

0x1938f818: 1938f82c 1938f854 16092a64 00000000

0x1938f828: 16096509 1b370938 1b38bbc0 1b38bbc0

0x1938f838: 1938f838 216e2f17 1938f864 216e3578

0x1938f848: 00000000 216e2f38 1938f860 1938f884

0x1938f858: 160929e3 1b38d9e8 1b370938 1b38bbc0

0x1938f868: 1938f868 216e25f9 1938f89c 216e3578

0x1938f878: 00000000 216e2608 1938f898 1938f8c0

Instructions: (pc=0x1600255c)

0x1600254c: 50 68 08 2c 07 16 e8 88 02 00 00 8b 45 08 59 59

0x1600255c: 39 70 04 0f 85 2f fe ff ff 50 e8 be 04 00 00 8b

Stack: [0x19290000,0x19390000), sp=0x1938f808, free space=1022k

Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)

C 0x1600255c

[error occurred during error reporting, step 120, id 0xc0000005]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)

j com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/String;)J+0

j com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/String;)V+7

j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89

j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5

j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36

j vmain.init()V+88

j sun.applet.AppletPanel.run()V+197

j java.lang.Thread.run()V+11

v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )

0x05285300 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3564]

0x14e61d28 JavaThread "Thread-9" [_thread_blocked, id=108]

0x05194988 JavaThread "AWT-EventQueue-3" [_thread_blocked, id=3348]

0x0c308e60 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=2924]

=>0x05211800 JavaThread "thread applet-vmain.class" [_thread_in_native, id=580]

0x0c174d90 JavaThread "thread applet-vmain.class" [_thread_in_native, id=2408]

0x14af6050 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3012]

0x03bac8a0 JavaThread "AWT-Shutdown" [_thread_blocked, id=3456]

0x14f43b98 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=1144]

0x0c005008 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2976]

0x11647718 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3544]

0x14a2bee0 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=360]

0x003df520 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2644]

0x051cd6b8 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1928]

0x0c2d85b0 JavaThread "Finalizer" daemon [_thread_blocked, id=3352]

0x051d85a0 JavaThread "Reference Handler" daemon [_thread_blocked, id=2672]

0x0531d6f8 JavaThread "main" [_thread_in_native, id=2464]

Other Threads:

0x05286bd0 VMThread [id=1692]

0x1110cd18 WatcherThread [id=3736]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap

def new generation total 5184K, used 3195K [0x1b070000, 0x1b600000, 0x1b7d0000)

eden space 4672K, 68% used [0x1b070000, 0x1b38ed50, 0x1b500000)

from space 512K, 0% used [0x1b500000, 0x1b500180, 0x1b580000)

to space 512K, 0% used [0x1b580000, 0x1b580000, 0x1b600000)

tenured generation total 67560K, used 48726K [0x1b7d0000, 0x1f9ca000, 0x21070000)

the space 67560K, 72% used [0x1b7d0000, 0x1e765a48, 0x1e765c00, 0x1f9ca000)

compacting perm gen total 8192K, used 6691K [0x21070000, 0x21870000, 0x25070000)

the space 8192K, 81% used [0x21070000, 0x216f8ce8, 0x216f8e00, 0x21870000)

No shared spaces configured.

Dynamic libraries:

0x00400000 - 0x0049c000 C:\Program Files\Internet Explorer\IEXPLORE.EXE

0x7c910000 - 0x7c9c9000 C:\WINDOWS\system32\ntdll.dll

0x7c800000 - 0x7c906000 C:\WINDOWS\system32\kernel32.dll

0x77da0000 - 0x77e4c000 C:\WINDOWS\system32\ADVAPI32.dll

0x77e50000 - 0x77ee2000 C:\WINDOWS\system32\RPCRT4.dll

0x77fc0000 - 0x77fd1000 C:\WINDOWS\system32\Secur32.dll

0x7e390000 - 0x7e421000 C:\WINDOWS\system32\USER32.dll

0x77ef0000 - 0x77f39000 C:\WINDOWS\system32\GDI32.dll

0x77be0000 - 0x77c38000 C:\WINDOWS\system32\msvcrt.dll

0x77f40000 - 0x77fb6000 C:\WINDOWS\system32\SHLWAPI.dll

0x7c9d0000 - 0x7d1f5000 C:\WINDOWS\system32\SHELL32.dll

0x774a0000 - 0x775dd000 C:\WINDOWS\system32\ole32.dll

0x40b40000 - 0x40d28000 C:\WINDOWS\system32\iertutil.dll

0x45180000 - 0x452b3000 C:\WINDOWS\system32\urlmon.dll

0x770e0000 - 0x7716b000 C:\WINDOWS\system32\OLEAUT32.dll

0x5cea0000 - 0x5cec6000 C:\WINDOWS\system32\ShimEng.dll

0x715c0000 - 0x71639000 C:\WINDOWS\AppPatch\AcLayers.DLL

0x76960000 - 0x76a16000 C:\WINDOWS\system32\USERENV.dll

0x72f50000 - 0x72f76000 C:\WINDOWS\system32\WINSPOOL.DRV

0x76320000 - 0x7633d000 C:\WINDOWS\system32\IMM32.DLL

0x62dc0000 - 0x62dc9000 C:\WINDOWS\system32\LPK.DLL

0x753c0000 - 0x7542b000 C:\WINDOWS\system32\USP10.dll

0x77390000 - 0x77493000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

0x58b50000 - 0x58bea000 C:\WINDOWS\system32\comctl32.dll

0x40d30000 - 0x417c4000 C:\WINDOWS\system32\IEFRAME.dll

0x76340000 - 0x7638a000 C:\WINDOWS\system32\comdlg32.dll

0x009d0000 - 0x009d6000 C:\Program Files\Internet Explorer\xpshims.dll

0x5b090000 - 0x5b0c8000 C:\WINDOWS\system32\uxtheme.dll

0x6e610000 - 0x6e67b000 C:\PROGRAM FILES\NORTON 360\ENGINE\3.8.0.41\ASOEHOOK.DLL

0x74690000 - 0x746dc000 C:\WINDOWS\system32\MSCTF.dll

0x01680000 - 0x0195a000 C:\WINDOWS\system32\xpsp2res.dll

0x778e0000 - 0x779d8000 C:\WINDOWS\system32\SETUPAPI.dll

0x76f80000 - 0x76fff000 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 - 0x770d4000 C:\WINDOWS\system32\COMRes.dll

0x77bd0000 - 0x77bd8000 C:\WINDOWS\system32\VERSION.dll

0x45380000 - 0x453c0000 C:\Program Files\Internet Explorer\ieproxy.dll

0x404a0000 - 0x40586000 C:\WINDOWS\system32\WININET.dll

0x01c80000 - 0x01c89000 C:\WINDOWS\system32\Normaliz.dll

0x719f0000 - 0x71a07000 C:\WINDOWS\system32\ws2_32.dll

0x719e0000 - 0x719e8000 C:\WINDOWS\system32\WS2HELP.dll

0x75d30000 - 0x75dc1000 C:\WINDOWS\system32\MLANG.dll

0x77b50000 - 0x77b72000 C:\WINDOWS\system32\apphelp.dll

0x75140000 - 0x7516e000 C:\WINDOWS\system32\msctfime.ime

0x10000000 - 0x10010000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

0x78130000 - 0x781cb000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

0x69bd0000 - 0x69c2e000 C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

0x779e0000 - 0x77a77000 C:\WINDOWS\system32\CRYPT32.dll

0x77a80000 - 0x77a92000 C:\WINDOWS\system32\MSASN1.dll

0x7c420000 - 0x7c4a7000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll

0x6ae10000 - 0x6ae92000 C:\Program Files\Norton 360\Engine\3.8.0.41\ccL80U.dll

0x74da0000 - 0x74e0d000 C:\WINDOWS\system32\RICHED20.DLL

0x6b050000 - 0x6b067000 C:\Program Files\Norton 360\Engine\3.8.0.41\ccVrTrst.dll

0x76be0000 - 0x76c0e000 C:\WINDOWS\system32\WinTrust.dll

0x76c40000 - 0x76c68000 C:\WINDOWS\system32\IMAGEHLP.dll

0x69380000 - 0x6938c000 C:\Program Files\Norton 360\Engine\3.8.0.41\EFACli.dll

0x6afb0000 - 0x6aff0000 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSet.dll

0x6ad80000 - 0x6ada6000 C:\Program Files\Norton 360\Engine\3.8.0.41\ccIPC.dll

0x69d90000 - 0x69e3b000 C:\Program Files\Norton 360\Engine\3.8.0.41\coUICtlr.dll

0x69e40000 - 0x69f16000 C:\Program Files\Norton 360\Engine\3.8.0.41\coWPPlg.dll

0x750c0000 - 0x750d3000 C:\WINDOWS\system32\Cabinet.dll

0x4d5e0000 - 0x4d639000 C:\WINDOWS\system32\WINHTTP.dll

0x76ba0000 - 0x76bab000 C:\WINDOWS\system32\PSAPI.DLL

0x69f70000 - 0x69fe3000 C:\Program Files\Norton 360\Engine\3.8.0.41\IVPlugin.dll

0x66da0000 - 0x66dae000 C:\Program Files\Norton 360\Engine\3.8.0.41\FFPrefs.dll

0x46c30000 - 0x46c60000 C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

0x40230000 - 0x4038a000 C:\WINDOWS\system32\msxml6.dll

0x46ca0000 - 0x46cdf000 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll

0x71a10000 - 0x71a1a000 C:\WINDOWS\system32\WSOCK32.dll

0x77210000 - 0x772c1000 C:\WINDOWS\system32\SXS.DLL

0x46d00000 - 0x46d2f000 C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\srchbxex.dll

0x6d610000 - 0x6d67a000 C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

0x5f140000 - 0x5f157000 C:\WINDOWS\system32\OLEPRO32.DLL

0x03280000 - 0x03328000 C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

0x76d10000 - 0x76d29000 C:\WINDOWS\system32\iphlpapi.dll

0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll

0x474d0000 - 0x475d6000 C:\Program Files\Windows Live\Toolbar\wltcore.dll

0x6cd00000 - 0x6cd24000 C:\Program Files\Windows Live\Toolbar\sqmapi.dll

0x27500000 - 0x2761a000 C:\Program Files\Windows Live\Toolbar\msidcrl40.dll

0x74bf0000 - 0x74c1c000 C:\WINDOWS\system32\OLEACC.dll

0x76010000 - 0x76075000 C:\WINDOWS\system32\MSVCP60.dll

0x72220000 - 0x72225000 C:\WINDOWS\system32\SensApi.dll

0x4eb80000 - 0x4ed2b000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll

0x76310000 - 0x76315000 C:\WINDOWS\system32\MSIMG32.dll

0x71ca0000 - 0x71cbb000 C:\WINDOWS\system32\actxprxy.dll

0x03380000 - 0x03383000 C:\Program Files\Windows Live\Toolbar\fr-fr\wltcore.market.dll.mui

0x03390000 - 0x033d6000 C:\Program Files\Windows Live\Toolbar\fr\wltcore.dll.mui

0x748f0000 - 0x74a13000 C:\WINDOWS\system32\msxml3.dll

0x039e0000 - 0x03af3000 C:\Program Files\pdfforge Toolbar\SearchSettings.dll

0x03c00000 - 0x03c0c000 C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll

0x76e90000 - 0x76ecc000 C:\WINDOWS\system32\RASAPI32.dll

0x76e40000 - 0x76e52000 C:\WINDOWS\system32\rasman.dll

0x6fee0000 - 0x6ff35000 C:\WINDOWS\system32\NETAPI32.dll

0x76e60000 - 0x76e8f000 C:\WINDOWS\system32\TAPI32.dll

0x76e30000 - 0x76e3e000 C:\WINDOWS\system32\rtutils.dll

0x76ae0000 - 0x76b0f000 C:\WINDOWS\system32\WINMM.dll

0x77c40000 - 0x77c65000 C:\WINDOWS\system32\msv1_0.dll

0x76730000 - 0x7673c000 C:\WINDOWS\system32\cryptdll.dll

0x71990000 - 0x719d0000 C:\WINDOWS\system32\mswsock.dll

0x62e40000 - 0x62e99000 C:\WINDOWS\system32\hnetcfg.dll

0x719d0000 - 0x719d8000 C:\WINDOWS\System32\wshtcpip.dll

0x76f70000 - 0x76f76000 C:\WINDOWS\system32\rasadhlp.dll

0x76ed0000 - 0x76ef7000 C:\WINDOWS\system32\DNSAPI.dll

0x3fae0000 - 0x40090000 C:\WINDOWS\system32\mshtml.dll

0x04af0000 - 0x04b19000 C:\WINDOWS\system32\msls31.dll

0x431d0000 - 0x431ff000 C:\WINDOWS\system32\iepeers.dll

0x74660000 - 0x7468a000 C:\WINDOWS\system32\msimtf.dll

0x403e0000 - 0x40494000 C:\WINDOWS\system32\jscript.dll

0x7b860000 - 0x7b95c000 c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll

0x7b970000 - 0x7bf26000 c:\Program Files\Microsoft Silverlight\4.0.50524.0\agcore.dll

0x1b000000 - 0x1b00c000 C:\WINDOWS\system32\ImgUtil.dll

0x1b060000 - 0x1b06e000 C:\WINDOWS\system32\pngfilt.dll

0x73b10000 - 0x73b16000 C:\WINDOWS\system32\dciman32.dll

0x0ae00000 - 0x0b38c000 C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx

0x73e60000 - 0x73ebc000 C:\WINDOWS\system32\DSOUND.dll

0x73a80000 - 0x73a95000 C:\WINDOWS\system32\mscms.dll

0x76790000 - 0x767b8000 C:\WINDOWS\system32\schannel.dll

0x72c70000 - 0x72c79000 C:\WINDOWS\system32\wdmaud.drv

0x72c60000 - 0x72c68000 C:\WINDOWS\system32\msacm32.drv

0x77bb0000 - 0x77bc5000 C:\WINDOWS\system32\MSACM32.dll

0x77ba0000 - 0x77ba7000 C:\WINDOWS\system32\midimap.dll

0x6d8f0000 - 0x6d8fa000 C:\WINDOWS\system32\ddrawex.dll

0x736b0000 - 0x736fb000 C:\WINDOWS\system32\DDRAW.dll

0x73890000 - 0x73960000 C:\WINDOWS\system32\D3DIM700.DLL

0x6a2a0000 - 0x6a2d1000 C:\Program Files\Norton 360\Engine\3.8.0.41\coParse.dll

0x35c50000 - 0x35c89000 C:\WINDOWS\system32\Dxtrans.dll

0x76ac0000 - 0x76ad1000 C:\WINDOWS\system32\ATL.DLL

0x73250000 - 0x732ba000 C:\WINDOWS\system32\vbscript.dll

0x68100000 - 0x68126000 C:\WINDOWS\system32\dssenh.dll

VM Arguments:

jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_1\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_1\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_11 -Djavaplugin.nodotversion=150_11 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_1 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~2.0_1\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~2.0_1\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~2.0_1\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_11 -Djavaplugin.nodotversion=150_11 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~2.0_1 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf

java_command: <unknown>

Launcher Type: generic

Environment Variables:

CLASSPATH=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip

PATH=C:\PROGRA~1\Java\JRE15~2.0_1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625;.

USERNAME=HP_Propri

[Maniac]

Hello pappy21200! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post all logs if you can.

[pappy21200]

Hello pappy21200! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Please follow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post all logs if you can.

Borislav,

Thanks for your help. I'll follow these instructions and post anything I can!

[pappy21200]

Borislav,

Thanks for your help. I'll follow these instructions and post anything I can!

I have completed the scans as instructed in the web link you gave me. The last instruction was to start a new topic by clicking on the link given in the instructions. I hope you can find it.... Please let me know if you need me to post the scans to this topic instead.

[pappy21200]

Oh, I think I should post my logs here after all. It looks like if I^post ont eh other page some one else will start working the problem.

So here are the dds.txt and my most recent malwarebytes logs. I have attached the "attach.txt" and "ark.txt" logs.

Thanks for your help!!!

DDS (Ver_10-03-17.01) - NTFSx86

Run by HP_Propri

ark.txt

Attach.txt

[pappy21200]

Oh, I think I should post my logs here after all. It looks like if I^post ont eh other page some one else will start working the problem.

So here are the dds.txt and my most recent malwarebytes logs. I have attached the "attach.txt" and "ark.txt" logs.

Thanks for your help!!!

DDS (Ver_10-03-17.01) - NTFSx86

Run by HP_Propri

[pappy21200]

Borislav, sorry for the extra posts. I'm new to forums!! Apparently the dds.txt and my malwarebytes logs didn't post when I copied them to teh last message. I will try again and also so include them as attachements!

Thanks!

DDS.txt

mbam_log_2010_06_21__22_40_18_.txt

mbam_log_2010_06_23__07_12_41_.txt

ark.txt

Attach.txt

[Maniac]

Step 1

Please, uninstall the following applications:

1. Adobe Reader 8.2.2 - Franзais
   

You can read, how to this here:

• Windows XP
  
• Windows Vista
  
• Windows 7
  

Step 2

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• 
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  

Step 3

Please read the following through carefully so that you understand what to do.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• It may ask you to reboot the computer to complete the process. Allow it to do so.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
  

[pappy21200]

Cool!!! I'll do that and post the results. Thanks a lot. If you fix this I will praise you forever!!!

[pappy21200]

Okay, I followed all the instructions you will find the TDSSKILLER.txt attached (there were two of them in the C: drive so I've included them both).

A couple of questions:

I still have the programs and the logs (dds, GMER, defogger, etc..) on my desk top. Should I leave them there until we're finished?

I removed the Adobe Reader 8.2.2 - Francais. There are also the "adobe flash player 10 active x", Adobe reader Japanese fonts", and "adobe shockwave player" programs on my computer... should they be removed?

when I copied the "%userprofile%\Desktop\TDSSKiller.exe"-lC:\TDSSKiller.txt-v" it couldn't find the pathway. I have a french computer (I'm living in france right now). I substituted the word "bureau" for "Desktop" ("bureau" means "desktop" in french) and it opend the program and ran it. I hope that was okay.

I really appreciate all the help. Thank you so much!!!

TDSSKiller.2.3.2.0_24.06.2010_20.07.59_log.txt

TDSSKiller.txt

[Maniac]

I still have the programs and the logs (dds, GMER, defogger, etc..) on my desk top. Should I leave them there until we're finished?

Yes, you should.

I removed the Adobe Reader 8.2.2 - Francais. There are also the "adobe flash player 10 active x", Adobe reader Japanese fonts", and "adobe shockwave player" programs on my computer... should they be removed?

No, they shouldn't.

when I copied the "%userprofile%\Desktop\TDSSKiller.exe"-lC:\TDSSKiller.txt-v" it couldn't find the pathway. I have a french computer (I'm living in france right now). I substituted the word "bureau" for "Desktop" ("bureau" means "desktop" in french) and it opend the program and ran it. I hope that was okay.

It seems working.

How are things running now?

[pappy21200]

Thanks for your help!...... Things are the same. I only have occassional access to my "Favorites" websites (hotmail, aolmail, msn weather, ebay...). When I click on the website one of two things happens...

Either: The website works fine and everything is cool!

Or: The computer tries to connect to the site but then it takes to long and I get the 404 messege (website broken/unavailible)

I always seem to be able to access malwarebytes.org website, which is a good thing. Any more suggestions?

I just ran a malwarebytes quick scan and everything was clean.

mbam_log_2010_06_24__20_52_49_.txt

[Maniac]

Your database version is old, please update and try again.

[pappy21200]

Borislav, what is a "database version" ? My version of malwarebytes?

[pappy21200]

I'm computer illiterate, sorry!! My wife told me you probably wanted me update the malwarebytes... So, I updated the malwarebytes and re-ran a scan (results attached).

In the meantime, I've been trying all the sites in my "favorites" folder and everything seems to be working better!!!!!!!!

Do you want me to do something else or wait a few days to see if the imrovements are permanent?

Thanks!!!

[Maniac]

Under the version of the database, you can understand updates.

Will be good. Please check how is your system for three days and come back to let me know.

[pappy21200]

Well, the news is not good. I still have the same problem: I can't access the sites I use the most. Other sites (like this one for example) work fine but my favorites don't work consistently. I click on them, they try to open but then time out and I get a 404 message. Do you think it's a virus or maybe a programming problem?

Some sites I can't access: msn weather, hotmail, msnbc, aol.com; ebay, amazon...

I hope you have some ideas.

Thanks!!!!

[pappy21200]

Also, can I reload adobe reader or should I keep waiting?

[Maniac]

You should wait while finish our work.

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Open Tools -> Options -> Main tab
     
   • Set to Always ask me where to Save the files.
     

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  

  -----------------------------------------------------------

  
  

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[pappy21200]

I just got back from work. Thank you for your reply to my email, you are cool! I also appreciate your insight into computer fixes. I just assumed that since the virus destroys things so fast that the fix could be just as fast. Now I see it really is like treating an illness. It takes time and different medicines to make it better. Thank you very much for your time and attention!

I will use the computer at work when I need Adobe. In the mean time I will leave it off the computer. I promise not to do anything until you give me the "all clear"! I couldn't possibly do any fixing on my own unless it was to smash the central unit with a hammer..... something I think about sometimes when I want to read my emails and can't access the site !!

[pappy21200]

One quick question... when do I reactivate the anti-virus, script blocking, anti-malware programs?

[pappy21200]

Here are the results from the combo-fix scan (attached)!

... The original name of the combo-fix log was "log.txt" I changed it to "Combo-Fix.txt". I hope that's okay.

Combo_Fix.txt

[Maniac]

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

Driver::
4ea09851d5e12bcabde8d4ef4cb75969

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

[pappy21200]

Okay, that's done!! Please fine the log attached (I've named it Combo-Fix2.txt because it's the 2nd log we've generated from Combo-Fix).

Thank you so much for your help!

Combo_Fix2.txt

[Maniac]

Good!

How are things now?