The original problem was internet explorer would open automatically but wouldn't be on the screen, I would start hearing some type of advertisements, then open task manager, processes and see iexplorer.exe open even when i had no pages open....so i would end it. Figured it was some type of virus. Thanks for your help I really do appreciate it very much.
Also, one other issue that is still happening is if i go to yahoo and search for something, every thing on the search page comes up normal but when i click on the link it doesnt go to the correct page it goes to some advertisement page, then if i click back and click that page again it does right. Seems like some spyware issues but I dont' know.
Going to need to hunt for a source there yet.
Download DELDOMAINS -> right click the link, and select Save Link/Target As), and save that to your desktop. Then right-click and Select 'Install' from the Menu. You may only see the desktop perhaps flicker when the fix makes the corrections.
Click here or here and download Win32kDiag.exe directly to your C drive folder, so it then is C:\Win32kDiag.exe.
Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:
cd\
win32kdiag -r -f
Once that completes press any key to finish the scan. Post the new Win32kDiag.txt log with your next reply (it should be located on the desktop).
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
Running from: win32kdiag
Log file at : C:\Documents and Settings\John Owen Burt Cole\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
I think I see something pretty suspect in the earlier logs. Let's check.
Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
Then go here, press new topic, fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the following file on your computer.
c:\windows\system32\ctfmon_oz.exe
You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.
------------
Also go to Start > Run and type:
cmd.exe
and ok. Copy and paste the below string after the prompt, then press Enter >
dir /s /a "c:\*ctfmon*.*" > c:\find.txt && notepad c:\find.txt
Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread please.
Once that Notepad textbox opens, also click at the prompt in the still open command console window and type exit to close that.
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
Volume in drive C has no label.
Volume Serial Number is DC33-C1E7
Directory of c:\i386
08/04/2004 05:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes
Directory of c:\WINDOWS\$NtServicePackUninstall$
01/01/2008 04:18 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes
Directory of c:\WINDOWS\Prefetch
10/31/2009 10:31 PM 15,916 CTFMON.EXE-05E57A5E.pf
1 File(s) 15,916 bytes
Directory of c:\WINDOWS\ServicePackFiles\i386
04/13/2008 06:12 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes
Directory of c:\WINDOWS\system32
04/13/2008 06:12 PM 15,360 ctfmon.exe
06/26/2009 10:50 AM 10,752 ctfmon_nz.exe
09/24/2009 11:37 PM 9,728 ctfmon_oz.exe
3 File(s) 35,840 bytes
Total Files Listed:
7 File(s) 97,836 bytes
0 Dir(s) 16,941,162,496 bytes free
I received the file, thanks. Not being picked up by scans as malicious, but in it's code it shows URL activity, related to an important IE urlmon.dll file.
Return to the SpyKiller site, and upload this file as well please:
c:\WINDOWS\system32\ctfmon_nz.exe
------------
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download OTM.exe by OldTimer to your desktop.
Then click OTM.exe to run it (Vista users, please right click on OTM.exe and select "Run as an Administrator").
Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.Code::files c:\WINDOWS\system32\ctfmon_oz.exe c:\WINDOWS\system32\ctfmon_nz.exe
A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
-----------
Click here and download jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below):
Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.Code::filefind ctfmon.exe urlmon.dll
Post that and the OTM log please.
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
========== FILES ==========
c:\WINDOWS\system32\ctfmon_oz.exe moved successfully.
c:\WINDOWS\system32\ctfmon_nz.exe moved successfully.
OTM by OldTimer - Version 3.0.0.6 log created on 11022009_201807
---------------------------------------
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:19 on 02/11/2009 by John Owen Burt Cole (Administrator - Elevation successful)
========== filefind ==========
Searching for "ctfmon.exe"
C:\i386\ctfmon.exe --a--- 15360 bytes [18:16 08/04/2006] [11:00 04/08/2004] 24232996A38C0B0CF151C2140AE29FC8
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe -----c 15360 bytes [03:46 11/06/2008] [22:18 01/01/2008] 24232996A38C0B0CF151C2140AE29FC8
C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe ------ 15360 bytes [03:34 11/06/2008] [00:12 14/04/2008] 5F1D5F88303D4A4DBC8E5F97BA967CC3
C:\WINDOWS\system32\ctfmon.exe --a--- 15360 bytes [18:51 10/08/2004] [00:12 14/04/2008] 5F1D5F88303D4A4DBC8E5F97BA967CC3
Searching for "urlmon.dll"
C:\c06ed89bf04f9ec84b\urlmon.dll --a--- 1138688 bytes [05:31 23/08/2006] [05:31 23/08/2006] DE5DBF8FAD3595DB6D5EADB3A0CE5C2F
C:\i386\urlmon.dll --a--- 609280 bytes [18:24 08/04/2006] [03:16 05/11/2005] 890CEE6509D9F99054265C2B6313EADA
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\urlmon.dll --a--- 610304 bytes [18:51 01/04/2006] [03:34 05/11/2005] 39B01FF1C66F2ED46A64B2A8E250E2B9
C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\urlmon.dll --a--- 1153024 bytes [22:31 08/05/2007] [17:40 07/03/2007] CFAC503CCAB6130526D20FE16F4AA3FF
C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\urlmon.dll --a--- 1153536 bytes [09:08 25/04/2007] [09:08 25/04/2007] 1D3F6FD58697EE68EA04F917F11632B5
C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll --a--- 1162240 bytes [22:11 24/03/2008] [23:47 10/10/2007] C7BED13D2632A156D87E253BD49AD7AE
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll --a--- 1162752 bytes [22:12 24/03/2008] [02:01 07/12/2007] 75CE874ADF205C93D313A5025D3DA2E8
C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll --a--- 619520 bytes [08:00 26/06/2008] [08:00 26/06/2008] 29CD3099B7501801D857374A09423DA2
C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\urlmon.dll --a--- 620032 bytes [04:58 20/08/2008] [04:58 20/08/2008] ED035BBF7FDA959EF30C556A8B55BE15
C:\WINDOWS\$hf_mig$\KB958215\SP3QFE\urlmon.dll --a--- 620032 bytes [01:36 11/12/2008] [01:04 16/10/2008] FE52AD74E0120B46D54E002FE78092DE
C:\WINDOWS\$hf_mig$\KB963027\SP3QFE\urlmon.dll --a--- 620032 bytes [07:50 20/02/2009] [07:50 20/02/2009] ADBAC1E287EB20B685FAB516D681D0C2
C:\WINDOWS\$hf_mig$\KB969897\SP3QFE\urlmon.dll --a--- 620032 bytes [04:21 29/04/2009] [04:21 29/04/2009] 824E12CFC09111DB8A4B61BF9CC1A0D8
C:\WINDOWS\$hf_mig$\KB972260\SP3QFE\urlmon.dll --a--- 620544 bytes [16:42 26/06/2009] [16:42 26/06/2009] F13F85B27A66086F43FE2479D169D771
C:\WINDOWS\$hf_mig$\KB974455\SP3QFE\urlmon.dll --a--- 628736 bytes [05:32 25/09/2009] [05:32 25/09/2009] B5C92F495A62909F4E12BB947258DDC6
C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll -----c 618496 bytes [03:45 11/06/2008] [09:32 16/02/2008] 096AAAD9F62E56823608F14E17A45CDB
C:\WINDOWS\$NtUninstallKB912812$\urlmon.dll -----c 609280 bytes [20:57 26/04/2006] [03:16 05/11/2005] 890CEE6509D9F99054265C2B6313EADA
C:\WINDOWS\$NtUninstallKB916281$\urlmon.dll -----c 614400 bytes [04:52 15/06/2006] [11:04 18/03/2006] D4C84AAB6434BA9F78C4227B60EA99F4
C:\WINDOWS\$NtUninstallKB918899$\urlmon.dll -----c 615424 bytes [03:45 14/08/2006] [05:25 10/05/2006] 3A6882F7EFDFC8CB4AC575A3C8D1E8D3
C:\WINDOWS\$NtUninstallKB922760$\urlmon.dll -----c 615424 bytes [04:43 20/11/2006] [20:42 25/07/2006] 7BD49A507A0B563AD182C2D0C29D9B6F
C:\WINDOWS\$NtUninstallKB925454$\urlmon.dll -----c 615936 bytes [02:29 17/12/2006] [08:31 14/09/2006] F94C2AD0CF4FB6EAA1DC918ADBB0A7DC
C:\WINDOWS\$NtUninstallKB928090$\urlmon.dll -----c 615936 bytes [05:06 16/02/2007] [15:34 23/10/2006] 4C0BF3025A19E1CEBD8B9659DB5FB646
C:\WINDOWS\$NtUninstallKB933566$\urlmon.dll -----c 616960 bytes [05:28 16/06/2007] [12:24 25/01/2007] D9F8FEA025B766E4E96FE4F3109CB428
C:\WINDOWS\$NtUninstallKB937143$\urlmon.dll -----c 616960 bytes [02:40 15/08/2007] [12:46 18/04/2007] A9770C420CF4E1059065D9E5A090BDB6
C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll -----c 616960 bytes [22:03 10/10/2007] [08:12 15/06/2007] 74BC85C2AFA86B9D3EE8EB6AA650C69E
C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll -----c 617984 bytes [00:36 12/12/2007] [12:55 22/08/2007] 8CFCA55AD8141F2ED834747EC6AEB311
C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll -----c 617984 bytes [00:23 13/02/2008] [05:57 11/10/2007] 8E154446F666F2AAE2E50FE47DB89BAF
C:\WINDOWS\$NtUninstallKB947864$\urlmon.dll -----c 617984 bytes [09:11 10/04/2008] [00:44 07/12/2007] 2EECB5D2F1C90EA0E1D850A61D2A9A9D
C:\WINDOWS\$NtUninstallKB953838$\urlmon.dll -----c 619520 bytes [03:06 16/08/2008] [00:12 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\$NtUninstallKB956390$\urlmon.dll -----c 619520 bytes [05:08 15/10/2008] [08:15 26/06/2008] 1686EAF700FC5808E5E4F3BE2FC2671A
C:\WINDOWS\$NtUninstallKB958215$\urlmon.dll -----c 619520 bytes [02:10 11/12/2008] [05:30 20/08/2008] 3107C5B49FD260DA8554F05387CE96E1
C:\WINDOWS\$NtUninstallKB963027$\urlmon.dll -----c 619520 bytes [09:56 18/04/2009] [01:00 16/10/2008] F175AE75B2814FB4E02B0997E4AC5D82
C:\WINDOWS\$NtUninstallKB969897$\urlmon.dll -----c 619520 bytes [04:09 22/06/2009] [08:10 20/02/2009] FD9B01839219AFD3CF612D7C4A2FEED1
C:\WINDOWS\$NtUninstallKB972260$\urlmon.dll -----c 620032 bytes [23:38 03/08/2009] [04:46 29/04/2009] 56924BC7EDBC79C0DA42982DFB4169EF
C:\WINDOWS\$NtUninstallKB974455$\urlmon.dll -----c 620032 bytes [00:55 24/10/2009] [16:50 26/06/2009] 7EACE62F893B81687F9C6DAB6EB210B4
C:\WINDOWS\ie7updates\KB933566-IE7\urlmon.dll -----c 1150464 bytes [22:42 12/06/2007] [17:45 07/03/2007] A8F82EE792F050FDFBBAB787FC61639C
C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll -----c 1159680 bytes [22:22 24/03/2008] [23:56 10/10/2007] A0C7A44451208353A8B6B7F5FE5C0BB6
C:\WINDOWS\ServicePackFiles\i386\urlmon.dll ------ 619520 bytes [03:37 11/06/2008] [00:12 14/04/2008] DD639FAE9C80EBB3B9E632202A9DEB54
C:\WINDOWS\SoftwareDistribution\Download\85ea9e216393783c9ef 11731dd1cea2d\sp2qfe\urlmon.dll --a--- 615424 bytes [05:25 10/05/2006] [05:25 10/05/2006] 3A6882F7EFDFC8CB4AC575A3C8D1E8D3
C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f 6dd82521ed694\sp3gdr\urlmon.dll --a--- 627712 bytes [05:37 25/09/2009] [05:37 25/09/2009] 64829DA097C9C482594E3EBE2F8F3FF4
C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f 6dd82521ed694\sp3qfe\urlmon.dll --a--- 628736 bytes [05:32 25/09/2009] [05:32 25/09/2009] B5C92F495A62909F4E12BB947258DDC6
C:\WINDOWS\system32\dllcache\urlmon.dll ------ 627712 bytes [08:15 26/06/2008] [05:37 25/09/2009] 64829DA097C9C482594E3EBE2F8F3FF4
C:\WINDOWS\system32\urlmon.dll --a--- 627712 bytes [18:51 10/08/2004] [05:37 25/09/2009] 64829DA097C9C482594E3EBE2F8F3FF4
-=End Of File=-
Not any support information on that urlmon.dll file either, or only one web link. Please upload this file at SpyKiller as well:
C:\WINDOWS\system32\urlmon.dll
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
Did I post the information you requested?
Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)
Forumregeln
Mit Zitat antworten