BleepingComputer.com: goingonearth took out security center service

Alright, so this is the first time I've found myself needing to ask for help when I've had a problem with my computer. Any other time, I've been able to scan through others posts and figure out a fix, but this time, I'm stumped. I wouldn't call myself an expert or anything, but I've been using computers for the better part of three decades, and I've learned a thing or two in that time. This site has generally always seemed to have had the best help offered, so I'm going to try here first.

So here's my story:
Several months ago I had a hard drive failure in my laptop. I replaced the hard drive, and started from scratch with a fresh install of Win7, and only programs I deemed absolutely necessary (FireFox, OpenOffice, MBAM, CCleaner, Microsoft Security Essentials, one game, Spore, and a few FF plugins, FireFTP, Adblock Plus, and Firebug), and I didn't really need anything else. I don't really trust free antivirus software (hence no AVG or Avast or the like), and because I had always had problems with viruses and malware and the like before the new hard drive, I had decided to specifically avoid going to any suspicious sites, or downloading anything questionable. A few weeks ago, I had spilled some soda on the keyboard and had to get it replaced and I just got it back the day before yesterday. During the time I was waiting for it to be returned, I decided there was a program I needed, but couldn't afford the $300 bill for it, so like an idiot, I decided to go against my policy of wariness and downloaded it off a torrent and installed it. I am currently repenting because of the problem I'm currently having.

Now, as far as the problem, it seems I have been infected with the goingonearth virus (or whatever it is). I don't know how (and others who have had this goingonearth problem don't seem to have had this problem, judging by what I've seen during my searches for a cure), but somewhere between the infection, and running MBAM and CCleaner, it took out Windows Security Center service, which in turn, took out Microsoft Security Essentials, and Windows Defender (all of which give me some error about not having any enabled devices), leaving my computer defenseless. I can still use it for all the things I usually use it for, but searching for anything on Google gives me the redirect to a blank page on goingonearth.com that seems standard with this particular bit of nastiness, which is a bit annoying, but my main concern is the lack of protection my computer is having.

I've run MBAM and CCleaner a couple dozen times by now, the last several times turning up nothing on MBAM, and no registry errors in CCleaner. I also uninstalled everything I installed over the last two days (except for the Windows updates, and the upgrade to FireFox 5.0), deleted all the files I downloaded, and cleared them from my recycle bin. I tried running a system restore three times now, each time it had some error and didn't work. I tried popping in my Win7 disc and running setup to see if reinstalling it on top of what I got would overwrite whatever is causing the problem with Security Center, but it told me I couldn't install it because I needed to update my BIOS. I downloaded and ran the BIOS update thing, but it told me it wouldn't update because the computer needs to be plugged in and have a battery installed. Problem with that is that the battery on my computer hasn't worked for at least 4 years now. I have all my data backed up on an external hard drive, so if absolutely necessary, I can do a hard drive reformat, and reinstall from the ground up again, though I'm concerned about the whole needing to update my BIOS thing being an issue since, unless I'm mistaken, BIOS isn't something stored on the hard drive, but on the motherboard itself. But I'd rather that be a last resort type of thing. I've also tried downloading and running TDSSkiller and a scan with ComboFix, both of which turned up nothing (though in all honesty, I couldn't tell you what a single thing on the ComboFix log means, so I don't really know if that would have done me any good anyway). I've also run TrendMicro's Housecall online virus scanner program, but to no avail.

I apologize for the long post, but I wanted to be as thorough as I could be, and I hope I didn't ramble on too much. I'd like to get this resolved as quickly as possible, so I would appreciate any help I could get, as I'm on day two of trying to fix this issue, and I'm starting to get at my wit's end. I'm willing to try just about anything to get my computer back to 100%.

This post has been edited by Budapest: 21 July 2011 - 10:27 PM
Reason for edit: Moved from Win7 ~Budapest

Welcome aboard

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List last 10 Event Viewer log
  
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Thanks for the response, here's the logs you asked for:


From Security Check:

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

==============================================================================================================

From MiniToolBox:

MiniToolBox by Farbar
Ran by sidzero (administrator) on 21-07-2011 at 22:24:20
Windows 7 Home Premium Service Pack 1 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : eightballvirus
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-18-F3-3D-F9-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-18-F3-3D-F9-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f8d9:7096:e712:2ca9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 21, 2011 2:38:25 PM
Lease Expires . . . . . . . . . . : Friday, July 22, 2011 2:38:28 PM
Default Gateway . . . . . . . . . : fe80::345a:fa4a:397:351f%11
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218110195
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-73-A7-27-00-15-C5-13-B3-D6
DNS Servers . . . . . . . . . . . : 192.168.1.1
24.217.0.5
24.217.201.67
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-15-C5-13-B3-D6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6FB1A781-C074-4176-A985-6A8DB622CE46}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2411:3f9e:e749:1533(Preferred)
Link-local IPv6 Address . . . . . : fe80::2411:3f9e:e749:1533%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{DD561B10-3C2D-4C77-9B41-A03706709197}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A4B7924E-C31D-4DA9-9FDD-B56707B7D93D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.17
74.125.225.18
74.125.225.20
74.125.225.19
74.125.225.16


Pinging google.com [74.125.157.147] with 32 bytes of data:
Reply from 74.125.157.147: bytes=32 time=36ms TTL=54
Reply from 74.125.157.147: bytes=32 time=37ms TTL=54

Ping statistics for 74.125.157.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 37ms, Average = 36ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=58ms TTL=51
Reply from 67.195.160.76: bytes=32 time=45ms TTL=51

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 58ms, Average = 51ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...00 18 f3 3d f9 db ......Microsoft Virtual WiFi Miniport Adapter
11...00 18 f3 3d f9 db ......Dell Wireless 1390 WLAN Mini-Card
10...00 15 c5 13 b3 d6 ......Broadcom 440x 10/100 Integrated Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 286
192.168.1.101 255.255.255.255 On-link 192.168.1.101 286
192.168.1.255 255.255.255.255 On-link 192.168.1.101 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
11 286 ::/0 fe80::345a:fa4a:397:351f
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:2411:3f9e:e749:1533/128
On-link
11 286 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2411:3f9e:e749:1533/128
On-link
11 286 fe80::f8d9:7096:e712:2ca9/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/21/2011 01:05:38 PM) (Source: Microsoft Security Client Setup) (User: sidzero)sidzero
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/21/2011 01:04:24 PM) (Source: MsiInstaller) (User: sidzero)sidzero
Description: Product: Microsoft Antimalware -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start. Verify that you have sufficient privileges to start system services.

Error: (07/21/2011 01:01:28 PM) (Source: Microsoft Security Client Setup) (User: sidzero)sidzero
Description: HRESULT:0x8004FF0A
Description:Upgrade installation canceled. To upgrade later, run the Security Essentials Upgrade Wizard again. Error code:0x8004FF0A.

Error: (07/20/2011 03:30:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/20/2011 03:30:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/20/2011 03:29:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/20/2011 03:29:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/20/2011 03:29:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/20/2011 03:29:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/20/2011 03:28:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (07/21/2011 03:46:40 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:37 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:34 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:32 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:29 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:26 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:24 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:21 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:18 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/21/2011 03:46:15 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (07/21/2011 01:05:38 PM) (Source: Microsoft Security Client Setup)(User: sidzero)sidzero
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (07/21/2011 01:04:24 PM) (Source: MsiInstaller)(User: sidzero)sidzero
Description: Product: Microsoft Antimalware -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/21/2011 01:01:28 PM) (Source: Microsoft Security Client Setup)(User: sidzero)sidzero
Description: HRESULT:0x8004FF0A
Description:Upgrade installation canceled. To upgrade later, run the Security Essentials Upgrade Wizard again. Error code:0x8004FF0A.

Error: (07/20/2011 03:30:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2011 03:30:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2011 03:29:04 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2011 03:29:04 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2011 03:29:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2011 03:29:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2011 03:28:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3070.44 MB
Available physical RAM: 2202.78 MB
Total Pagefile: 6139.17 MB
Available Pagefile: 5312.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:254.2 GB) NTFS

========================= Users: ========================================

User accounts for \\EIGHTBALLVIRUS

Administrator Guest sidzero


== End of log ==


==============================================================================================================

From MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7226

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/21/2011 10:28:57 PM
mbam-log-2011-07-21 (22-28-57).txt

Scan type: Quick scan
Objects scanned: 151808
Time elapsed: 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



==============================================================================================================

From GMER:

(will edit with the rest)

Don't edit.
Just post a new reply.

Okay, I can do that too. Here's the log from GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-21 23:00:42
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0002SDM1
Running: gy6ls1mp.exe; Driver: C:\Users\sidzero\AppData\Local\Temp\ffliipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 8287C339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828B5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9040E000, 0x23097E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!LdrLoadDll 771822B8 5 Bytes JMP 01161410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!GetWindowInfo 76664B5E 5 Bytes JMP 6D8EC3EA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3580] USER32.dll!SetWindowLongA 76658BA3 5 Bytes JMP 6DACEDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3580] USER32.dll!SetWindowLongW 76664449 5 Bytes JMP 6DACED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3580] USER32.dll!GetWindowInfo 76664B5E 5 Bytes JMP 6D8E5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3580] USER32.dll!TrackPopupMenu 76672228 5 Bytes JMP 6D8E5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

That looks good.

Go Start and in "Start search" type in:
services.msc
Press Enter.

Find Security Center service.
See, if it's running and if it's set to automatic startup.

Ah, yes, I've tried that several times in my quest to get things running again. It always ends up shutting itself down within a minute or so, and anytime I try to turn on Windows Defender or Microsoft Security Essentials from within, it gives me an error saying "The Service cannot be started, either because or because it has no enabled devices associated with it. (Error code: 0x80070422)" (the error code comes from Windows Defender, Microsoft Security Essentials gives me the same text, but no error code).

Perhaps the last response was a bit hasty, as it seems to not be shutting itself down this time. Perhaps this is progress? I don't know, but it's still not letting me run Security Essentials or Defender yet.

If you have MSE installed it'll automatically disable Windows Defender (which is rather useless anyway).

What happens when you try to run MSE?

It gives me the little red house with a flag and a white X icon in the system tray, the window comes up plastered with red, and tells me "Security Essentials isn't monitoring your computer because the program's service stopped. You should restart it now." When I hit the Start Now button, it pops up with the error message I mentioned a little bit ago. MS's help site for the program gives me no help (not like I expect much from Microsoft's help databases). Ending the process from Task Manager and restarting it doesn't help, nor does rebooting and running it.

Did you try to uninstall/reinstall it?

Well, this is interesting. I had uninstalled/reinstalled it earlier today when I was having trouble keeping Security Center running. After I read your last post, I figured, why not give it another shot? Lo and behold, this time it worked! I got it up and running, let it do it's update/initial scan thing (which turned up no results). Now that problem seems solved. I just tried to see if it was giving me the goingonearth redirect thing again, and this time, it seems to be googling things fine. This leaves me puzzled as to what it was that actually fixed the problem (after all, it would be nice to know how to repeat the fix if something similar happens again). I'm also slightly concerned as to whether or not it will resurface. I had noticed a thread somewhere from someone else who was trying to rid themselves of this virus, and they said they had it resolved but it ended up coming back after a few restarts. I also had the redirection issue solved for a while before it started doing it again as well.

Oh well, hope for the best, prepare for the worst. The help was greatly appreciated. I hope I never have to ask for it again.

Hmmm....interesting.
I'm not sure what happened.

Your Event Viewer reports:

Quote

1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.

Let me know if any issues has been found.

Also....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
  
• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• Accept any security warnings from your browser.
  
• Check Scan archives
  
• Click Start
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push List of found threats
  
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Yeah, I was a bit concerned with the bad block bit when I saw it, too. Wouldn't that be taken care of with a disk defrag though? I was planning to do that soon, anyway, since I've yet to do that on this hard drive since I installed it back in November.

No issues came up with chkdsk or TFC.

ESET didn't give a "List of found threats" button or anything to push, presumably because it found no threats.

Quote

No, defrag doesn't deal with bad blocks.

For a peace of mind....
Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/FujitsuDrivesUSandCanada/SoftwareUtilities#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

===========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html