Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100ksearches.com redirects


  • Please log in to reply
1 reply to this topic

#1 the.prince.of.clouds

the.prince.of.clouds

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 28 July 2011 - 05:35 AM

I've been hit with this also.
I have followed instructions but the Malwarebytes' Anti-Malware shuts down after clicking scan. I've tried using it in safe mode and its the same result.

Here are the results:

Security Check

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9.0.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````





MiniToolBox

MiniToolBox by Farbar
Ran by The.Gypsy.Prince (administrator) on 28-07-2011 at 11:18:48
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : RCSMEDIA-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter SouthportKings:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR928X Wireless Network Adapter
Physical Address. . . . . . . . . : 00-24-2B-F3-40-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c8e8:d42f:72d4:31ed%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : July-28-11 10:59:31 AM
Lease Expires . . . . . . . . . . : July-29-11 10:59:30 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 268443618
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-3E-46-7F-00-1D-BA-F6-0E-DE
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1D-BA-F6-0E-DE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4413101C-9BCC-42C3-9561-FD43F244B389}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:7f:bbf:3f57:febc(Preferred)
Link-local IPv6 Address . . . . . : fe80::7f:bbf:3f57:febc%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [209.85.227.99] with 32 bytes of data:

Reply from 209.85.227.99: bytes=32 time=21ms TTL=49

Reply from 209.85.227.99: bytes=32 time=88ms TTL=49



Ping statistics for 209.85.227.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 88ms, Average = 54ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=135ms TTL=45

Reply from 209.191.122.70: bytes=32 time=135ms TTL=45



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 135ms, Maximum = 135ms, Average = 135ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 2b f3 40 24 ...... Atheros AR928X Wireless Network Adapter
10 ...00 1d ba f6 0e de ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.home
12 ...00 00 00 00 00 00 00 e0 isatap.{4413101C-9BCC-42C3-9561-FD43F244B389}
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 281
192.168.1.67 255.255.255.255 On-link 192.168.1.67 281
192.168.1.255 255.255.255.255 On-link 192.168.1.67 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 18 ::/0 On-link
1 306 ::1/128 On-link
13 18 2001::/32 On-link
13 266 2001:0:5ef5:79fb:7f:bbf:3f57:febc/128
On-link
11 281 fe80::/64 On-link
13 266 fe80::/64 On-link
13 266 fe80::7f:bbf:3f57:febc/128
On-link
11 281 fe80::c8e8:d42f:72d4:31ed/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/28/2011 11:19:05 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x1648, application start time 0xnslookup.exe0.

Error: (07/28/2011 11:18:53 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x109c, application start time 0xnslookup.exe0.

Error: (07/28/2011 11:06:23 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Sophos Anti-Virus -- Error 1321.The Installer has insufficient privileges to modify the file C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe.

Error: (07/28/2011 11:02:37 AM) (Source: Application Error) (User: )
Description: Faulting application iPodService.exe, version 10.1.1.4, time stamp 0x4d06b740, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x004385ce,
process id 0x1720, application start time 0xiPodService.exe0.

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2011 11:01:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2011 11:01:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/28/2011 11:19:05 AM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.183274cb73436c000013800009f7d164801cc4d0fc52d1cff

Error: (07/28/2011 11:18:53 AM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.183274cb73436c000013800009f7d109c01cc4d0fbd9af11f

Error: (07/28/2011 11:06:23 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Sophos Anti-Virus -- Error 1321.The Installer has insufficient privileges to modify the file C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe.(NULL)(NULL)(NULL)(NULL)

Error: (07/28/2011 11:02:37 AM) (Source: Application Error)(User: )
Description: iPodService.exe10.1.1.44d06b740unknown0.0.0.000000000c0000005004385ce172001cc4d0d7a26f20f

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (07/28/2011 11:01:53 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (07/28/2011 11:01:52 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe

Error: (07/28/2011 11:01:52 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 2938.31 MB
Available physical RAM: 1403.51 MB
Total Pagefile: 6080.92 MB
Available Pagefile: 4587.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.72 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:223.11 GB) (Free:112.57 GB) NTFS
2 Drive d: () (Removable) (Total:3.79 GB) (Free:3.79 GB) FAT32

========================= Users: ========================================

User accounts for \\RCSMEDIA-PC

Administrator Guest Mcx1
RCS-MEDIA DESIGNS SophosSAURCSMEDIA-P0 The.Gypsy.Prince


== End of log ==




Like i said Malwarebytes' Anti-Malware shuts down moments after it starts scanning.
I haven't tried GMER as of yet.

Please advise.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:14 AM

Posted 28 July 2011 - 09:44 AM

Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If MBAM will not run, try renaming it first or using RKill by Grinler before scanning with Malwarebytes Anti-Malware. This tool terminates certain processes and fixes certain registry keys that stop us from using security and clean up tools. To do that, please refer to the instructions provided in For those having trouble running Malwarebytes Anti-Malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users