Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Insufferable Google Redirect Virus


  • Please log in to reply
18 replies to this topic

#1 Jihadme@hello

Jihadme@hello

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 31 August 2011 - 01:54 AM

This seems to be like a fairly common problem recently. I've ran multiple antiviruses (spybot, trendmicro, and norton), but nothing has been able to locate the malicious file(s). Findfastanswers, Goosearch, and a couple other domains are what I am being redirected to through Google search engine results.

Any help would be appreciated!

Edited by Jihadme@hello, 31 August 2011 - 02:05 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 31 August 2011 - 10:56 AM

Hello and welcome. we need to run a few tools and get some information.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 31 August 2011 - 04:08 PM

MiniToolBox by Farbar
Ran by bestbuy (administrator) on 30-08-2011 at 15:58:54
Windows ™ Vista Home Premium Service Pack 2 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 63798
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com

There are 12621 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1
add address name="Local Area Connection" address=192.168.1.216


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ARRLSTNHM3
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-22-19-11-03-FC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8442:8af5:b79c:6dfd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.216(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-E0-55-30-00-22-19-11-03-FC
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{272C29BB-F543-4947-94AB-BF506144008C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.65.104
74.125.65.103
74.125.65.147
74.125.65.105
74.125.65.99
74.125.65.106



Pinging google.com [74.125.67.105] with 32 bytes of data:

Reply from 74.125.67.105: bytes=32 time=38ms TTL=49

Reply from 74.125.67.105: bytes=32 time=39ms TTL=49



Ping statistics for 74.125.67.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 39ms, Average = 38ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=19ms TTL=50

Reply from 209.191.122.70: bytes=32 time=23ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 23ms, Average = 21ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 22 19 11 03 fc ...... Intel® 82566DC-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{272C29BB-F543-4947-94AB-BF506144008C}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.216 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.216 266
192.168.1.216 255.255.255.255 On-link 192.168.1.216 266
192.168.1.255 255.255.255.255 On-link 192.168.1.216 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.216 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.216 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::8442:8af5:b79c:6dfd/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2011 03:27:58 AM) (Source: Application Error) (User: )
Description: Faulting application DllHost.exe, version 6.0.6000.16386, time stamp 0x4549bbff, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception code 0xc0000374, fault offset 0x00000000000aca57,
process id 0x90c, application start time 0xDllHost.exe0.

Error: (08/28/2011 04:05:29 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:29 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:29 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:29 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:28 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:28 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:28 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:28 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\6> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/28/2011 04:05:28 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BESTBUY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P3BB3PHX.DEFAULT\CACHE\5> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (08/28/2011 01:37:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:28:35 AM on 8/28/2011 was unexpected.

Error: (08/20/2011 07:07:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:45:24 PM on 8/20/2011 was unexpected.

Error: (08/20/2011 02:16:39 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X64

Error: (08/20/2011 02:16:09 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (08/20/2011 02:12:24 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:06:09 PM on 8/19/2011 was unexpected.

Error: (08/09/2011 03:14:41 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (08/09/2011 03:14:41 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (08/09/2011 03:14:41 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (08/09/2011 03:14:41 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (08/09/2011 03:14:41 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (05/10/2011 03:37:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17048 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/21/2010 09:24:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/20/2010 03:46:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 90804 seconds with 180 seconds of active time. This session ended with a crash.

Error: (01/01/2010 06:14:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/01/2010 06:04:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 371 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/01/2010 05:56:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/01/2010 05:49:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/01/2010 05:47:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/01/2010 05:47:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/01/2010 05:43:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
4Videosoft MKV Video Converter
AAC Decoder (Version: 7.1.0)
Abrosoft FantaMorph 4.1 (Version: 4.1)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
ActionReplay Xbox
Active@ ISO Burner (Version: 2.0.5)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.3.1)
Adobe Acrobat 9.3.1 - CPSID_50570
Adobe AIR (Version: 1.5.3.9120)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge CS4 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Web Premium (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CS4 French Speech Analysis Models (Version: 1)
Adobe CS4 German Speech Analysis Models (Version: 1)
Adobe CS4 International English Speech Analysis Models (Version: 1)
Adobe CS4 Italian Speech Analysis Models (Version: 1)
Adobe CS4 Japanese Speech Analysis Models (Version: 1)
Adobe CS4 Korean Speech Analysis Models (Version: 1)
Adobe CS4 Spanish Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54)
Adobe Flash Player 10 Plugin (Version: 10.2.159.1)
Adobe Fonts All (Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS5 (Version: 7.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 1.7)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 9.3.1 (Version: 9.3.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.008.0409.2230)
AutoUpdate (Version: 1.1)
AVS Disc Creator version 2.1
AVS Video Tools 5.1
BlackBerry® Media Sync (Version: 3.0.0.39)
Bonjour (Version: 2.0.5.0)
Casino Verite Blackjack V5 (Version: 5.0)
Catalyst Control Center Core Implementation (Version: 2008.0409.2231.38463)
Catalyst Control Center Graphics Full Existing (Version: 2008.0409.2231.38463)
Catalyst Control Center Graphics Full New (Version: 2008.0409.2231.38463)
Catalyst Control Center Graphics Light (Version: 2008.0409.2231.38463)
Catalyst Control Center Graphics Previews Common (Version: 2008.0409.2231.38463)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization French (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization German (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Hungarian (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Italian (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Japanese (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Korean (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Portuguese (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Spanish (Version: 2008.0409.2231.38463)
Catalyst Control Center Localization Turkish (Version: 2008.0409.2231.38463)
ccc-core-static (Version: 2008.0409.2231.38463)
ccc-utility64 (Version: 2008.0409.2231.38463)
CCC Help Chinese Standard (Version: 2008.0409.2230.38463)
CCC Help Chinese Traditional (Version: 2008.0409.2230.38463)
CCC Help English (Version: 2008.0409.2230.38463)
CCC Help French (Version: 2008.0409.2230.38463)
CCC Help German (Version: 2008.0409.2230.38463)
CCC Help Hungarian (Version: 2008.0409.2230.38463)
CCC Help Italian (Version: 2008.0409.2230.38463)
CCC Help Japanese (Version: 2008.0409.2230.38463)
CCC Help Korean (Version: 2008.0409.2230.38463)
CCC Help Portuguese (Version: 2008.0409.2230.38463)
CCC Help Spanish (Version: 2008.0409.2230.38463)
CCC Help Turkish (Version: 2008.0409.2230.38463)
CCleaner (Version: 3.10)
CDDRV_Installer (Version: 4.60)
CheshireCat's One Click File Joiner (Version: 1.00.0000)
Combined Community Codec Pack 2009-09-09 (Version: 2009.09.09.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Connect (Version: 1.0.0.1)
Consumer In-Home Service Agreement (Version: 2.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
DeskPins (remove only)
Digital Line Detect (Version: 1.21)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
EasyBCD 1.7.2 (Version: 1.7.2)
EPSON NX110 Series Printer Uninstall
EPSON Scan
erLT (Version: 1.20.137.31)
EvoX Skin Creator (Version: 1.0.0)
Exifer
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Font Xplorer 1.2.2
Free ISO Creator version 2.8 (Version: 1.2)
Geek Squad 24 Hour Computer Support (Version: 1.01.171)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.65)
H.264 Decoder (Version: 1.1.0)
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (Version: 2.0.25296)
Hauppauge TV Tuner Driver (Version: 2.0.25312)
ImgBurn (Version: 2.5.2.0)
Intel® Network Connections 13.0.42.0 (Version: 13.0.42.0)
Intel® Matrix Storage Manager
InterVideo WinDVR 3
ISOX Creator
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 18 (Version: 6.0.180)
Java™ 6 Update 7 (Version: 1.6.0.70)
K-Lite Codec Pack (64-bit) v2.4.5
K-Lite Codec Pack 4.9.0 (Basic) (Version: 4.9.0)
KhalInstallWrapper (Version: 4.60.122)
kuler (Version: 2.0)
Logitech SetPoint (Version: 4.60)
Magic DVD Ripper V5.5.1
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MediaPortal (Version: 1.1.0)
MediaPortal TV Server / Client (Version: 1.1.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MKV Converter Studio V1.0.2 (Version: 1.0.2)
MKV Splitter (Version: 1.0.1)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mouse Suite for Desktop Computers (Version: 2.50.025)
Mozilla Firefox 6.0.1 (x86 en-US) (Version: 6.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MySQL Server 5.1 (Version: 5.1.38)
NetWaiting (Version: 2.5.53)
NewBlue 3D Transformations for Windows
Norton Internet Security (Version: 18.6.0.29)
Opera 11.11 (Version: 11.11.2109)
PDF Settings CS4 (Version: 9.0)
PDF Settings CS5 (Version: 10.0)
PhotoME (Version: 0.79R17)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
QuickTime (Version: 7.69.80.9)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Skins (Version: 2008.0409.2231.38463)
Snagit 9.1.2 (Version: 9.1.2.304)
SopCast 3.2.9 (Version: 3.2.9)
Spybot - Search & Destroy (Version: 1.6.2)
Suite Shared Configuration CS4 (Version: 1.0)
System Requirements Lab (Version: 4.1.67.0)
Ulead GIF Animator 5
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Vegas Pro 9.0 (64-bit) (Version: 9.0.895)
VLC media player 1.1.3 (Version: 1.1.3)
Winamp (Version: 5.56 )
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Xbox GameSaves V2 (Version: 2.3.0)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 6077.03 MB
Available physical RAM: 2587.68 MB
Total Pagefile: 12317.09 MB
Available Pagefile: 9044.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3999.68 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:610.53 GB) (Free:29.66 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.38 GB) NTFS
8 Drive k: () (Fixed) (Total:931.51 GB) (Free:891.66 GB) NTFS

========================= Users: ========================================

User accounts for \\ARRLSTNHM3

Administrator bestbuy Guest
Owner

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 31 August 2011 - 08:13 PM

So far looks like a couple issues with Adobe. You are also running SpyBot??

Will wait in MBAM and GMER
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 12:01 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-30 23:57:10
Windows 6.0.6002 Service Pack 2
Running: kxe0zfzl.exe


---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0997A.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid 65536 bytes

---- EOF - GMER 1.0.15 ----

#6 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 12:02 AM

So far looks like a couple issues with Adobe. You are also running SpyBot??

Will wait in MBAM and GMER


Thanks for your help!

I run spybot occasionally. Is that a problem? (It wasn't running when I did the scan to my knowledge)

Edited by Jihadme@hello, 01 September 2011 - 12:07 AM.


#7 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 12:10 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7617

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

8/31/2011 12:03:35 AM
mbam-log-2011-08-31 (00-03-35).txt

Scan type: Quick scan
Objects scanned: 208183
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 12:13 AM

Here is a full system scan:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7617

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

8/30/2011 3:53:49 AM
mbam-log-2011-08-30 (03-53-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 509482
Time elapsed: 1 hour(s), 59 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 01 September 2011 - 10:43 AM

Hi, all ths is Spybots teatimer app in your Hosts file. I do not think all the other stuff there is needed.

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com


So we will reset the hosts file run a scan and see how it is..

First ...We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy



Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 03:44 PM

Thanks!

1. Disabled Teatimer
2. Reset HOSTS file
3. Ran TDSKiller after it was saved to my desktop

Unfortunately, it found 0 threats?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 01 September 2011 - 03:55 PM

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 05:08 PM

In the process of ESET scanning.

1. Yes, connected through a router, but no other machines are being redirected.
2. Yes, Firefox is my primary web browser.

I will post the log as soon as the online scan finishes!

Thanks again for you help and patience.

#13 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 05:20 PM

Unfortunately the ESET is not able to download updates due to a proxy issue.

Any suggestions?

Posted Image

Edited by Jihadme@hello, 01 September 2011 - 05:20 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:28 AM

Posted 01 September 2011 - 05:38 PM

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

Edited by boopme, 01 September 2011 - 05:38 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Jihadme@hello

Jihadme@hello
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 September 2011 - 06:03 PM

I went to check that as well, after I received the error message initially. My settings have always been set to "automatically detect settings".
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users