Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

error pop-up and search redirect


  • Please log in to reply
16 replies to this topic

#1 bhasky

bhasky

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 31 August 2011 - 05:05 PM

My computer seems to have been infected with a virus and I cannot remove it. I have tried reinstalling and running antivurus from symantec - run antispyware and malwarebytes but the problem does not go away. Malwarebytes did find a rojan virus but it did not solve the problem.
Every time I start any program I get the following error

https://picasaweb.google.com/bchatterjee/August312011#5647142728567545026

My search results are being redirected to other search engines like fast answers and random sites, and I have to click on a link twice or thrice before it will let me go the actual search link results

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:19 AM

Posted 31 August 2011 - 11:27 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 bhasky

bhasky
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 01 September 2011 - 06:55 PM

BC Advisor thanks a million for helping me out :
attached are the results of running these tests :-

Security Check
------------
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
IBM 32-bit Runtime Environment for Java v6
IBM 64-bit Runtime Environment for Java v6
Java™ 6 Update 21
IBM 32-bit Runtime Environment for Java v6
Out of date Java installed!
Adobe Flash Player 10.3.183.7
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````
---------------------

Mini_Toolbar Result
---------------
MiniToolBox by Farbar
Ran by bchatter (administrator) on 01-09-2011 at 16:02:37
Windows 7 Professional (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Bluetooth Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection* 18" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 4" forwarding=enabled advertise=enabled metric=1 nud=enabled
add address name="Local Area Connection* 18" address=192.168.121.1
add address name="VMware Network Adapter VMnet1" address=192.168.121.1
add address name="VMware Network Adapter VMnet8" address=192.168.3.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : IBM-CWTKHU7QIXU
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : i**.com
svl.i**.com
boulder.i**.com
pok.i**.com
***.COM

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 58-94-6B-B3-40-BC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
Physical Address. . . . . . . . . : E0-2A-82-F3-48-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : F0-DE-F1-48-25-74
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 01, 2011 7:05:05 AM
Lease Expires . . . . . . . . . . : Friday, September 02, 2011 7:05:21 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f829:dee7:3924:ba6e%27(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.121.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 889213014
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-13-CD-CC-F0-DE-F1-48-25-74
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::900d:ad4a:7b89:5ac8%28(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.3.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 905990230
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-13-CD-CC-F0-DE-F1-48-25-74
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{96D58186-8700-4FAD-B2C3-A3B2F6FDB6D7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7D3B0A18-F911-4935-8BFA-C3149C1CF46D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B5AF41FB-D8C3-4F19-9C97-AAA0662FF5B1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F82EA279-79BE-4663-84A9-3B31112D27EE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{802430A8-1826-4867-8386-760637B25A88}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.0.0.1

Name: google.com.ibm.com
Address: 208.68.143.50


Pinging google.com [74.125.224.144] with 32 bytes of data:
Reply from 74.125.224.144: bytes=32 time=25ms TTL=55
Reply from 74.125.224.144: bytes=32 time=19ms TTL=55

Ping statistics for 74.125.224.144:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 25ms, Average = 22ms
Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com.***.com
Address: 208.68.143.50


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=98ms TTL=48
Reply from 67.195.160.76: bytes=32 time=93ms TTL=48

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 93ms, Maximum = 98ms, Average = 95ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...58 94 6b b3 40 bc ......Intel® Centrino® Advanced-N 6200 AGN
17...e0 2a 82 f3 48 48 ......Bluetooth Device (Personal Area Network) #2
12...f0 de f1 48 25 74 ......Intel® 82577LM Gigabit Network Connection
27...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
28...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.9 20
10.0.0.0 255.255.255.0 On-link 10.0.0.9 276
10.0.0.9 255.255.255.255 On-link 10.0.0.9 276
10.0.0.255 255.255.255.255 On-link 10.0.0.9 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.3.0 255.255.255.0 On-link 192.168.3.1 276
192.168.3.1 255.255.255.255 On-link 192.168.3.1 276
192.168.3.255 255.255.255.255 On-link 192.168.3.1 276
192.168.121.0 255.255.255.0 On-link 192.168.121.1 276
192.168.121.1 255.255.255.255 On-link 192.168.121.1 276
192.168.121.255 255.255.255.255 On-link 192.168.121.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.9 276
224.0.0.0 240.0.0.0 On-link 192.168.121.1 276
224.0.0.0 240.0.0.0 On-link 192.168.3.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.9 276
255.255.255.255 255.255.255.255 On-link 192.168.121.1 276
255.255.255.255 255.255.255.255 On-link 192.168.3.1 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
27 276 fe80::/64 On-link
28 276 fe80::/64 On-link
28 276 fe80::900d:ad4a:7b89:5ac8/128
On-link
27 276 fe80::f829:dee7:3924:ba6e/128
On-link
1 306 ff00::/8 On-link
27 276 ff00::/8 On-link
28 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/01/2011 04:02:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 04:01:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 04:01:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 04:01:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 04:01:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 03:56:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 03:56:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 03:55:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 03:55:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2011 03:54:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/01/2011 07:05:14 AM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0250F2000005" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (09/01/2011 07:05:14 AM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "0250F2000005" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (08/31/2011 03:10:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (08/31/2011 03:10:47 PM) (Source: Service Control Manager) (User: )
Description: The PMEM service failed to start due to the following error:
%%1275

Error: (08/31/2011 03:10:47 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\SysWow64\drivers\PMEMNT.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/31/2011 00:02:43 PM) (Source: BROWSER) (User: )
Description: The browser was unable to promote itself to master browser. The browser will continue
to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

Error: (08/31/2011 11:36:53 AM) (Source: BROWSER) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is I**-D729FC07074.

Error: (08/31/2011 11:11:02 AM) (Source: BROWSER) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is unknown.

Error: (08/31/2011 10:19:19 AM) (Source: BROWSER) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is I**-9C531DE8B7A.

Error: (08/31/2011 09:58:39 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 9.57.81.123.
The computer with the IP address 9.57.81.255 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (04/25/2011 11:06:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/25/2011 11:05:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/25/2011 11:04:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 211 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/25/2011 10:58:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/25/2011 10:33:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 140 seconds with 60 seconds of active time. This session ended with a crash.

Error: (04/25/2011 10:30:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 703 seconds with 540 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AT&T Network Client – I** (Version: 8.2.0.3003)
Bonjour (Version: 2.0.5.0)
Cisco AnyConnect VPN Client (Version: 2.5.3054)
Cisco Systems VPN Client 5.0.07.0240 (Version: 5.0.7)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant 20585 SmartAudio HD (Version: 4.95.43.0)
CuteFTP 8 Home (Version: 8.3.4)
FileZilla Client 3.5.0 (Version: 3.5.0)
Google Chrome (Version: 12.0.742.100)
Google Update Helper (Version: 1.3.21.57)
IBM 32-bit Runtime Environment for Java v6 (Version: 6)
IBM 64-bit Runtime Environment for Java v6 (Version: 6)
I** Ayúdame Utility (Version: 1.5.3.0046)
IBM Lotus Symphony (Version: 3.0.10289)
I** Personal Communications (Version: 6.0.1)
I** Standard Asset Manager
I** Standard Software Installer
InfoPrint Select (Version: 4.3.0)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 13.02.0000)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Lenovo System Interface Driver (Version: 1.01)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.99)
Lotus Notes 8.5.1 (Version: 8.51.9271)
LotusLive Meetings for IBM (Version: 8.2.1)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Viewer 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Mozilla Firefox 6.0.1 (x86 en-US) (Version: 6.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers (Version: 1.10)
NVIDIA nView Desktop Manager (Version: 6.14.10.12133)
NVIDIA Performance Drivers (Version: 2.0.0.24)
On Screen Display (Version: 6.02.00)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickTime (Version: 7.69.80.9)
RemoteComms External Disk Access (Version: 1.25.0003)
Roxio Creator Enterprise Edition Silver (Version: 10.3.206)
Symantec Endpoint Protection (Version: 11.0.6200.754)
Synaptics Pointing Device Driver (Version: 15.0.18.0)
TextPad 5 (Version: 5.4.2)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.2900)
ThinkPad FullScreen Magnifier (Version: 2.13)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad Power Management Driver (Version: 1.60.0.4)
ThinkPad Power Manager (Version: 3.30)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Access Connections (Version: 5.62)
ThinkVantage Active Protection System (Version: 1.72)
Tivoli Endpoint Manager Client (Version: 8.1.551.0)
tools-freebsd (Version: 8.4.6.16648)
tools-linux (Version: 8.4.6.16648)
tools-netware (Version: 8.4.6.16648)
tools-solaris (Version: 8.4.6.16648)
tools-windows (Version: 8.4.6.16648)
tools-winPre2k (Version: 8.4.6.16648)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
VD64Inst (Version: 1.00.0000)
VMware Player (Version: 3.1.3.14951)
VMware Workstation (Version: 7.1.4.16648)
WampServer 2.0
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Workstation Security Tool 2.5
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 16315.52 MB
Available physical RAM: 13512.91 MB
Total Pagefile: 32629.18 MB
Available Pagefile: 29818.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.89 MB

========================= Partitions: =====================================

1 Drive c: (Windows7_c4eb) (Fixed) (Total:465.76 GB) (Free:137.26 GB) NTFS

========================= Users: ========================================

User accounts for \\I**-CWTKHU7QIXU

__vmware_user__ Administrator bchatter
Guest


**** End of log ****
------------------------------


Malwarebytes Log
---------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7633

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/1/2011 4:08:08 PM
mbam-log-2011-09-01 (16-08-08).txt

Scan type: Quick scan
Objects scanned: 178230
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)
--------------------------------------------------

Malwarebytes log from first run a few days ago
--------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7620

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/31/2011 9:42:03 AM
mbam-log-2011-08-31 (09-42-03).txt

Scan type: Quick scan
Objects scanned: 178520
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0D8DFA84-B0A7-415E-915D-7A9664EFFE15} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D8DFA84-B0A7-415E-915D-7A9664EFFE15} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0D8DFA84-B0A7-415E-915D-7A9664EFFE15} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D8DFA84-B0A7-415E-915D-7A9664EFFE15} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\programdata\msvfw3232.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
--------------------------------------------------
GMER .log

-----------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-01 16:45:32
Windows 6.1.7600
Running: xsxntpon.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3953d5451
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f34848
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3953d5451 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f34848 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
-------------------------------------------


Thanks again,
Bhaskar

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:19 AM

Posted 01 September 2011 - 09:21 PM

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 bhasky

bhasky
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 02 September 2011 - 02:12 PM

Super anti spyware did not seem to find much...I have tied this one before as well and removed it from my computer since it did not find anything the first time around. I did run it in safe mode with the flags you mentioned and everything else unchecked.
---------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2011 at 12:01 PM

Application Version : 5.0.1118

Core Rules Database Version : 7637
Trace Rules Database Version: 5449

Scan type : Complete Scan
Total Scan Time : 00:52:57

Operating System Information
Windows 7 Professional 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 351
Memory threats detected : 0
Registry items scanned : 74811
Registry threats detected : 0
File items scanned : 134136
File threats detected : 0
---------------------------

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:19 AM

Posted 02 September 2011 - 07:33 PM

Download and run exeHelper.

  • Please download exeHelper from Raktor to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named log.txt will be created in the directory where you ran exeHelper.com
  • Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Let me know if the original error is gone.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 bhasky

bhasky
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 05 September 2011 - 01:27 AM

Apologies for the delay in my response :-
here is the log file produced...
-------------------------
exeHelper by Raktor
Build 20100414
Run at 23:25:00 on 09/04/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
----------------------------

The error pop-up and the search redirect still seem to be happening
---------------

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:19 AM

Posted 05 September 2011 - 11:12 AM

Which browser is affected?

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 bhasky

bhasky
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 06 September 2011 - 05:40 PM

The search redirect is happening from Firefox.
The link for the autorun is here
http://www.filedropper.com/autoruns_7

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:19 AM

Posted 06 September 2011 - 07:09 PM

Can you check if IE is also affected?

Does the problem, you posted an image of in your initial post still happen after running exehelper?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 bhasky

bhasky
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 September 2011 - 12:43 AM

IE does not seem to be affected ( for the search redirect issue)
The last fix did fix the search redirect for Firefox as well .thank you
Here is the log...
--------
GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:36 on 06/09/2011 (bchatter)
Firefox version 6.0.2 (en-US)

========== GooredScan ==========

Deleting "C:\Users\IBM_ADMIN\Application Data\Mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{f110c108-888d-4e90-9c65-7e388a58ac2f}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [02:12 12/11/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:06 17/08/2011]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [15:34 09/08/2011]

C:\Users\IBM_ADMIN\Application Data\Mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-
---------------------------

However the image I posted from my first post still happens on all executables including exehelper..

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:19 AM

Posted 07 September 2011 - 06:47 PM

Good news :)

Now let's try to fix that error...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    fxsxp3232.dll
    :regfind
    fxsxp3232*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

====================================================

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 bhasky

bhasky
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 September 2011 - 07:11 PM

System Look output.
===========================================================================================================================================

SystemLook 30.07.11 by jpshortstuff
Log created at 17:09 on 07/09/2011 by bchatter
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "fxsxp3232.dll"
C:\ProgramData\FXSXP3232.dll --a---- 155136 bytes [16:44 19/08/2011] [16:44 19/08/2011] 95078B3A120FB0488447F4BF9794D24E
C:\Users\All Users\FXSXP3232.dll --a---- 155136 bytes [16:44 19/08/2011] [16:44 19/08/2011] 95078B3A120FB0488447F4BF9794D24E

========== regfind ==========

Searching for "fxsxp3232*"
No data found.

-= EOF =-

#14 bhasky

bhasky
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 September 2011 - 07:14 PM

Autoruns output :
http://www.filedropper.com/autoruns_8

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:19 AM

Posted 07 September 2011 - 08:20 PM

Re-run Autoruns.

Scroll down to "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" section (very bottom).

Uncheck:

+ "C:\ProgramData\FXSXP3232.dll"

Restart computer.

Open Windows Explorer, navigate to C:\ProgramData folder and delete FXSXP3232.dll file.

Restart one more time and let me know how the issues are.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users