Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and random image download files


  • Please log in to reply
11 replies to this topic

#1 je5293

je5293

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 24 October 2011 - 05:20 PM

hey...ive got the same problem but ive tried using antivirus software in safe mode to get rid if the problem (Avira, Malwarebytes, Prevx,Rkill) but it just shuts the computer down mid scan. Also, if I download antivirus software in safe mode it shuts off. If I run any of these in normal mode there is no detection...ill go back and post the logs and stuff like cubbie17 to catchup...if you could help me out with this i would really appreciate it

cheers

jj

BC AdBot (Login to Remove)

 


#2 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 24 October 2011 - 05:25 PM

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 23
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader 9.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
IObit IObit Malware Fighter IMFsrv.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

#3 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 24 October 2011 - 05:30 PM

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JJ-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 4322AG 802.11a/b/g/draft-n Wi-Fi Adapter
Physical Address. . . . . . . . . : 00-21-00-70-D7-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f9da:de7f:7dba:1a17%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, October 24, 2011 4:59:40 PM
Lease Expires . . . . . . . . . . : Tuesday, October 25, 2011 10:42:03 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889472
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-DE-86-AF-00-21-00-70-D7-BD
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : new.rr.com
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1E-EC-FC-DA-EA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.new.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1E973751-4135-4E67-9B61-F26DC5C26388}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10b8:3865:52a6:6394(Preferred)
Link-local IPv6 Address . . . . . : fe80::10b8:3865:52a6:6394%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.84
74.125.225.80
74.125.225.81
74.125.225.82
74.125.225.83



Pinging google.com [74.125.225.49] with 32 bytes of data:

Reply from 74.125.225.49: bytes=32 time=18ms TTL=51

Reply from 74.125.225.49: bytes=32 time=22ms TTL=51



Ping statistics for 74.125.225.49:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 22ms, Average = 20ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=43ms TTL=49

Reply from 209.191.122.70: bytes=32 time=40ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 43ms, Average = 41ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 00 70 d7 bd ...... Broadcom 4322AG 802.11a/b/g/draft-n Wi-Fi Adapter
10 ...00 1e ec fc da ea ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.new.rr.com
13 ...00 00 00 00 00 00 00 e0 isatap.{1E973751-4135-4E67-9B61-F26DC5C26388}
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:4137:9e76:10b8:3865:52a6:6394/128
On-link
11 281 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::10b8:3865:52a6:6394/128
On-link
11 281 fe80::f9da:de7f:7dba:1a17/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/24/2011 05:23:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/24/2011 05:22:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/24/2011 05:22:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/24/2011 05:00:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2011 04:50:52 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98, faulting module iexplore.exe, version 0.0.0.0, time stamp 0x4d334d98, exception code 0x40000015, fault offset 0x0008cb40,
process id 0x564, application start time 0xiexplore.exe0.

Error: (10/24/2011 04:47:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2011 04:46:57 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/24/2011 04:40:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/24/2011 04:39:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/24/2011 04:39:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (10/24/2011 05:03:37 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FB103C&REV_00\4&2a995034&0&0428) disappeared from the system without first being prepared for removal.

Error: (10/24/2011 05:03:37 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FB103C&REV_00\4&2a995034&0&0328) disappeared from the system without first being prepared for removal.

Error: (10/24/2011 05:03:37 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FB103C&REV_00\4&2a995034&0&0228) disappeared from the system without first being prepared for removal.

Error: (10/24/2011 05:03:37 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FB103C&REV_00\4&2a995034&0&0028) disappeared from the system without first being prepared for removal.

Error: (10/24/2011 05:00:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (10/24/2011 04:58:58 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/24/2011 04:59:26 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:57:19 PM on 10/24/2011 was unexpected.

Error: (10/24/2011 04:58:35 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/24/2011 04:47:45 PM) (Source: Service Control Manager) (User: )
Description: Avgldx64
Avgmfx64
avipbb
avkmgr
MpFilter
pxrts
spldr
Wanarpv6

Error: (10/24/2011 04:47:45 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.0.2.13)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 9.1.2 (Version: 9.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
Advanced SystemCare 4 (Version: 4.1.0)
Agere Systems HDA Modem
AMD USB Audio Driver Filter (Version: 1.0.7.0031)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
ATI Catalyst Install Manager (Version: 3.0.691.0)
AutoUpdate (Version: 1.1)
AVG 2012 (Version: 12.0.1831)
AVG 2012 (Version: 12.0.2092)
AVG 2012 (Version: 2012.0.1831)
Avira Free Antivirus (Version: 12.0.0.855)
BitTorrent
Bonjour (Version: 3.0.0.2)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.10.38.14)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0917.337.4556)
Catalyst Control Center Graphics Full Existing (Version: 2008.0917.337.4556)
Catalyst Control Center Graphics Full New (Version: 2008.0917.337.4556)
Catalyst Control Center Graphics Light (Version: 2008.0917.337.4556)
Catalyst Control Center Graphics Previews Common (Version: 2008.0917.337.4556)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0917.337.4556)
Catalyst Control Center InstallProxy (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Czech (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Danish (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Dutch (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Finnish (Version: 2008.0917.337.4556)
Catalyst Control Center Localization French (Version: 2008.0917.337.4556)
Catalyst Control Center Localization German (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Greek (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Hungarian (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Italian (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Japanese (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Korean (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Norwegian (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Polish (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Portuguese (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Russian (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Spanish (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Swedish (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Thai (Version: 2008.0917.337.4556)
Catalyst Control Center Localization Turkish (Version: 2008.0917.337.4556)
ccc-core-static (Version: 2008.0917.337.4556)
ccc-utility64 (Version: 2008.0917.337.4556)
CCC Help Chinese Standard (Version: 2008.0917.0336.4556)
CCC Help Chinese Traditional (Version: 2008.0917.0336.4556)
CCC Help Czech (Version: 2008.0917.0336.4556)
CCC Help Danish (Version: 2008.0917.0336.4556)
CCC Help Dutch (Version: 2008.0917.0336.4556)
CCC Help English (Version: 2008.0917.0336.4556)
CCC Help Finnish (Version: 2008.0917.0336.4556)
CCC Help French (Version: 2008.0917.0336.4556)
CCC Help German (Version: 2008.0917.0336.4556)
CCC Help Greek (Version: 2008.0917.0336.4556)
CCC Help Hungarian (Version: 2008.0917.0336.4556)
CCC Help Italian (Version: 2008.0917.0336.4556)
CCC Help Japanese (Version: 2008.0917.0336.4556)
CCC Help Korean (Version: 2008.0917.0336.4556)
CCC Help Norwegian (Version: 2008.0917.0336.4556)
CCC Help Polish (Version: 2008.0917.0336.4556)
CCC Help Portuguese (Version: 2008.0917.0336.4556)
CCC Help Russian (Version: 2008.0917.0336.4556)
CCC Help Spanish (Version: 2008.0917.0336.4556)
CCC Help Swedish (Version: 2008.0917.0336.4556)
CCC Help Thai (Version: 2008.0917.0336.4556)
CCC Help Turkish (Version: 2008.0917.0336.4556)
CCleaner (Version: 3.09)
ComicRack v0.9.134 (Version: v0.9.134)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CyberLink DVD Suite (Version: 6.0.2126)
DAEMON Tools Lite (Version: 4.40.1.0127)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
ESU for Microsoft Vista (Version: 1.0.0)
Far Cry (Version: 1.00.0000)
ffdshow (remove only)
Google Chrome (Version: 14.0.835.202)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.79)
H.264 Decoder (Version: 1.1.0)
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Doc Viewer (Version: 1.01.0005)
HP Help and Support (Version: 2.1.0.0)
HP MediaSmart DVD (Version: 2.0.2126)
HP MediaSmart Music/Photo/Video (Version: 2.0.2125)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP MediaSmart TV (Version: 2.2.1622)
HP MediaSmart Webcam (Version: 2.0.0926)
HP MULTIPLE MODEM INSTALLER for VISTA (Version: 1.0.0.30)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Update (Version: 4.000.010.008)
HP User Guides 0125 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPTCSSetup (Version: 1.1.1955.2793)
IDT Audio (Version: 1.0.6087.0)
iDump (Backing up your iPod)
iDumpPod2Backup (Version: 1.1.2.0)
iDumpPro (Version: 2.5.2)
IObit Malware Fighter (Version: 1.0)
IObit Toolbar v4.7 (Version: 4.7)
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ 6 Update 7 (Version: 1.6.0.70)
JMicron JMB38X Flash Media Controller (Version: 1.00.17.07)
Juno Preloader (Version: 1.0.0)
LabelPrint (Version: 2.5.0919)
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Live Search Toolbar (Version: 3.0.541.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MKV Splitter (Version: 1.0.1)
Mozilla Firefox (3.6.18) (Version: 3.6.18 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
muvee Reveal (Version: 7.0.35.6951)
My HP Games (Version: 1.0.0.62)
NetZero Preloader (Version: 1.0.0)
Power2Go (Version: 6.0.2119)
PowerDirector (Version: 7.0.2119)
Prevx (Version: 3.0.5.220)
ProtectSmart Hard Drive Protection (Version: 3.10.1.7)
QuickTime (Version: 7.69.80.9)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Return to Castle Wolfenstein - Platinum Edition
Rogue Spear
Senuti iPod Rip 5.3
Skins (Version: 2008.0917.337.4556)
Slingbox - Watch Your TV Anywhere (Version: 1.0.0)
Smart Defrag (Version: 1.5.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SPORE Creature Creator Trial Edition (Version: 1.00.0000)
Touch Pad Driver
TouchCopy 11 (Version: 11.04)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3836.89 MB
Available physical RAM: 1925.48 MB
Total Pagefile: 7906.3 MB
Available Pagefile: 5690.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 4010.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:219.97 GB) (Free:86.57 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.91 GB) (Free:2.02 GB) NTFS

========================= Users: ========================================

User accounts for \\JJ-PC

Administrator Guest JJ


**** End of log ****

#4 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 24 October 2011 - 05:38 PM

Database version: 8012

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/24/2011 5:37:23 PM
mbam-log-2011-10-24 (17-37-23).txt

Scan type: Quick scan
Objects scanned: 181729
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 24 October 2011 - 06:26 PM

GMER said there were no programs modifying

#6 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 24 October 2011 - 06:49 PM

tried aswMBR multiple times in safe and regular mode...computer just flashed a blue screen (too quick to read) and restarted

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 28 October 2011 - 08:55 AM

Hello, all the replies to yourself make it appear yoyu have help.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Let's do these next and see.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 29 October 2011 - 08:43 AM

The TDDSkiller didn't find anything...here is the log from the eset online one
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Default\onjbfdnkdhfonfodpnpngmbhjnjobljl\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\uqs4eh89.default\extensions\{5ac78892-962e-494a-ad77-1d6dc216a037}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\JJ\Downloads\cnet_copytoy_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\JJ\Downloads\cnet_gburner29_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\JJ\Downloads\cnet_iDumpPod2BackupDemo_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\JJ\Downloads\cnet_iDumpPro_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#9 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 29 October 2011 - 08:45 AM

And I was using mozilla at the time on a router, but the only computer on it.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 29 October 2011 - 08:31 PM

If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 je5293

je5293
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 01 November 2011 - 04:44 PM

hey sorry for the late reply...it stopped the redirecting...thanks a lot

but it still shuts down while doing any virus scanning in safe mode...at least with avira and malwarebytes

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 02 November 2011 - 03:42 PM

You should probably post a DDS log and be sure there is nothing hidden..

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users