Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore Virus, Windows 7, no internet sound, redirecting google and changed mouse settings


  • Please log in to reply
10 replies to this topic

#1 jennifern2213

jennifern2213

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 06 November 2011 - 07:36 PM

November 4th at about 7am I went to a website that I recently signed up on called Triond. I clicked to view one of my articles they published on another site. As soon as the page loaded it said "adobe flash needs to update" and it looked just like it always does so I clicked ok.

I then got the System Restore virus, it hid all of my files and was also playing audio ads in the background of my computer even after closing IE.

What I have done already:

Malwarebytes: finds nothing
StopZilla: Finds over 100 errors but I can't afford to pay for it
Advanced system care: finds nothing
SuperAntiSpyware: finds only tracking cookies and deletes them
Spybot search and destroy: finds nothing
Rkill: will only run in safe mode but then all of the above will not find anything to kill (I've changed the name, changed the location to save it, etc it will download and then when I click open or run as administrator it disappears and says the file location does not exist)

I did "unhide" all my files and folders and programs.

I did find a walkthrough that told me what registry items to delete and I deleted them.

I have also went through the stop zilla errors and deleted some of the registry things they say were viruses (probably not a very good idea, but I am desperate)

I have tried to do a real system restore in both regular and safe mode. I have also tried the advanced recovery, but my laptop doesn't have a disk drive so I can't reinstall windows.

Right now what I am dealing with is google redirecting (i search for things and it goes to an advertisement page) also it seems as though whenever I find a page that will help me get rid of the virus, internet explorer stops working and then has to restart, netflix will not load a video (on firefox it says silverlight is out of date), no sound on the internet at all, and my dell touchpad will not do the scrolling two finger feature and when I go to change the settings it asks me to uninstall my touchpad but I Don't have another mouse to use to get it reinstalled.


I am a freelance writer so I have to have access to my computer, I don't want to send my clients a virus so I need to get it taken care of as quickly as possible

Thanks for any help you can give me and I will be online all night to try and get this resolved.

Jennifer

BC AdBot (Login to Remove)

 


#2 jennifern2213

jennifern2213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 06 November 2011 - 07:58 PM

Here are some pics of what I described above:

http://tinypic.com/r/9pnl8i/5

http://tinypic.com/r/sgiahd/5

http://tinypic.com/r/3486nph/5

http://tinypic.com/r/106hq3c/5

#3 jennifern2213

jennifern2213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 06 November 2011 - 08:07 PM

Here is a pic of what StopZilla found and wants me to pay to remove:

http://tinypic.com/r/351ti5c/5

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 PM

Posted 06 November 2011 - 10:08 PM

Hello and welcome.. Do Not run a registry or temp file cleaner. Let me know how it's running after these..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jennifern2213

jennifern2213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 06 November 2011 - 10:27 PM

Thanks for your response. Here are the results for the MiniToolBox thing:

MiniToolBox by Farbar
Ran by Jen (administrator) on 06-11-2011 at 19:25:13
Windows 7 Home Premium Service Pack 1 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-24-D6-AF-60-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 90-00-4E-DC-10-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-EC-22-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c5b7:57c:78cc:9567%11(Preferred)
IPv4 Address. . . . . . . . . . . : 24.17.68.73(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Sunday, November 06, 2011 3:47:14 PM
Lease Expires . . . . . . . . . . : Wednesday, November 09, 2011 7:57:46 AM
Default Gateway . . . . . . . . . : 24.17.68.1
DHCP Server . . . . . . . . . . . : 68.87.69.10
DHCPv6 IAID . . . . . . . . . . . : 280538223
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-4B-52-1F-B8-AC-6F-EC-22-60
DNS Servers . . . . . . . . . . . : 68.87.69.150
68.87.85.102
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-24-D6-AF-60-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.wa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.beaverton.or.bverton.comcast.net
Address: 68.87.69.150

Name: google.com
Addresses: 173.194.33.52
173.194.33.49
173.194.33.51
173.194.33.50
173.194.33.48


Pinging google.com [173.194.33.50] with 32 bytes of data:
Reply from 173.194.33.50: bytes=32 time=9ms TTL=56
Reply from 173.194.33.50: bytes=32 time=10ms TTL=56

Ping statistics for 173.194.33.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 10ms, Average = 9ms
Server: cns.beaverton.or.bverton.comcast.net
Address: 68.87.69.150

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=118ms TTL=49
Reply from 98.139.180.149: bytes=32 time=109ms TTL=48

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 109ms, Maximum = 118ms, Average = 113ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time=1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
===========================================================================
Interface List
18...00 24 d6 af 60 b1 ......Microsoft Virtual WiFi Miniport Adapter
14...90 00 4e dc 10 f9 ......Bluetooth Device (Personal Area Network)
11...b8 ac 6f ec 22 60 ......Realtek PCIe GBE Family Controller
10...00 24 d6 af 60 b0 ......Intel® WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.17.68.1 24.17.68.73 20
24.17.68.0 255.255.252.0 On-link 24.17.68.73 276
24.17.68.73 255.255.255.255 On-link 24.17.68.73 276
24.17.71.255 255.255.255.255 On-link 24.17.68.73 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 24.17.68.73 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 24.17.68.73 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::c5b7:57c:78cc:9567/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/06/2011 05:09:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e9cc9443-2b74-4f54-98b6-067e4df2460d}

Error: (11/06/2011 04:50:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: agcore.dll, version: 4.0.60831.0, time stamp: 0x4e5d716c
Exception code: 0xc0000005
Fault offset: 0x0051054a
Faulting process id: 0x17b8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/06/2011 04:10:37 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (StopZILLA! Restore Point.). Additional information: 0x80071a90.

Error: (11/06/2011 02:32:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00498a27
Faulting process id: 0x64c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/06/2011 01:52:21 PM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (StopZILLA! Restore Point.).

Error: (11/06/2011 01:26:56 PM) (Source: System Restore) (User: )
Description: Failed to initiate System Restore (Removed Microsoft SQL Server 2008 Setup Support Files ).

Error: (11/06/2011 01:15:56 PM) (Source: System Restore) (User: )
Description: Failed to initiate System Restore (Removed Microsoft SQL Server 2008 Setup Support Files ).

Error: (11/06/2011 01:14:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.
.

Error: (11/06/2011 01:14:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (11/06/2011 01:14:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (11/06/2011 04:11:02 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%997

Error: (11/06/2011 04:11:02 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%997

Error: (11/06/2011 04:11:02 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%997

Error: (11/06/2011 04:11:02 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%997

Error: (11/06/2011 04:11:02 PM) (Source: PNRPSvc) (User: )
Description: 0x800703e5

Error: (11/06/2011 04:11:02 PM) (Source: PNRPSvc) (User: )
Description: 0x800703e5

Error: (11/06/2011 04:10:52 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%997

Error: (11/06/2011 04:10:52 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%997

Error: (11/06/2011 04:10:52 PM) (Source: PNRPSvc) (User: )
Description: 0x800703e5

Error: (11/06/2011 03:49:37 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (11/06/2011 05:09:34 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e9cc9443-2b74-4f54-98b6-067e4df2460d}

Error: (11/06/2011 04:50:53 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dagcore.dll4.0.60831.04e5d716cc00000050051054a17b801cc9ce2a9cb357eC:\Program Files\Internet Explorer\iexplore.exec:\Program Files\Microsoft Silverlight\4.0.60831.0\agcore.dll8aaf94b4-08da-11e1-922d-b8ac6fec2260

Error: (11/06/2011 04:10:37 PM) (Source: System Restore)(User: )
Description: StopZILLA! Restore Point.0x80071a90

Error: (11/06/2011 02:32:30 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c000040900498a2764c01cc9cd38a8c1255C:\Program Files\Internet Explorer\iexplore.exeunknown35c45f21-08c7-11e1-b41a-b8ac6fec2260

Error: (11/06/2011 01:52:21 PM) (Source: System Restore)(User: )
Description: StopZILLA! Restore Point.

Error: (11/06/2011 01:26:56 PM) (Source: System Restore)(User: )
Description: Removed Microsoft SQL Server 2008 Setup Support Files 0x80070005

Error: (11/06/2011 01:15:56 PM) (Source: System Restore)(User: )
Description: Removed Microsoft SQL Server 2008 Setup Support Files 0x80070005

Error: (11/06/2011 01:14:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.

Error: (11/06/2011 01:14:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.

Error: (11/06/2011 01:14:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.


=========================== Installed Programs ============================

Accelerometer (Version: 1.06.08.17)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advanced Audio FX Engine (Version: 1.12.05)
Advanced SystemCare 4 (Version: 4.2.0)
Automated Feedback Tool 5.0 (Version: 5.0.381)
AVG 2012 (Version: 12.0.1869)
AVG 2012 (Version: 12.0.2085)
AVG 2012 (Version: 2012.0.1869)
CCleaner (Version: 3.12)
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Comcast Universal Caller ID (Version: 2.1.7)
Comcast Universal Caller ID (Version: ComcastCallerID-2.1.7)
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
Dell Backup and Recovery Manager (Version: 1.3)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 14.0.19.0)
Dell Webcam Central (Version: 2.00.35)
Free Registry Fix 5.6 (Version: 5.6)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.79)
Graboid Video 2.06 (Version: 2.06)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Intel® TV Wizard
IObit Malware Fighter (Version: 1.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
LEGO Universe
Lexmark X1100 Series
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PokerStars.net
Realtek High Definition Audio Driver (Version: 6.0.1.6482)
Skype™ 5.5 (Version: 5.5.113)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
STOPzilla (Version: 5.0.96.39)
SUPERAntiSpyware (Version: 5.0.1134)
swMSM (Version: 12.0.0.1)
Trend Micro Client/Server Security Agent (Version: 3.0.3152)
Trojan Killer 2.1
TypingMaster Pro (Version: 7.10)
VLC media player 1.0.1 (Version: 1.0.1)
WIDCOMM Bluetooth Software (Version: 6.2.1.100)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 15.5 (Version: 15.5.9579)
Wise PC Doctor version 3.8.8 (Version: 3.8.8)

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 3004.86 MB
Available physical RAM: 1202.04 MB
Total Pagefile: 6008 MB
Available Pagefile: 4001.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.15 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:286.9 GB) (Free:212.67 GB) NTFS

========================= Users: ========================================

User accounts for \\JEN-PC

Administrator Guest Jen

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



Starting on the next steps now and will report back :)

#6 jennifern2213

jennifern2213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 06 November 2011 - 10:55 PM

Could not get the TDSSkill thing to run, I did try that earlier today too (saw it on here and thought I'd give it a try) I tried changning the name, changing it to .com rather than .exe nothing worked.

Here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8083

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/6/2011 7:53:08 PM
mbam-log-2011-11-06 (19-53-08).txt

Scan type: Quick scan
Objects scanned: 172810
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 jennifern2213

jennifern2213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 07 November 2011 - 10:16 AM

I guess I probably wasn't clear on this. Even though Malwarebytes didn't find anything, the virus is still there:

redirecting google
not allowing me to play netflix videos
no internet sound
and mouse options not able to be changed
it is now also opening internet explorer to specific pages, once it was a twitter login, once an amazon log in page and once another website I don't know. All pages I haven't been to in a long time or never.

Edited by jennifern2213, 07 November 2011 - 10:21 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 PM

Posted 07 November 2011 - 12:35 PM

Hello, try to run TDSSKiller from Command Prompt

Use the following command to scan the PC with a detailed log written into the file report.txt (created in the TDSSKiller.exe utility folder):
Open Command Prompt in XP = click Start >> Run,type cmd
copy and paste this at the flashing cursor and hit Enter

TDSSKiller.exe -l report.txt

OR
Please, try to use attached version of TDSSKiller

tdsskiller.zip
?>?>?>?>?>??>?>?
TDSS ALT

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jennifern2213

jennifern2213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 07 November 2011 - 02:23 PM

It says:

***Infected MBR detected

Then gives me the option to repair or close...I am selecting repair right now

#10 jennifern2213

jennifern2213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 07 November 2011 - 02:29 PM

It says repair succeeded.

No more google redirect!! Thanks :)

Sound is now playing on netflix and the video is playing (not closing or restarting or freezing!!)

Only thing I see is that my mouse still won't let me make the changes...

http://tinypic.com/r/sgiahd/5

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:53 PM

Posted 07 November 2011 - 02:41 PM

Ok, Did you install other Synaptics mouse equipment? If so you need to click the Yes button.
IF NOT run SFC>>> System File Checker

Also if ever you see a pop to updtae ADbe Flash,,Only do it from here.
http://www.adobe.com/support/flashplayer/downloads.html#fp11

You do need to update to Adobe Reader X and to Java 7.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

Edited by boopme, 07 November 2011 - 02:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users