Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Fix / Google Redirect - nightmare


  • Please log in to reply
2 replies to this topic

#1 virtecllc

virtecllc

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 07 December 2011 - 12:30 AM

Hi Everyone,

Thank you in advance for any help.

I am helping a lady in my office whose computer has become infected with this PITA malware. I am very computer savvy and this thing has beat me up. I did run unhide.exe successfully and retrieved all hidden files.

I have started in safe mode and ran rkill. I have then run an updated version of malwarebytes which finds 3 items, reboot to uninstall. I have also run kaspersky virus scanner/tool which found 19 items. I have then tried countless times to run tdsskiller to remove the rootkit; it downloads/installs but will not run. I have tried renaming it, right click run as administrator, boot from desktop, boot from flash drive, tried running in safe mode and normal mode to no avail.

It seems after each reboot the infection reinstalls itself because malwarebytes will find the same 3 infected files. I thought I had finally nabbed it but while doing the kaspersky virus scan tool in safe mode it popped right back up.

I've also tried running combofix as well but I get a blue screen of death 2/3 the way through.

I do have a hijt log but it states not to post on here so i'll wait until it is asked for.

Any and all help is greatly appreciated!

Computer is running windows vista sp2

BC AdBot (Login to Remove)

 


#2 virtecllc

virtecllc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 07 December 2011 - 02:08 AM

I tried to run a more recent hijackthis log, but it is now saying certain host files are blocked and cannot be accessed; leading me to believe the host files are infected. I went and installed the microsoft fix tool but it will not run in regular mode (just like tdsskiller), and cannot run in safe mode. I went ahead and did the manual fix shown here (http://support.microsoft.com/kb/972034).

Trying to be proactive:


GMER Report:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-07 01:47:53
Windows 6.0.6002 Service Pack 2
Running: 0ggrbfoo.exe; Driver: C:\Users\linda\AppData\Local\Temp\ufdirpob.sys


---- Files - GMER 1.0.15 ----

File C:\Users\linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOEJEEVJ\up[1] 0 bytes

---- EOF - GMER 1.0.15 ----




Minitoolbox Report:
MiniToolBox by Farbar
Ran by linda (administrator) on 07-12-2011 at 01:48:43
Windows Vista ™ Business Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = home (Media disconnected)
Dell Wireless 1390 WLAN Mini-Card = linda (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : linda2-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter linda:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1C-26-74-EC-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-1C-23-0F-B8-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 33:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 34:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 35:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 38:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 39:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #11
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 41:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 45:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 46:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 47:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.IAD1768MIA.mia0.cbeyond.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 48:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 49:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AC5202A0-4E4E-422D-882E-CDFBCAA60605}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 50:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AC5202A0-4E4E-422D-882E-CDFBCAA60605}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 51:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.IAD1768MIA.mia0.cbeyond.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 53:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 54:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 55:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AC5202A0-4E4E-422D-882E-CDFBCAA60605}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 56:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.fl.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 57:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 58:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.fl.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1c 26 74 ec c9 ...... Dell Wireless 1390 WLAN Mini-Card
8 ...00 1c 23 0f b8 f5 ...... Broadcom NetXtreme 57xx Gigabit Controller
1 ........................... Software Loopback Interface 1
45 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
23 ...00 00 00 00 00 00 00 e0 isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
30 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
29 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
25 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
26 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
27 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
36 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
39 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
41 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
44 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
43 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #11
49 ...00 00 00 00 00 00 00 e0 isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
51 ...00 00 00 00 00 00 00 e0 isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
52 ...00 00 00 00 00 00 00 e0 isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
55 ...00 00 00 00 00 00 00 e0 isatap.IAD1768MIA.mia0.cbeyond.net
56 ...00 00 00 00 00 00 00 e0 isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
53 ...00 00 00 00 00 00 00 e0 isatap.{AC5202A0-4E4E-422D-882E-CDFBCAA60605}
54 ...00 00 00 00 00 00 00 e0 isatap.{AC5202A0-4E4E-422D-882E-CDFBCAA60605}
58 ...00 00 00 00 00 00 00 e0 isatap.IAD1768MIA.mia0.cbeyond.net
57 ...00 00 00 00 00 00 00 e0 isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
60 ...00 00 00 00 00 00 00 e0 isatap.{B31CA01B-8C4E-414C-BADC-C7D414DD7BB1}
62 ...00 00 00 00 00 00 00 e0 isatap.{AC5202A0-4E4E-422D-882E-CDFBCAA60605}
64 ...00 00 00 00 00 00 00 e0 isatap.hsd1.fl.comcast.net.
61 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
63 ...00 00 00 00 00 00 00 e0 isatap.hsd1.fl.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/07/2011 01:10:37 AM) (Source: PerfNet) (User: )
Description:

Error: (12/07/2011 01:10:34 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (12/07/2011 01:10:33 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (12/07/2011 01:04:28 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/07/2011 00:58:35 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module WS2_32.dll_unloaded, version 0.0.0.0, time stamp 0x4791a798, exception code 0xc0000005, fault offset 0x764aa639,
process id 0xca8, application start time 0xExplorer.EXE0.

Error: (12/07/2011 00:55:30 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module WS2_32.dll_unloaded, version 0.0.0.0, time stamp 0x4791a798, exception code 0xc0000005, fault offset 0x75e5a639,
process id 0xc28, application start time 0xExplorer.EXE0.

Error: (12/07/2011 00:53:27 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module WS2_32.dll_unloaded, version 0.0.0.0, time stamp 0x4791a798, exception code 0xc0000005, fault offset 0x75f2a639,
process id 0xbe8, application start time 0xExplorer.EXE0.

Error: (12/07/2011 00:48:06 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (12/07/2011 00:39:43 AM) (Source: Application Error) (User: )
Description: Faulting application Safari.exe, version 5.31.22.7, time stamp 0x4b8f94fa, faulting module WS2_32.dll, version 6.0.6001.18000, time stamp 0x4791a798, exception code 0xc0000005, fault offset 0x0000a639,
process id 0xbf8, application start time 0xSafari.exe0.

Error: (12/07/2011 00:28:28 AM) (Source: Application Error) (User: )
Description: Faulting application bcmwltry.exe, version 4.102.15.61, time stamp 0x45f8a9d0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0125722f,
process id 0x724, application start time 0xbcmwltry.exe0.


System errors:
=============
Error: (12/07/2011 01:22:40 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (12/07/2011 01:05:25 AM) (Source: Service Control Manager) (User: )
Description: meillgm
MpFilter
spldr
Wanarpv6

Error: (12/07/2011 01:05:25 AM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (12/07/2011 01:05:25 AM) (Source: Service Control Manager) (User: )
Description: Smart Card

Error: (12/07/2011 01:04:40 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/07/2011 01:04:28 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/07/2011 01:04:16 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/07/2011 01:04:15 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/07/2011 01:02:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:59:26 AM on 12/7/2011 was unexpected.

Error: (12/07/2011 01:01:40 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================


Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 10 Plugin (Version: 10.0.42.34)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
AOL Mail and AIM Gadget (Version: 1.0.0)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 1.2.1)
Apple Mobile Device Support (Version: 3.0.0.102)
Apple Software Update (Version: 2.1.1.116)
biolsp patch (Version: 01.00.01.0010)
Bonjour (Version: 2.0.0.34)
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Management Programs (Version: 10.15.01)
Brother MFL-Pro Suite (Version: 1.00)
Business Attorney
Conexant HDA D330 MDC V.92 Modem
Crystal Reports 2008 Runtime (Version: 12.0.0.683)
Dell Embassy Trust Suite by Wave Systems (Version: 02.00.52.000)
Dell Mobile Broadband Card Utility (Version: 2.06.02.060)
Dell System Customization Wizard (Version: 1.00.0000)
Dell Touchpad (Version: Version 7.1.101.6)
Dell Wireless WLAN Card (Version: 4.102.15.61)
Digital Line Detect (Version: 1.21)
Document Manager Lite (Version: 06.05.00.017)
Download Updater (AOL LLC)
eFax Messenger 4.3 (Version: 4.3)
EMBASSY Security Center (Version: 03.05.00.018)
EMBASSY Security Setup (Version: 03.05.00.017)
EMBASSY Trust Suite by Wave Systems (Version: 2.00.52.000)
ESC Home Page Plugin (Version: 03.00.00.014)
ETS Upgrade (Version: 02.00.00.012)
Fingerprint Sensor Minimum Install (Version: 7.6.1.18)
FTP Utility (Version: 1.00.0000)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
Hardware Helper (Version: 10.0)
Home Attorney
Intel® Matrix Storage Manager
iTunes (Version: 9.1.0.79)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
KyoceraMita Scanner File Utility
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft IntelliPoint 6.1 (Version: 6.10.156.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.0.0.101)
Modem Diagnostic Tool (Version: 1.0.20.0)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.44)
NTRU TCG Software Stack (Version: 2.1.12)
O2Micro USB Smart Card Reader (Version: 1.00.0000)
Odyssey Client (Version: )
PANTECH PC USB Modem Software (Version: 3.0.4.0823)
Peachtree Accounting 2009 (Version: 16.00.00)
Peachtree Complete Accounting 2009 (Version: 16.00.00)
PeachTree Signature Ready Forms (Version: 6.3.0)
Pervasive PSQL v10 Workgroup (32-bit) (Version: 10.0.204.000)
PowerDVD (Version: 7.0)
Preboot Manager (Version: 2.0.0.102)
Private Information Manager (Version: 06.00.00.009)
QuickSet (Version: 8.0.13)
QuickTime (Version: 7.66.71.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
RTC Client API v1.2 (Version: 1.2.0000)
Safari (Version: 5.31.22.7)
Sage Software Integration Services (Version: 2.2.2240)
Secure Update (Version: 05.03.00.011)
Security Wizards (Version: 01.03.00.021)
SigmaTel Audio (Version: 5.10.5102.0)
Sonic Activation Module (Version: 1.0)
upekmsi (Version: 02.00.03.0000)
User's Guides
Viewpoint Media Player
VZAccess Manager
Wave Infrastructure Installer (Version: 04.00.09.0007)
Wave Support Software (Version: 05.06.00.004)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Wireless-G Notebook Adapter
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1013.38 MB
Available physical RAM: 430.55 MB
Total Pagefile: 2291.08 MB
Available Pagefile: 1748.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.54 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:72.47 GB) (Free:32.24 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:2 GB) (Free:1.38 GB) NTFS
3 Drive e: (DVD_VIDEO_RECORDER) (CDROM) (Total:0.84 GB) (Free:0 GB) UDF
4 Drive f: (Lexar) (Removable) (Total:14.92 GB) (Free:10.27 GB) FAT32

========================= Users: ========================================

User accounts for \\LINDA2-PC

Administrator Cathy Guest
linda


**** End of log ****




Security Check Report:
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player ( 10.0.42.34) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#3 virtecllc

virtecllc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 07 December 2011 - 02:48 AM

Wanted to updated once again and say that system fix seems to be gone, but still having the browser redirect issues only when doing a search, not when directly typing in a url




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users