Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mail.ru.toolbar and sputnikhelper.exe removal issues.


  • Please log in to reply
22 replies to this topic

#1 kevar97

kevar97

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 January 2012 - 12:00 PM

Hello all, it appears there was some inadvertent ad clicking going on and I now have a mail.ru.toolbar that has made itself at home in Firefox 9 on Win7. The only thing I have noticed that it does is go to mail.ru whenever you open a new tab. There was no removal option anywhere and out of the multiple different virus/malware removers I have tried none of them seem to flag the mail.ru as being bad. I manually searched out all registry entries and files/folders and deleted them and have gotten about 90% of it removed. The main issue now is that when you go to Get Add-ons in the add-ons manager it just sits spinning on loading which is probably the reason I never found an uninstall for it. Also when you go to about:config it has a good amount of entries listed still after deleting and resetting everything back to default. I have managed to get it where it no longer shows up on the toolbar list or loads on new tabs but I am still unable to do anything with addons. Has anybody ran into anything like this before?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:14 PM

Posted 26 January 2012 - 12:13 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:14 PM

Posted 26 January 2012 - 12:31 PM

Just ass an extra.. Look here and see if you can renove it Managing search engines as it appears to be a Russian search engine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 kevar97

kevar97
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 January 2012 - 12:36 PM

Working on scans currently but negative on the managing search engine, there was no listing other than the defaults.

#5 kevar97

kevar97
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 January 2012 - 01:27 PM

OK, here we go!

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Kaspersky Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtblfs.exe
``````````End of Log````````````


----------------------------------------------------------------------------------------
Farbar Service Scanner Version: 18-01-2012 01
Ran by Mommy (administrator) on 26-01-2012 at 12:00:33
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

-------------------------------------------------------------------------

MiniToolBox by Farbar Version: 18-01-2012
Ran by Mommy (administrator) on 26-01-2012 at 12:02:03
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15163 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)
PdaNet Broadband Adapter = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.105 metric=1 publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.106 metric=1 publish=Yes


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Heather
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PdaNet Broadband Adapter
Physical Address. . . . . . . . . : 00-26-37-BD-39-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 58-94-6B-F4-09-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:18c5:1573:0:74e9:84ff:cbb3:8248(Preferred)
Temporary IPv6 Address. . . . . . : 2002:18c5:1573:0:a51e:dabb:2de1:7c05(Preferred)
Link-local IPv6 Address . . . . . : fe80::74e9:84ff:cbb3:8248%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 26, 2012 9:30:57 AM
Lease Expires . . . . . . . . . . : Friday, January 27, 2012 10:37:37 AM
Default Gateway . . . . . . . . . : fe80::221:29ff:febf:1c3c%13
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 358126699
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-4C-E4-3D-1C-C1-DE-C1-4D-C0
DNS Servers . . . . . . . . . . . : 192.168.0.1
24.177.176.38
71.92.29.130
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : 1C-C1-DE-C1-4D-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{72FA2FEF-51A4-4447-B910-972F026C23E2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{539D87F2-2678-4473-8F09-2C08AC3D8B30}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3542FB15-3A76-45E5-9468-37D5765788A1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30ac:1365:3f57:ff92(Preferred)
Link-local IPv6 Address . . . . . : fe80::30ac:1365:3f57:ff92%14(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.159.105
74.125.159.99
74.125.159.104
74.125.159.147
74.125.159.103
74.125.159.106


Pinging google.com [74.125.159.105] with 32 bytes of data:
Reply from 74.125.159.105: bytes=32 time=42ms TTL=47
Reply from 74.125.159.105: bytes=32 time=43ms TTL=47

Ping statistics for 74.125.159.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 43ms, Average = 42ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=92ms TTL=46
Reply from 209.191.122.70: bytes=32 time=91ms TTL=46

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 91ms, Maximum = 92ms, Average = 91ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...00 26 37 bd 39 42 ......PdaNet Broadband Adapter
13...58 94 6b f4 09 a0 ......Intel® Centrino® Advanced-N 6200 AGN
12...1c c1 de c1 4d c0 ......Intel® 82577LM Gigabit Network Connection
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.0.109 306
169.254.255.255 255.255.255.255 On-link 192.168.0.109 281
192.168.0.0 255.255.255.0 On-link 192.168.0.109 281
192.168.0.109 255.255.255.255 On-link 192.168.0.109 281
192.168.0.255 255.255.255.255 On-link 192.168.0.109 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.109 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.109 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.105 1
169.254.0.0 255.255.0.0 192.168.1.106 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 4121 ::/0 fe80::221:29ff:febf:1c3c
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:30ac:1365:3f57:ff92/128
On-link
13 33 2002:18c5:1573::/64 On-link
13 281 2002:18c5:1573:0:74e9:84ff:cbb3:8248/128
On-link
13 281 2002:18c5:1573:0:a51e:dabb:2de1:7c05/128
On-link
13 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::30ac:1365:3f57:ff92/128
On-link
13 281 fe80::74e9:84ff:cbb3:8248/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/25/2012 10:32:06 PM) (Source: Application Hang) (User: )
Description: The program spotify.exe version 0.8.1.64 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ddc

Start Time: 01ccdbdb4bc1be4b

Termination Time: 16

Application Path: C:\Users\Mommy\AppData\Roaming\Spotify\spotify.exe

Report Id:

Error: (01/25/2012 02:01:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1529

Error: (01/25/2012 02:01:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1529

Error: (01/25/2012 02:01:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2012 11:04:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: APSDaemon.exe, version: 2.1.14.3, time stamp: 0x4eb0a8dc
Faulting module name: APSDaemon_main.dll, version: 2.1.14.3, time stamp: 0x4eb0a94b
Exception code: 0xc0000005
Fault offset: 0x0000d1ef
Faulting process id: 0x87c
Faulting application start time: 0xAPSDaemon.exe0
Faulting application path: APSDaemon.exe1
Faulting module path: APSDaemon.exe2
Report Id: APSDaemon.exe3

Error: (01/24/2012 05:08:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55599864

Error: (01/24/2012 05:08:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55599864

Error: (01/24/2012 05:08:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2012 05:08:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55598865

Error: (01/24/2012 05:08:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55598865


System errors:
=============
Error: (01/26/2012 09:32:44 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/26/2012 09:31:52 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/26/2012 09:31:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LeapFrog Connect Device Service service to connect.

Error: (01/26/2012 07:04:40 AM) (Source: DCOM) (User: LOCAL SERVICE)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (01/26/2012 07:03:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/26/2012 07:03:14 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/26/2012 07:02:39 AM) (Source: Service Control Manager) (User: )
Description: The HP DayStarter Service service failed to start due to the following error:
%%1053

Error: (01/26/2012 07:02:39 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP DayStarter Service service to connect.

Error: (01/26/2012 07:02:06 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.

Error: (01/26/2012 07:02:03 AM) (Source: Service Control Manager) (User: )
Description: The HP ProtectTools Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/25/2012 10:32:06 PM) (Source: Application Hang)(User: )
Description: spotify.exe0.8.1.64ddc01ccdbdb4bc1be4b16C:\Users\Mommy\AppData\Roaming\Spotify\spotify.exe

Error: (01/25/2012 02:01:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1529

Error: (01/25/2012 02:01:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1529

Error: (01/25/2012 02:01:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2012 11:04:42 PM) (Source: Application Error)(User: )
Description: APSDaemon.exe2.1.14.34eb0a8dcAPSDaemon_main.dll2.1.14.34eb0a94bc00000050000d1ef87c01ccdb1ed784e7a0C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll16b8795d-4712-11e1-b647-1cc1dec14dc0

Error: (01/24/2012 05:08:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55599864

Error: (01/24/2012 05:08:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55599864

Error: (01/24/2012 05:08:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2012 05:08:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55598865

Error: (01/24/2012 05:08:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55598865


=========================== Installed Programs ============================

ActivClient CAC x64 (Version: 6.2)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Broadcom 2070 Bluetooth 2.1 + EDR (Version: 6.2.1.1100)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Access Manager for HP ProtectTools (Version: 5.0.1.7)
Embedded Security for HP ProtectTools (Version: 5.7.001)
File Sanitizer For HP ProtectTools (Version: 5.0.1.4)
FirstClass (Version: 10.0.009)
FoxTab Media Player
Google Chrome (Version: 16.0.912.77)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HiJackThis (Version: 1.0.0)
HP 3D DriveGuard (Version: 4.1.10.1)
HP Business Card Reader (Version: 0.6.7.0)
HP Client Automation Agent Preload (Version: 7.5)
HP Connection Manager (Version: 4.1.22.1)
HP ESU for Microsoft Windows 7 (Version: 1.1.13.2)
HP Power Assistant (Version: 2.0.5.1)
HP Power Data (Version: 1.0.35.187)
HP Product Detection (Version: 11.14.0001)
HP ProtectTools Security Manager (Version: 5.12.754)
HP Quick Launch Buttons (Version: 6.50.18.1)
HP QuickLook (Version: 3.2.1.4)
HP QuickWeb (Version: 1.0.1.74)
HP SoftPaq Download Manager (Version: 3.4.0.0)
HP Software Framework (Version: 4.1.8.1)
HP System Default Settings (Version: 2.2.1)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.26.3)
HP Webcam Driver (Version: 5.8.50009.6)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (Version: 1.0.6300.0)
Intel® Network Connections Drivers (Version: 15.4)
Intel® Processor Graphics (Version: 8.15.10.2291)
iTunes (Version: 10.5.2.11)
Java Card Security for HP ProtectTools (Version: 5.0.4.1)
join.me (Version: 1.2.1.374)
Kaspersky Internet Security 2012 (Version: 12.0.0.374)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog My Pals Plugin (Version: 3.2.19.13664)
LSI HDA Modem (Version: 2.2.97)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper 2.0.51 Driver 5.1.0 (Version: 2.0.51)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
PdaNet for Android 3.25
PDF Complete Special Edition (Version: 4.0.38)
Privacy Manager for HP ProtectTools (Version: 5.11.814)
QLBCASL (Version: 6.40.17.2)
Respondus LockDown Browser (Version: 1.02.0001)
RICOH Media Driver (Version: 2.14.00.05)
SDK (Version: 2.26.012)
Spotify (Version: 0.8.1.64.g5c5914e3)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Theft Recovery (Version: 5.1.0.19)
Touch Driver (Version: 3.0.7.20)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Validity Fingerprint Driver (Version: 4.0.15.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Hewlett-Packard HP Mobile Data Protection Sensor (07/08/2009 4.0.2.1) (Version: 07/08/2009 4.0.2.1)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Driver Package - Wacom (wacomhidfilter) HIDClass (07/16/2009 3.0.1.3) (Version: 07/16/2009 3.0.1.3)
Windows Driver Package - Wacom (wacomvhid) HIDClass (05/19/2009 2.09.0002.3) (Version: 05/19/2009 2.09.0002.3)
Windows Driver Package - Wacom (WacomVTHid) HIDClass (07/07/2009 1.04.0003.0) (Version: 07/07/2009 1.04.0003.0)
Windows Driver Package - Wacom (wisdpen) HIDClass (08/24/2009 3.0.2.5) (Version: 08/24/2009 3.0.2.5)
Windows Driver Package - Wacom Technology (wacmoumonitor) Mouse (08/27/2009 2.01.0000.1) (Version: 08/27/2009 2.01.0000.1)
Windows Driver Package - Wacom Technology (wacommousefilter) Mouse (06/29/2009 1.02.0002.0) (Version: 06/29/2009 1.02.0002.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 7983.38 MB
Available physical RAM: 5484.39 MB
Total Pagefile: 8381.57 MB
Available Pagefile: 5435.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.44 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.94 GB) (Free:59.48 GB) NTFS
2 Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32

========================= Users: ========================================

User accounts for \\HEATHER

Administrator Guest Mommy
Rachel


**** End of log ****

-------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mommy :: HEATHER [administrator]

Protection: Enabled

1/26/2012 12:11:10 PM
mbam-log-2012-01-26 (12-11-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206299
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


--------------------------------------------------------------------------------

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 12:16:18
-----------------------------
12:16:18.550 OS Version: Windows x64 6.1.7601 Service Pack 1
12:16:18.566 Number of processors: 4 586 0x2505
12:16:18.566 ComputerName: HEATHER UserName: Mommy
12:16:41.161 Initialize success
12:18:50.506 AVAST engine defs: 12012601
12:21:17.209 The log file has been saved successfully to "C:\Users\Mommy\Desktop\logs\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:14 PM

Posted 26 January 2012 - 01:42 PM

Something is there....

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 kevar97

kevar97
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 January 2012 - 05:44 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-26 16:43:21
Windows 6.1.7601 Service Pack 1
Running: ecpdb30q.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a8237bd9a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a8237bd9a (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:14 PM

Posted 26 January 2012 - 05:48 PM

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 kevar97

kevar97
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 January 2012 - 06:23 PM

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:14 PM

Posted 26 January 2012 - 07:19 PM

Please re-run aswMBR one more time.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 kevar97

kevar97
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 January 2012 - 07:40 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 18:23:08
-----------------------------
18:23:08.837 OS Version: Windows x64 6.1.7601 Service Pack 1
18:23:08.837 Number of processors: 4 586 0x2505
18:23:08.837 ComputerName: HEATHER UserName: Mommy
18:23:09.461 Initialize success
18:23:12.362 AVAST engine defs: 12012601
18:23:22.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:23:22.206 Disk 0 Vendor: TOSHIBA_MK1633GSG QS001C Size: 152627MB BusType: 3
18:23:22.268 Disk 0 MBR read successfully
18:23:22.268 Disk 0 MBR scan
18:23:22.268 Disk 0 Windows 7 default MBR code
18:23:22.315 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:23:22.362 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150469 MB offset 206848
18:23:22.393 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 2048 MB offset 308367360
18:23:22.409 Service scanning
18:23:23.844 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:23:23.844 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:23:23.859 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:23:23.859 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:23:24.546 Modules scanning
18:23:24.546 Disk 0 trace - called modules:
18:23:24.577 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
18:23:24.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dad790]
18:23:24.608 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> [0xfffffa8007c2eb10]
18:23:24.608 5 hpdskflt.sys[fffff880023a9189] -> nt!IofCallDriver -> [0xfffffa8007ac6520]
18:23:24.624 7 ACPI.sys[fffff88000ec97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007ac2680]
18:23:25.404 AVAST engine scan C:\Windows
18:23:29.039 AVAST engine scan C:\Windows\system32
18:26:53.093 AVAST engine scan C:\Windows\system32\drivers
18:27:09.474 AVAST engine scan C:\Users\Mommy
18:33:52.755 AVAST engine scan C:\ProgramData
18:35:43.360 Scan finished successfully
18:38:20.301 Disk 0 MBR has been saved successfully to "C:\Users\Mommy\Desktop\logs\MBR.dat"
18:38:20.317 The log file has been saved successfully to "C:\Users\Mommy\Desktop\logs\aswMBR.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:14 PM

Posted 26 January 2012 - 08:02 PM

That looks fine.

Which browser is affected by the issue?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 kevar97

kevar97
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 26 January 2012 - 08:08 PM

Firefox 9.0.1 is the only place I have seen it.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:14 PM

Posted 26 January 2012 - 08:15 PM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:14 PM

Posted 26 January 2012 - 08:21 PM

If I may stick my nose in here once more.
Have you looked in Add ons to see if it's there.. the du=isabke or remove it? L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users