Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection


  • Please log in to reply
6 replies to this topic

#1 19vette67

19vette67

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 01 February 2012 - 08:17 PM

Hello;
I have used your site several times, with great results. I will start with a big thankyou. And now for my troubles, it seems like I have a similar issue. While using the internet, ( I have a cable connection, so it is always online) when I click a link it will it will redriect me to strange sties with only numbers for a web adress. I immediatly (before they have a chance to fully load) close that window and re-click the same link, and it will open normally. Also it will pop up windows on it's own, suprizingly, "very few", of the sites it opens on its own are porn. One site in particular, (www.continella.com) it seems to pop up frequiently, but when it opens it only shows a blank white screen with 1 line of txt " Ha ha your a bot. IP and such logged. Enjoy your ban. Have a nice day.".
A couple of other notable things it is doing are, it will not allow me to open my "ipconfig" screen, it opens for 1 second and closes itself. and I have traced it to ( C:\windows\svchost.exe ) when I scan (w/MBAM) that individual file, it catches 2 trojans .... Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dale :: DALE-PC [administrator]

1/31/2012 8:42:56 AM
mbam-log-2012-01-31 (08-42-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187404
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
(Yes I realize it only caught 1 that time.)

I then used the minitoolbox, and got these results...

MiniToolBox by Farbar Version: 18-01-2012
Ran by Dale (administrator) on 01-02-2012 at 16:14:58
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connecting)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dale-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.co.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-26-2D-49-A9-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c987:a1ae:b41f:7ba4%10(Deprecated)
Autoconfiguration IPv4 Address. . : 169.254.123.164(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.co.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 75.75.75.75

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 75.75.75.75

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 75.75.75.75

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 26 2d 49 a9 39 ......NVIDIA nForce 10/100/1000 Mbps Ethernet
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/31/2012 06:28:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x24c1a170
Faulting process id: 0xf70
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (01/30/2012 08:09:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/29/2012 01:44:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: IEFRAME.dll, version: 9.0.8112.16440, time stamp: 0x4eb319a7
Exception code: 0xc0000005
Fault offset: 0x000fc88b
Faulting process id: 0xd08
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/29/2012 00:48:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: IEFRAME.dll, version: 9.0.8112.16440, time stamp: 0x4eb319a7
Exception code: 0xc0000005
Fault offset: 0x000fc88b
Faulting process id: 0xb18
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/29/2012 09:51:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: IEFRAME.dll, version: 9.0.8112.16440, time stamp: 0x4eb319a7
Exception code: 0xc0000005
Fault offset: 0x000fc88b
Faulting process id: 0xf80
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/28/2012 11:37:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: IEFRAME.dll, version: 9.0.8112.16440, time stamp: 0x4eb319a7
Exception code: 0xc0000005
Fault offset: 0x000fc88b
Faulting process id: 0x13fc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/24/2012 07:51:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2012 00:31:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/18/2012 10:23:07 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4dc

Start Time: 01ccd62ffd324b74

Termination Time: 94

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (01/18/2012 00:39:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: Flash10w.ocx, version: 10.3.183.7, time stamp: 0x4e52e8e0
Exception code: 0xc0000005
Fault offset: 0x001a102b
Faulting process id: 0xa08
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (02/01/2012 03:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service failed to start due to the following error:
%%1053

Error: (02/01/2012 03:05:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Function Discovery Resource Publication service to connect.

Error: (02/01/2012 03:05:15 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:
%%1190

Error: (02/01/2012 03:05:15 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error:
%%1190

Error: (02/01/2012 03:05:15 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (02/01/2012 03:05:15 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (02/01/2012 03:05:15 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (02/01/2012 03:04:49 PM) (Source: Service Control Manager) (User: )
Description: The SSDP Discovery service terminated unexpectedly. It has done this 3 time(s).

Error: (02/01/2012 03:04:41 PM) (Source: Service Control Manager) (User: )
Description: The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (02/01/2012 03:04:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/31/2012 06:28:44 AM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000000524c1a170f7001ccdf917658c9a0C:\Windows\SysWOW64\rundll32.exeunknown7f2e53d4-4c0f-11e1-8529-00262d49a939

Error: (01/30/2012 08:09:59 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/29/2012 01:44:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dIEFRAME.dll9.0.8112.164404eb319a7c0000005000fc88bd0801ccdec663e4c45cC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dllf9c70534-4ab9-11e1-a26c-00262d49a939

Error: (01/29/2012 00:48:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dIEFRAME.dll9.0.8112.164404eb319a7c0000005000fc88bb1801ccdebee4a77ce0C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dll270d32a0-4ab2-11e1-8db3-00262d49a939

Error: (01/29/2012 09:51:58 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dIEFRAME.dll9.0.8112.164404eb319a7c0000005000fc88bf8001ccdea64d5358b8C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dll8e80dc98-4a99-11e1-8db3-00262d49a939

Error: (01/28/2012 11:37:00 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dIEFRAME.dll9.0.8112.164404eb319a7c0000005000fc88b13fc01ccde48356c9b8cC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\IEFRAME.dlla54ff504-4a43-11e1-adfe-00262d49a939

Error: (01/24/2012 07:51:19 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/21/2012 00:31:34 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/18/2012 10:23:07 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.164214dc01ccd62ffd324b7494C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (01/18/2012 00:39:52 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash10w.ocx10.3.183.74e52e8e0c0000005001a102ba0801ccd54f575a34e0C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash10w.ocx9b3992b8-41a7-11e1-9106-00262d49a939


=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
Aarons Advanced Cliker Version 3.05
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Reader 9.4.7 MUI (Version: 9.4.7)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advertising Center (Version: 0.0.0.2)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
AmericasCardroom.net (Version: 9.4)
Barnes & Noble Desktop Reader (Version: 2.5.1.21)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 6.0.2282.0)
Bing Bar Platform (Version: 6.0.2282.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
BovadaPoker (Version: )
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
ClubWPT
Comcast Desktop Software (v1.2.1) (Version: 24)
DealPly (Version: )
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
eBay Worldwide (Version: 2.1.0901)
eMachines Games (Version: 1.0.1.3)
eMachines Recovery Management (Version: 4.05.3013)
eMachines Registration (Version: 1.03.3003)
eMachines ScreenSaver (Version: 1.1.0825.2010)
eMachines Updater (Version: 1.02.3001)
FATE (Version: 2.2.0.95)
Hotkey Utility (Version: 2.05.3009)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
J2SE Runtime Environment 5.0 Update 16 (Version: 1.5.0.160)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
Lock Poker (Version: 5.0)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.37.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.15.0.100)
NeroExpress (Version: 9.4.37.100)
neroxml (Version: 1.0.0)
Norton Internet Security (Version: 18.6.0.29)
Norton Online Backup (Version: 2.1.17869)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies (Version: 2.2.0.95)
PokerStars
PokerStars.net
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Realtek High Definition Audio Driver (Version: 6.0.1.6045)
StartNow Toolbar (Version: 2.4.0)
swMSM (Version: 12.0.0.1)
Times Reader (Version: 2.055)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Welcome Center (Version: 1.02.3004)
WildTangent Games App (eMachines Games) (Version: 4.0.5.31)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Zuma's Revenge (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3839.37 MB
Available physical RAM: 2936.81 MB
Total Pagefile: 7676.93 MB
Available Pagefile: 6732.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.2 MB

========================= Partitions: =====================================

1 Drive c: (eMachines) (Fixed) (Total:453.66 GB) (Free:410.16 GB) NTFS

========================= Users: ========================================

User accounts for \\DALE-PC

Administrator Dale Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 AM

Posted 01 February 2012 - 09:46 PM

Hello,I split you to your pwn topic here.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Lets see how it is after these.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 19vette67

19vette67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 01 February 2012 - 10:06 PM

Hello, boopme;
I'm sorry, I was so mad at this thing that I missed the "TDSSkiller". I downloaded it and I had to run it and MBAM 3 times and it finally killed it. Again you guys are batting 1000, Excellant work!!!!

As for the "ESET online scan" let me figure out what it is before I go using it.

I'll be online for awhile if ya wanna try to explain it.

#4 19vette67

19vette67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 01 February 2012 - 10:13 PM

I just went to google and searched for eset. When I clicked it went to something called "happli" but the address bar still said google. When I got to the eset site, it appears to be one of those sites that infect your computer and say you need to buy their software to remove it.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 AM

Posted 01 February 2012 - 10:35 PM

Its an online malware scanner.. minimal install. Its good to run as after TDSS finds and kills that stuff, there is usually malware like Kryptic left and ESET gets that off.

The download link i provided is 100% safe.

Edited by boopme, 01 February 2012 - 10:35 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 19vette67

19vette67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 01 February 2012 - 10:43 PM

I very much appreciate your help. It seems that everything is running normally now. I think I will save the "ESET" thing for the next "last resort".
I am very chicken, when it comes to downloading thinks and especially allowing some web site to muck around inside of my computer.

Again, thankyou very much!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:33 AM

Posted 01 February 2012 - 10:54 PM

You're welcome and the choice is yours.
2 things...
One, is you referenced goung some where to dowmload it.. I Never download from anywhere bu the manufacturers site.. you will find malware on other site.

Two, if this is of any comfort,here is a link to searching this site for ESET online scan
http://www.bleepingcomputer.com/forums/index.php?app=core&module=search&section=search&do=search&fromsearch=1

This is 40 pages of successful runs. BC is in the practice of removing not installing malware.

Thanks for visiting.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users