Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vipsearch Redirect, Scanners not finding anything


  • Please log in to reply
15 replies to this topic

#1 Maeby

Maeby

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 20 February 2012 - 08:20 PM

When I go to do Google searches, it keeps trying to redirect me with "vipsearchs". I have No Script installed, which keeps it from going wherever it's trying to send me, but Google is still useless. I've run just about every reputable anti-virus program I can find (Malwarebytes Anti-Malware, SUPER Anti-Spyware, Spybot Search and Destroy, AVG), and none of them are finding anything.

SpyDoctor found a "possible Browser Hijack", but it couldn't fix the error even when I ran it in SafeMode. Any help would be greatly appreciated. You never realize how much you use Google until you can't anymore.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 20 February 2012 - 08:56 PM

Welcome aboard Posted Image

Which browser is affected?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Maeby

Maeby
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2012 - 08:39 AM

Thank you for the speedy reply! All browsers are affected. I actually downloaded Google Chrome specifically to see if it would work, and it's showing the exact same issues as the others. (Also, this morning firefox abruptly started "Not Responding" a few seconds after being opened, for no apparent reason. This happens every time I open it now, for some reason, and a restart did nothing to fix it).

I'm having trouble getting MBAM to run (which is new; it ran fine yesterday). For some reason it keeps freezing while scanning my desktop (not any particular file seems to be setting it off). I'm going to try restarting to see if that helps. I'll post what I've got so far, and then update with the rest when I get it:


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
PC Tools Spyware Doctor with AntiVirus 9.0
Sygate Personal Firewall
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

PC Tools Spyware Doctor with AntiVirus 9.0
Spybot - Search & Destroy
Java™ 6 Update 26
Out of date Java installed!
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
ThreatFire TFService.exe
``````````End of Log````````````

=============================================================================
=============================================================================

Farbar Service Scanner Version: 14-02-2012
Ran by Ragtatter (administrator) on 21-02-2012 at 08:21:02
Running from "C:\Users\Ragtatter\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 10:51] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

=============================================================================
=============================================================================


MiniToolBox by Farbar Version: 18-01-2012
Ran by Ragtatter (administrator) on 21-02-2012 at 08:23:03
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


94.63.147.16 www.google.com
94.63.147.17 www.bing.com


========================= IP Configuration: ================================

Broadcom 4313 802.11b/g/n = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.15 metric=1 publish=Yes


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CompanionCube
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
Physical Address. . . . . . . . . : AC-81-12-2C-21-68
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd1b:6e5a:4778:1b8%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 21, 2012 8:03:31 AM
Lease Expires . . . . . . . . . . : Wednesday, February 22, 2012 8:21:16 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 330072338
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-E2-B8-4C-98-4B-E1-BD-FB-01
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C4ABD174-F5CA-46AA-BA58-C3CC5B1017E3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.97
74.125.225.98
74.125.225.99
74.125.225.100
74.125.225.101
74.125.225.102
74.125.225.103
74.125.225.104
74.125.225.105
74.125.225.106
74.125.225.107
74.125.225.108
74.125.225.109
74.125.225.110
74.125.225.111
74.125.225.96


Pinging google.com [74.125.225.38] with 32 bytes of data:
Reply from 74.125.225.38: bytes=32 time=34ms TTL=53
Reply from 74.125.225.38: bytes=32 time=36ms TTL=53

Ping statistics for 74.125.225.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 36ms, Average = 35ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.127.62
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=166ms TTL=49
Reply from 98.139.183.24: bytes=32 time=89ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 166ms, Average = 127ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...ac 81 12 2c 21 68 ......Broadcom 4313 802.11b/g/n
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 192.168.1.15 192.168.1.4 26
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.15 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::dd1b:6e5a:4778:1b8/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/21/2012 08:15:03 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 10.0.2.4428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b30

Start Time: 01ccf09aa3a7a8a9

Termination Time: 39

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 0d0745f1-5c8e-11e1-8c9c-fc1afe66952b

Error: (02/21/2012 08:13:40 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 10.0.2.4428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f0

Start Time: 01ccf09a8fd3d667

Termination Time: 57

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: da9aaade-5c8d-11e1-8c9c-fc1afe66952b

Error: (02/21/2012 08:10:20 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 10.0.2.4428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1558

Start Time: 01ccf0995b61cd36

Termination Time: 109

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 57714eb7-5c8d-11e1-8c9c-fc1afe66952b

Error: (02/18/2012 02:04:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7600.20683, time stamp: 0x4bb6bbdb
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211da1
Exception code: 0x0000046b
Fault offset: 0x000000000000a88d
Faulting process id: 0x17c4
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (02/18/2012 04:33:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: DesktopDock64.dll, version: 1.0.1.0, time stamp: 0x4c9256c9
Exception code: 0xc000041d
Fault offset: 0x0000000000035dad
Faulting process id: 0xa10
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (02/18/2012 01:27:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: TFService.exe, version: 4.11.11.10, time stamp: 0x4ebadaac
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x00032a8f
Faulting process id: 0x1a6c
Faulting application start time: 0xTFService.exe0
Faulting application path: TFService.exe1
Faulting module path: TFService.exe2
Report Id: TFService.exe3

Error: (02/13/2012 08:57:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: DesktopDock64.dll, version: 1.0.1.0, time stamp: 0x4c9256c9
Exception code: 0xc000041d
Fault offset: 0x0000000000035dad
Faulting process id: 0x9cc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (02/13/2012 08:12:59 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2012 08:08:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.

System Error:
The system cannot find the file specified.
.

Error: (02/13/2012 01:10:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: SUPERANTISPYWARE.EXE, version: 5.0.0.1144, time stamp: 0x4f19af0e
Faulting module name: ShellExt64.dll_unloaded, version: 0.0.0.0, time stamp: 0x4c9add55
Exception code: 0xc0000005
Fault offset: 0x00000000093e2d6c
Faulting process id: 0xd6c
Faulting application start time: 0xSUPERANTISPYWARE.EXE0
Faulting application path: SUPERANTISPYWARE.EXE1
Faulting module path: SUPERANTISPYWARE.EXE2
Report Id: SUPERANTISPYWARE.EXE3


System errors:
=============
Error: (02/21/2012 08:04:16 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/21/2012 08:03:37 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (02/21/2012 08:03:36 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (02/21/2012 08:03:35 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (02/21/2012 08:03:30 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (02/20/2012 08:09:33 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (02/20/2012 08:08:38 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (02/20/2012 08:08:35 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (02/20/2012 08:08:35 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (02/20/2012 08:08:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (02/21/2012 08:15:03 AM) (Source: Application Hang)(User: )
Description: firefox.exe10.0.2.4428b3001ccf09aa3a7a8a939C:\Program Files (x86)\Mozilla Firefox\firefox.exe0d0745f1-5c8e-11e1-8c9c-fc1afe66952b

Error: (02/21/2012 08:13:40 AM) (Source: Application Hang)(User: )
Description: firefox.exe10.0.2.442811f001ccf09a8fd3d66757C:\Program Files (x86)\Mozilla Firefox\firefox.exeda9aaade-5c8d-11e1-8c9c-fc1afe66952b

Error: (02/21/2012 08:10:20 AM) (Source: Application Hang)(User: )
Description: firefox.exe10.0.2.4428155801ccf0995b61cd36109C:\Program Files (x86)\Mozilla Firefox\firefox.exe57714eb7-5c8d-11e1-8c9c-fc1afe66952b

Error: (02/18/2012 02:04:17 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7600.206834bb6bbdbKERNELBASE.dll6.1.7600.168504e211da10000046b000000000000a88d17c401ccee6bd37a98beC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dll5a930946-5a63-11e1-adf4-98b3e5477438

Error: (02/18/2012 04:33:23 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122DesktopDock64.dll1.0.1.04c9256c9c000041d0000000000035dada1001ccee2019232302C:\Windows\Explorer.EXEc:\program files\stardock\fences pro\DesktopDock64.dll99774a7c-5a13-11e1-9ae1-cbdc42d2d52c

Error: (02/18/2012 01:27:12 AM) (Source: Application Error)(User: )
Description: TFService.exe4.11.11.104ebadaacntdll.dll6.1.7600.169154ec49d10c000000500032a8f1a6c01ccee05de1fcfeeC:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exeC:\Windows\SysWOW64\ntdll.dll975ffbdf-59f9-11e1-9f78-fab796d988e6

Error: (02/13/2012 08:57:15 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122DesktopDock64.dll1.0.1.04c9256c9c000041d0000000000035dad9cc01cceabbdb99ba93C:\Windows\Explorer.EXEc:\program files\stardock\fences pro\DesktopDock64.dll376ba4f7-56af-11e1-944e-affbe902ac2d

Error: (02/13/2012 08:12:59 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.

System Error:
The system cannot find the file specified.

Error: (02/13/2012 08:08:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.

System Error:
The system cannot find the file specified.

Error: (02/13/2012 01:10:14 PM) (Source: Application Error)(User: )
Description: SUPERANTISPYWARE.EXE5.0.0.11444f19af0eShellExt64.dll_unloaded0.0.0.04c9add55c000000500000000093e2d6cd6c01cce9e6d3f1024bC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEShellExt64.dllf95235ea-566d-11e1-b8ed-8a27ad162208


=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Illustrator CS (Version: 11)
Adobe Photoshop CS (Version: CS)
Adobe Reader 9.3.3 MUI (Version: 9.3.3)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe SVG Viewer 3.0 (Version: 3.0)
AIM 7
Amazon Kindle
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Apple Application Support (Version: 2.0.1)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.14 (Unicode)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2113)
AVG 2012 (Version: 2012.0.1913)
Blio (Version: 2.0.5350)
Breeders Assistant (Generic) 4 (Version: 4.65a)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Browser Defender 4.0 (Version: 4.0.0.0)
calibre (Version: 0.8.17)
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
City of Heroes
Color Efex Pro 3.0 Complete (Version: 3.0)
Combined Community Codec Pack 2011-07-30 (Version: 2011.07.30.0)
Comodo Dragon (Version: 15.0)
CutePDF Writer 2.8
CyberLink DVD Suite (Version: 7.0.3320)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video (Version: 4.2.4412)
Energy Star Digital Logo (Version: 1.0.1)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Fences Pro (Version: 1.0.1.312)
Fences Pro (Version: 1.0.1.312.19219)
ffdshow v1.1.3800 [2011-03-28] (Version: 1.1.3800.0)
Flash Card Manager (Version: 3.0.3)
Free WMA to MP3 Converter 1.16
Glary Utilities Pro 2.41.0.1358 (Version: 2.41.0.1358)
Google Chrome (Version: 17.0.963.56)
Greyhound Manager 2
HP 3D DriveGuard (Version: 4.0.10.1)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.2.0.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP MediaSmart DVD (Version: 4.2.4521)
HP MediaSmart Movies and TV (Version: 1.0.1.2)
HP MediaSmart Music (Version: 4.2.4604)
HP MediaSmart Photo (Version: 4.2.4513)
HP MediaSmart SmartMenu (Version: 3.1.2.2)
HP MediaSmart Video (Version: 4.2.4522)
HP MediaSmart Webcam (Version: 4.2.3303)
HP MovieStore (Version: 1.0.023)
HP MovieStore (Version: 2.0.2)
HP Photo Creations (Version: 1.0.0.4042)
HP Power Manager (Version: 1.1.2)
HP Quick Launch (Version: 2.2.7)
HP Setup (Version: 8.4.4400.3525)
HP Setup Manager (Version: 1.0.12844.3519)
HP SimplePass Identity Protection (Version: 5.20.205)
HP Software Framework (Version: 4.0.70.1)
HP Support Assistant (Version: 5.1.8.12)
HP Wireless Assistant (Version: 4.0.10.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.6)
Hulu Desktop (Version: 0.9.13)
IDT Audio (Version: 1.0.6292.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3220)
LAME v3.98.3 for Audacity
Left 4 Dead 2
LightScribe System Software (Version: 1.18.18.1)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.2.4412)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
Mozilla Thunderbird 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NCsoft Launcher (Version: 1.5.25.1)
PC Search (Version: 1.23.0000)
PC Tools Spyware Doctor with AntiVirus 9.0 (Version: 9.0)
PhotoNow! (Version: 1.1.7717)
PictureMover (Version: 3.5.0.33)
PlayReady PC Runtime x86 (Version: 1.3.0)
Portal
Portal 2
Power2Go (Version: 6.1.4419)
PowerDirector (Version: 8.0.3320)
QuickTime (Version: 7.70.80.34)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Recovery Manager (Version: 5.5.3223)
Rosetta Stone Ltd Services (Version: 3.2.17)
Rosetta Stone TOTALe (Version: 4.1.1)
Rosetta Stone TOTALe (Version: 4.1.15.1)
RoxioNow Player (Version: 1.9.5.101)
Skype™ 5.5 (Version: 5.5.124)
Spybot - Search & Destroy (Version: 1.6.2)
Starters Orders 4
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1142)
Sygate Personal Firewall (Version: 5.6.2808)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
Team Fortress 2
Times Reader (Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Validity Sensors DDK (Version: 4.1.139.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VST Bridge 1.1
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
WolfQuest (Version: 2.5.1)
Yahoo! Detect
yWriter5

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3893.86 MB
Available physical RAM: 2128.76 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 5291.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:566.91 GB) (Free:226.46 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:28.96 GB) (Free:4.25 GB) NTFS
5 Drive g: (20100501_1229) (CDROM) (Total:6.34 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\COMPANIONCUBE

Administrator Guest Mom
Ragtatter


**** End of log ****


=============================================================================
=============================================================================

#4 Maeby

Maeby
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2012 - 10:22 AM

:) Alrighty, the restart worked and MBAM completed the scan.



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ragtatter :: COMPANIONCUBE [administrator]

2/21/2012 9:03:04 AM
mbam-log-2012-02-21 (09-03-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201085
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

=============================================================================
=============================================================================

(On this one, I'm not sure if the scan completed or not, but it hadn't moved in several minutes so I went ahead and created a log anyway. I'm going to re-run it just to be on the safe side, but here's the log)


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-21 09:43:14
-----------------------------
09:43:14.057 OS Version: Windows x64 6.1.7600
09:43:14.057 Number of processors: 4 586 0x2505
09:43:14.058 ComputerName: COMPANIONCUBE UserName: Ragtatter
09:43:19.449 Initialize success
09:43:28.489 AVAST engine defs: 12022100
09:43:30.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:43:30.458 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
09:43:30.475 Disk 0 MBR read successfully
09:43:30.479 Disk 0 MBR scan
09:43:31.618 Disk 0 unknown MBR code
09:43:31.644 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:43:32.032 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 580516 MB offset 409600
09:43:32.400 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29660 MB offset 1189306368
09:43:32.869 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
09:43:33.287 Service scanning
09:46:01.134 Modules scanning
09:46:01.151 Disk 0 trace - called modules:
09:46:01.195 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys iaStor.sys hal.dll
09:46:01.552 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005213060]
09:46:01.564 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80050a0b10]
09:46:01.574 5 hpdskflt.sys[fffff88001beb289] -> nt!IofCallDriver -> [0xfffffa800509c970]
09:46:01.585 7 PCTCore64.sys[fffff8800152ff38] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f48050]
09:46:04.967 AVAST engine scan C:\Windows
09:46:24.697 AVAST engine scan C:\Windows\system32
09:56:27.357 AVAST engine scan C:\Windows\system32\drivers
09:57:27.542 AVAST engine scan C:\Users\Ragtatter
10:12:27.589 AVAST engine scan C:\ProgramData
10:14:25.148 File: C:\ProgramData\Microsoft\Windows\DRM\973F.tmp **INFECTED** Win32:Malware-gen
10:14:25.321 File: C:\ProgramData\Microsoft\Windows\DRM\978E.tmp **INFECTED** Win32:Malware-gen
10:18:19.202 Disk 0 MBR has been saved successfully to "C:\Users\Ragtatter\Desktop\MBR.dat"
10:18:19.232 The log file has been saved successfully to "C:\Users\Ragtatter\Desktop\aswMBR.txt"

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 21 February 2012 - 11:37 AM

We have hijacked "hosts" file to start with.

Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

*********************

Re-run MiniToolbox.
Checkmark following boxes:
  • List content of Hosts
Click Go and post the result.

Also...

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Maeby

Maeby
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2012 - 04:50 PM

Thanks again for the quick reply. :)

MiniToolBox by Farbar Version: 18-01-2012
Ran by Ragtatter (administrator) on 21-02-2012 at 16:48:22
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****






Bootkit Remover
© 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Boot sector MD5 is: 1b7ae333e751feaa767f96aa898ec606

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;



Press any key to quit...

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 21 February 2012 - 06:16 PM

How is redirection now?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Maeby

Maeby
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2012 - 06:23 PM

It doesn't seem to be redirecting anymore! :) Thank you so much for your help.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 21 February 2012 - 06:39 PM

Good news :)

We have some more work to do though....
Hold on for more instructions...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 21 February 2012 - 06:44 PM

You have some registry keys missing which affect Windows firewall and Action Center.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on wscsvc.reg file and confirm the prompt.
Double click on bfe.reg file and confirm the prompt.
Double click on mpssvc.reg file and confirm the prompt.

Restart computer.
See if you can turn Windows firewall on and see if you can access Action Center.
Post new FSS log.

Edited by Broni, 21 February 2012 - 06:45 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Maeby

Maeby
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2012 - 07:20 PM

I can access the Action Center, but I can't turn on the Firewall.

Farbar Service Scanner Version: 14-02-2012
Ran by Ragtatter (administrator) on 21-02-2012 at 19:18:42
Running from "C:\Users\Ragtatter\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 10:51] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 21 February 2012 - 07:21 PM

Download following firewall fix: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe
Double click on downloaded file to run the fix.

Restart computer and check on firewall again.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Maeby

Maeby
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2012 - 08:16 PM

The firewall is up and running now. :)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,709 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 21 February 2012 - 08:18 PM

Very good :)

Last checks....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Maeby

Maeby
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 22 February 2012 - 01:21 AM

XD I think that's the longest computer scan I've ever seen.

C:\ProgramData\Microsoft\Windows\DRM\973F.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\978E.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\20.02.2012_14.25.59\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_14.25.59\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\20.02.2012_14.25.59\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_14.25.59\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\20.02.2012_14.25.59\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_14.25.59\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\20.02.2012_19.43.31\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_19.43.31\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\20.02.2012_19.43.31\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_19.43.31\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\20.02.2012_19.43.31\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\20.02.2012_19.43.31\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\973F.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\978E.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users