Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

updatesearch.org


  • Please log in to reply
5 replies to this topic

#1 bertcollege

bertcollege

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 March 2012 - 11:09 AM

Hey everybody.

While using the internet this morning, I went to a site that has never caused problems for myself or anyone I know (grooveshark.com). It redirected me to updatesearch.org, which had what I assume to be fake xvid download links. After another hour or two of internet browsing - including a test visit to the site which was redirected - no more redirects have happened. I dug through different logs from Symantec endpoint protection, and the traffic log blocked something about 15 minutes after the first instance of the redirect. Nothing shows up when I run spybot.

I showed up here because some searches on this specific redirect led to some forum posts, including one from only a day or two ago.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:34 AM

Posted 01 March 2012 - 11:17 AM

Hello,lets looks at these.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 March 2012 - 11:27 AM

I'm doing these in separate posts for less of an eyesore. Here's the minitoolbox result:



MiniToolBox by Farbar Version: 18-01-2012
Ran by rtm5101 (administrator) on 01-03-2012 at 11:19:30
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 14758 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : WINPSU-NRK59047
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rhbd.psu.edu

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-A2-F1-25
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : rhbd.psu.edu
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1E-68-7F-76-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7879:996:2151:97dc%10(Preferred)
IPv4 Address. . . . . . . . . . . : 66.71.6.247(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Lease Obtained. . . . . . . . . . : Thursday, March 01, 2012 9:34:50 AM
Lease Expires . . . . . . . . . . : Friday, March 02, 2012 9:34:50 AM
Default Gateway . . . . . . . . . : 66.71.6.241
DHCP Server . . . . . . . . . . . : 128.118.70.11
DHCPv6 IAID . . . . . . . . . . . : 234888808
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-BE-66-D1-00-1E-68-7F-76-B4
DNS Servers . . . . . . . . . . . : 146.186.163.66
128.118.141.32
128.118.25.3
130.203.1.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.rhbd.psu.edu:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DB69DD32-9B40-487C-BC43-47B14A9D3C4A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . : rhbd.psu.edu
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4247:6f7::4247:6f7(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 146.186.163.66
128.118.141.32
128.118.25.3
130.203.1.4
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c41:1ed9:bdb8:f908(Preferred)
Link-local IPv6 Address . . . . . : fe80::c41:1ed9:bdb8:f908%18(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: ns1.ems.psu.edu
Address: 146.186.163.66

Name: google.com
Addresses: 2001:4860:800f::71
72.14.204.101
72.14.204.102
72.14.204.113
72.14.204.138
72.14.204.100


Pinging google.com [72.14.204.101] with 32 bytes of data:
Reply from 72.14.204.101: bytes=32 time=48ms TTL=54
Reply from 72.14.204.101: bytes=32 time=33ms TTL=54

Ping statistics for 72.14.204.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 48ms, Average = 40ms
Server: ns1.ems.psu.edu
Address: 146.186.163.66

Name: yahoo.com
Addresses: 98.139.127.62
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=83ms TTL=47
Reply from 209.191.122.70: bytes=32 time=62ms TTL=47

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 83ms, Average = 72ms
Server: ns1.ems.psu.edu
Address: 146.186.163.66

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1f 3b a2 f1 25 ......Intel® Wireless WiFi Link 4965AGN
10...00 1e 68 7f 76 b4 ......Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 66.71.6.241 66.71.6.247 20
66.71.6.240 255.255.255.240 On-link 66.71.6.247 276
66.71.6.247 255.255.255.255 On-link 66.71.6.247 276
66.71.6.255 255.255.255.255 On-link 66.71.6.247 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 66.71.6.247 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 66.71.6.247 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
22 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:c41:1ed9:bdb8:f908/128
On-link
22 1025 2002::/16 On-link
22 281 2002:4247:6f7::4247:6f7/128
On-link
10 276 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::c41:1ed9:bdb8:f908/128
On-link
10 276 fe80::7879:996:2151:97dc/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/27/2012 06:34:23 PM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 127c

Start Time: 01ccf52723f0553a

Termination Time: 98

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 9265a653-619b-11e1-aa46-001e687f76b4

Error: (02/27/2012 03:09:32 AM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 838

Start Time: 01ccf526682decda

Termination Time: 32

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 5f5456c5-611a-11e1-aa46-001e687f76b4

Error: (02/27/2012 03:04:06 AM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d4

Start Time: 01ccf4645b45610c

Termination Time: 119

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 9cd96784-6119-11e1-aa46-001e687f76b4

Error: (02/25/2012 03:34:03 AM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1350

Start Time: 01ccf396b4812409

Termination Time: 67

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 77b90213-5f8b-11e1-a34d-001e687f76b4

Error: (02/25/2012 03:21:05 AM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b54

Start Time: 01ccf32df2226e14

Termination Time: 66

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: a7802286-5f89-11e1-a34d-001e687f76b4

Error: (02/24/2012 02:53:11 PM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10f0

Start Time: 01ccf322fb8b7167

Termination Time: 78

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 2c5fecaf-5f21-11e1-a34d-001e687f76b4

Error: (02/22/2012 02:36:11 PM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1564

Start Time: 01ccf194396e52b7

Termination Time: 66

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 779640a2-5d8c-11e1-9cb8-001e687f76b4

Error: (02/22/2012 02:03:06 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 17.0.963.56 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: db0

Start Time: 01ccf19468b4c2cd

Termination Time: 19

Application Path: C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: d87d3f2b-5d87-11e1-9cb8-001e687f76b4

Error: (02/22/2012 02:01:39 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 17.0.963.56 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c70

Start Time: 01ccf19410c4e1b8

Termination Time: 30

Application Path: C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 998f5108-5d87-11e1-9cb8-001e687f76b4

Error: (02/21/2012 04:12:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (02/29/2012 02:37:55 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:35:56 PM on ?2/?29/?2012 was unexpected.

Error: (02/29/2012 02:14:16 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E4274979-99B7-47F4-A7FF-D7D1D0EFCE77}.
The backup browser is stopping.

Error: (02/28/2012 08:10:43 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E4274979-99B7-47F4-A7FF-D7D1D0EFCE77}.
The backup browser is stopping.

Error: (02/28/2012 04:54:51 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/28/2012 03:57:48 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:55:44 AM on ?2/?28/?2012 was unexpected.

Error: (02/28/2012 03:27:52 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:25:59 AM on ?2/?28/?2012 was unexpected.

Error: (02/27/2012 06:12:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (02/27/2012 09:49:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (02/27/2012 00:53:56 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (02/26/2012 02:10:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.


Microsoft Office Sessions:
=========================
Error: (02/27/2012 06:34:23 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.17514127c01ccf52723f0553a98C:\Program Files\Windows Media Player\wmplayer.exe9265a653-619b-11e1-aa46-001e687f76b4

Error: (02/27/2012 03:09:32 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.1751483801ccf526682decda32C:\Program Files\Windows Media Player\wmplayer.exe5f5456c5-611a-11e1-aa46-001e687f76b4

Error: (02/27/2012 03:04:06 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.1751415d401ccf4645b45610c119C:\Program Files\Windows Media Player\wmplayer.exe9cd96784-6119-11e1-aa46-001e687f76b4

Error: (02/25/2012 03:34:03 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.17514135001ccf396b481240967C:\Program Files\Windows Media Player\wmplayer.exe77b90213-5f8b-11e1-a34d-001e687f76b4

Error: (02/25/2012 03:21:05 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.17514b5401ccf32df2226e1466C:\Program Files\Windows Media Player\wmplayer.exea7802286-5f89-11e1-a34d-001e687f76b4

Error: (02/24/2012 02:53:11 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.1751410f001ccf322fb8b716778C:\Program Files\Windows Media Player\wmplayer.exe2c5fecaf-5f21-11e1-a34d-001e687f76b4

Error: (02/22/2012 02:36:11 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.17514156401ccf194396e52b766C:\Program Files\Windows Media Player\wmplayer.exe779640a2-5d8c-11e1-9cb8-001e687f76b4

Error: (02/22/2012 02:03:06 PM) (Source: Application Hang)(User: )
Description: chrome.exe17.0.963.56db001ccf19468b4c2cd19C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exed87d3f2b-5d87-11e1-9cb8-001e687f76b4

Error: (02/22/2012 02:01:39 PM) (Source: Application Hang)(User: )
Description: chrome.exe17.0.963.56c7001ccf19410c4e1b830C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe998f5108-5d87-11e1-9cb8-001e687f76b4

Error: (02/21/2012 04:12:24 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8


=========================== Installed Programs ============================

Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Feedback Tool (Version: 1.2.0)
Google Chrome (Version: 17.0.963.56)
HP Product Detection (Version: 10.7.9.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 4.1.10111.0)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
Mozilla Firefox (3.6.25) (Version: 3.6.25 (en-US))
OpenOffice.org 3.2 (Version: 3.2.9502)
PeaZip 3.6
Power Tab Editor 1.7 (Version: 1.7.0)
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)
Skype Click to Call (Version: 5.6.8442)
Skype 5.5 (Version: 5.5.124)
Spotify (Version: 0.6.1)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 11.0.5002.333)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
TripleA Version 1_2_5_5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 3062.43 MB
Available physical RAM: 1444.14 MB
Total Pagefile: 6123.14 MB
Available Pagefile: 4311.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.45 MB

========================= Partitions: =====================================

1 Drive c: (System) (Fixed) (Total:232.88 GB) (Free:172.07 GB) NTFS

========================= Users: ========================================

User accounts for \\WINPSU-NRK59047

Administrator Guest rtm5101


**** End of log ****

#4 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 March 2012 - 11:35 AM

TDSSkiller found no threats!


Malwarebytes didn't either. I guess this means I'm fine? Here's the log:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.01.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8080.16413
rtm5101 :: WINPSU-NRK59047 [administrator]

3/1/2012 11:29:02 AM
mbam-log-2012-03-01 (11-29-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188822
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:34 AM

Posted 01 March 2012 - 12:00 PM

Hello as I cannot see it here we need a deeper look.
I did see a lot of Win Media player issues..

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 01 March 2012 - 12:03 PM

Alright, thanks. I'll post that topic in a few hours when I'm not in class.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users