Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google wont load.


  • Please log in to reply
9 replies to this topic

#1 iml2an

iml2an

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 07 March 2012 - 08:39 PM

Google will not open on my desktop on Firefox or IE. I run Windows XP.
The error that it gives is: "404 No Found. nginx"
Any help will be appreciated, thanks!

EDIT: I also have another problem to add: Sometimes my computer does not start up properly. It opens the menu where you choose between Safe Mode, Safe Mode with Networking, Start Windows Normally etc. How do i get that resolved as well?

Edited by iml2an, 07 March 2012 - 11:11 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 07 March 2012 - 09:27 PM

Hello, lets start with some info and a quick scan.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 iml2an

iml2an
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 07 March 2012 - 10:57 PM

I also have another problem to add: Sometimes my computer does not start up properly. It opens the menu where you choose between Safe Mode, Safe Mode with Networking, Start Windows Normally etc. How do i get that resolved as well?

MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by XPPRESP3 (administrator) on 07-03-2012 at 22:19:06
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:50323

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 50323
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [USER]. Some commands may not be available.
The network location cannot be reached. For information about network troubleshooting, see Windows Help.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-13-D4-67-0F-7D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Wednesday, March 07, 2012 7:43:57 PM

Lease Expires . . . . . . . . . . : Wednesday, March 14, 2012 7:43:57 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging google.com [94.102.52.202] with 32 bytes of data:



Reply from 94.102.52.202: bytes=32 time=112ms TTL=48

Reply from 94.102.52.202: bytes=32 time=113ms TTL=48



Ping statistics for 94.102.52.202:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 112ms, Maximum = 113ms, Average = 112ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.127.62, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=43ms TTL=49

Reply from 98.139.183.24: bytes=32 time=35ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 43ms, Average = 39ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d4 67 0f 7d ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/07/2012 07:44:10 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (03/06/2012 01:05:43 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (03/06/2012 09:29:28 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (03/06/2012 09:29:19 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (03/05/2012 10:51:20 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (03/05/2012 10:51:18 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (03/04/2012 11:41:16 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (03/04/2012 11:40:32 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (03/04/2012 11:14:26 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (03/04/2012 11:14:26 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.


System errors:
=============
Error: (03/07/2012 07:44:09 PM) (Source: Print) (User: SYSTEM)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (03/06/2012 01:05:42 PM) (Source: Print) (User: SYSTEM)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (03/04/2012 11:14:09 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.101 for the Network Card with network address 0013D4670F7D has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/01/2012 11:03:10 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (02/25/2012 09:49:53 AM) (Source: Print) (User: SYSTEM)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (02/24/2012 06:04:54 PM) (Source: Print) (User: SYSTEM)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (02/23/2012 07:44:48 PM) (Source: Print) (User: SYSTEM)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (02/23/2012 07:41:23 PM) (Source: Print) (User: SYSTEM)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (02/20/2012 05:08:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942402

Error: (02/20/2012 11:03:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942402


Microsoft Office Sessions:
=========================
Error: (03/07/2012 07:44:10 PM) (Source: WinMgmt)(User: )
Description:

Error: (03/06/2012 01:05:43 PM) (Source: WinMgmt)(User: )
Description:

Error: (03/06/2012 09:29:28 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description:

Error: (03/06/2012 09:29:19 AM) (Source: WinMgmt)(User: )
Description:

Error: (03/05/2012 10:51:20 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description:

Error: (03/05/2012 10:51:18 AM) (Source: WinMgmt)(User: )
Description:

Error: (03/04/2012 11:41:16 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description:

Error: (03/04/2012 11:40:32 PM) (Source: WinMgmt)(User: )
Description:

Error: (03/04/2012 11:14:26 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description:

Error: (03/04/2012 11:14:26 AM) (Source: WinMgmt)(User: )
Description:


=========================== Installed Programs ============================

1500 (Version: 50.0.206.000)
1500_Help (Version: 50.0.206.000)
1500Trb (Version: 50.0.206.000)
32 Bit HP CIO Components Installer (Version: 3.1.1)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 50.0.165.000)
ACDSee 8 (Version: 8.1.98)
ACDSee 8 Media Support Package (Version: 1.0.0)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Reader Extended Language Support Font Pack (Version: 9.0.0)
AIM 7
AiO_Scan (Version: 50.0.206.000)
AiOSoftware (Version: 50.0.206.000)
ATI Control Panel (Version: 6.14.10.5166)
ATI Display Driver (Version: 8.17-050813a1-027023C-HP)
Belarc Advisor 7.2
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 120.0.194.000)
CCleaner
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
Creative WebCam Center
Creative WebCam Instant Driver (1.00.08.0416)
CustomerResearchQFolder (Version: 1.00.0000)
Diner Dash (Version: 3.3.3.61)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
Doggie Dash (Version: 3.3.9.14)
EliteSwitch
eSupportQFolder (Version: 1.00.0000)
Form Fill (Windows Live Toolbar) (Version: 03.01.0072)
Garmin Communicator Plugin (Version: 2.9.2)
Garmin USB Drivers (Version: 2.3.0.0)
Get Yahoo! Messenger
Google Updater (Version: 2.4.2432.1652)
GPBaseService2 (Version: 130.0.371.000)
Graphical Analysis 3.2 (Version: 3.2)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Document Manager 2.0 (Version: 2.0)
HP Image Zone Express (Version: 1.5.1.29)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Product Detection (Version: 11.14.0001)
HP PSC & OfficeJet 5.3.B
HP Smart Web Printing (Version: 4.05)
HP Solution Center 13.0 (Version: 13.0)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
K-Lite Mega Codec Pack 1.53 (Version: 1.53)
KaM - The Peasants Rebellion (remove only)
Linksys EasyLink Advisor (Version: 3.0.8122.29)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Map Button (Windows Live Toolbar) (Version: 03.01.0072)
MarketResearch (Version: 120.0.226.000)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 (Version: 3.0.04506.30)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.6361.0)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVC80_x86 (Version: 1.0.1.0)
MSVCRT (Version: 14.0.1468.721)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
neroxml (Version: 1.0.0)
Network (Version: 120.0.194.000)
NewCopy (Version: 50.0.206.000)
Nokia Connectivity Cable Driver (Version: 7.0.2.0)
Nokia NSeries One Touch Access (Version: 6.83.11)
Nokia NSeries One Touch Access 6.83.11
Nokia Photos (Version: 1.0.238)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
OneCare Advisor (Windows Live Toolbar) (Version: 03.00.2038)
PC Connectivity Solution (Version: 8.22.2.0)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0072)
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
ProductContext (Version: 50.0.165.000)
ProductContext (Version: 50.0.206.000)
QuickTime (Version: 7.2.0.240)
Readme (Version: 50.0.206.000)
Realtek AC'97 Audio (Version: 5.16)
Scan (Version: 12.0.0.0)
Segoe UI (Version: 14.0.4327.805)
Shop for HP Supplies (Version: 12)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0072)
SmartWebPrinting (Version: 120.0.194.000)
Software Update for Web Folders (Version: 9.60.6715.0)
SolutionCenter (Version: 130.0.373.000)
Spybot - Search & Destroy (Version: 1.6.0)
SwiftKit
TeamSpeak 2 RC2 (Version: 2.0.32.60)
Toolbox (Version: 120.0.194.000)
Unload (Version: 5.0.0)
UnloadSupport (Version: 11.0.0)
Update for Windows XP (KB914882) (Version: 1)
Update for Windows XP (KB922582) (Version: 1)
Update for Windows XP (KB927891) (Version: 3)
Update for Windows XP (KB942763) (Version: 1)
VCRedistSetup (Version: 1.0.0)
Ventrilo Client (Version: 3.0.1)
Verizon High Speed Internet
Viewpoint Media Player
VLC media player 0.9.9 (Version: 0.9.9)
WebReg (Version: 120.0.194.000)
Winamp AudioPlayer (Version: 5.2.3.672)
Windows Communication Foundation (Version: 3.0.04506.30)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Driver Package - Nokia Modem (05/22/2008 3.8) (Version: 05/22/2008 3.8)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0532.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0072)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0072)
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0073)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Workflow Foundation (Version: 3.0.4203.2)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XPize 4.4 Lite (Version: 4.4 Lite)
Yahoo! Internet Mail
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 446.48 MB
Available physical RAM: 205.27 MB
Total Pagefile: 1054.96 MB
Available Pagefile: 781.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:186.3 GB) (Free:21.83 GB) NTFS

========================= Users: ========================================

User accounts for \\USER

Administrator Guest HelpAssistant
Kanwal Mohammad Fakhruddin XPPRESP3


**** End of log ****


MBAM:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.08.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
XPPRESP3 :: USER [administrator]

3/7/2012 10:39:47 PM
mbam-log-2012-03-07 (22-39-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250939
Time elapsed: 19 minute(s), 9 second(s)

Memory Processes Detected: 3
C:\Documents and Settings\XPPRESP3\Application Data\3422B\670F7.exe (Trojan.Dropper.PE4) -> 840 -> Delete on reboot.
C:\Program Files\LP\F7D3\3D4.exe (Trojan.Dropper.PE4) -> 1980 -> Delete on reboot.
C:\Program Files\2BEB5\lvvm.exe (Trojan.Dropper.PE4) -> 2068 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|3D4.exe (Trojan.Dropper.PE4) -> Data: C:\Program Files\LP\F7D3\3D4.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\XPPRESP3\Application Data\3422B\670F7.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:50323 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\XPPRESP3\Application Data\3422B\670F7.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files\LP\F7D3\3D4.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files\2BEB5\lvvm.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Documents and Settings\Mohammad Fakhruddin\Application Data\3422B\670F7.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

(end)



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 08 March 2012 - 11:38 AM

Lets be sure you are malware free as it can be the problem.
Is SpyBot your onlu malware protection?

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 iml2an

iml2an
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 09 March 2012 - 10:20 PM

I have SpyBot and MBAM.

TDSSKILLER needed to reboot.
Here is the log:

20:45:44.0203 1508 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
20:45:44.0718 1508 ============================================================
20:45:44.0718 1508 Current date / time: 2012/03/09 20:45:44.0718
20:45:44.0718 1508 SystemInfo:
20:45:44.0718 1508
20:45:44.0718 1508 OS Version: 5.1.2600 ServicePack: 2.0
20:45:44.0718 1508 Product type: Workstation
20:45:44.0718 1508 ComputerName: USER
20:45:44.0718 1508 UserName: XPPRESP3
20:45:44.0718 1508 Windows directory: C:\WINDOWS
20:45:44.0718 1508 System windows directory: C:\WINDOWS
20:45:44.0718 1508 Processor architecture: Intel x86
20:45:44.0718 1508 Number of processors: 1
20:45:44.0718 1508 Page size: 0x1000
20:45:44.0718 1508 Boot type: Normal boot
20:45:44.0718 1508 ============================================================
20:45:47.0484 1508 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:45:47.0562 1508 \Device\Harddisk0\DR0:
20:45:47.0562 1508 MBR used
20:45:47.0562 1508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
20:45:47.0687 1508 Initialize success
20:45:47.0687 1508 ============================================================
20:45:51.0656 1776 ============================================================
20:45:51.0656 1776 Scan started
20:45:51.0656 1776 Mode: Manual;
20:45:51.0656 1776 ============================================================
20:45:52.0203 1776 Abiosdsk - ok
20:45:52.0218 1776 abp480n5 - ok
20:45:52.0281 1776 ACPI (3b67b435fddf777c595f0ec736b03c37) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:45:52.0281 1776 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 3b67b435fddf777c595f0ec736b03c37, Fake md5: a10c7534f7223f4a73a948967d00e69b
20:45:52.0281 1776 ACPI ( Virus.Win32.Rloader.a ) - infected
20:45:52.0281 1776 ACPI - detected Virus.Win32.Rloader.a (0)
20:45:52.0328 1776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:45:52.0328 1776 ACPIEC - ok
20:45:52.0359 1776 adpu160m - ok
20:45:52.0406 1776 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
20:45:52.0406 1776 aec - ok
20:45:52.0468 1776 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
20:45:52.0468 1776 AFD - ok
20:45:52.0484 1776 Aha154x - ok
20:45:52.0500 1776 aic78u2 - ok
20:45:52.0531 1776 aic78xx - ok
20:45:52.0671 1776 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:45:52.0765 1776 ALCXWDM - ok
20:45:52.0796 1776 AliIde - ok
20:45:52.0812 1776 amsint - ok
20:45:52.0859 1776 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:45:52.0859 1776 Arp1394 - ok
20:45:52.0875 1776 asc - ok
20:45:52.0906 1776 asc3350p - ok
20:45:52.0921 1776 asc3550 - ok
20:45:52.0984 1776 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:45:52.0984 1776 AsyncMac - ok
20:45:53.0031 1776 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:45:53.0031 1776 atapi - ok
20:45:53.0046 1776 Atdisk - ok
20:45:53.0156 1776 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:45:53.0187 1776 ati2mtag - ok
20:45:53.0265 1776 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:45:53.0265 1776 Atmarpc - ok
20:45:53.0312 1776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:45:53.0312 1776 audstub - ok
20:45:53.0359 1776 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:45:53.0359 1776 BANTExt - ok
20:45:53.0406 1776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:45:53.0406 1776 Beep - ok
20:45:53.0453 1776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:45:53.0468 1776 cbidf2k - ok
20:45:53.0515 1776 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:45:53.0515 1776 CCDECODE - ok
20:45:53.0562 1776 cd20xrnt - ok
20:45:53.0625 1776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:45:53.0625 1776 Cdaudio - ok
20:45:53.0671 1776 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:45:53.0671 1776 Cdfs - ok
20:45:53.0703 1776 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:45:53.0703 1776 Cdrom - ok
20:45:53.0718 1776 Changer - ok
20:45:53.0750 1776 CmdIde - ok
20:45:53.0781 1776 Cpqarray - ok
20:45:53.0796 1776 dac2w2k - ok
20:45:53.0828 1776 dac960nt - ok
20:45:53.0859 1776 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:45:53.0859 1776 Disk - ok
20:45:53.0921 1776 dmboot (3a097b005d2fcd7d693781c5ec0aa32e) C:\WINDOWS\system32\drivers\dmboot.sys
20:45:53.0984 1776 dmboot - ok
20:45:54.0015 1776 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:45:54.0015 1776 dmio - ok
20:45:54.0046 1776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:45:54.0046 1776 dmload - ok
20:45:54.0078 1776 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:45:54.0078 1776 DMusic - ok
20:45:54.0093 1776 dpti2o - ok
20:45:54.0125 1776 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:45:54.0125 1776 drmkaud - ok
20:45:54.0187 1776 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:45:54.0187 1776 Fastfat - ok
20:45:54.0234 1776 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
20:45:54.0234 1776 Fdc - ok
20:45:54.0296 1776 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:45:54.0296 1776 Fips - ok
20:45:54.0375 1776 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:45:54.0375 1776 Flpydisk - ok
20:45:54.0437 1776 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:45:54.0468 1776 FltMgr - ok
20:45:54.0515 1776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:45:54.0515 1776 Fs_Rec - ok
20:45:54.0546 1776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:45:54.0562 1776 Ftdisk - ok
20:45:54.0609 1776 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:45:54.0609 1776 Gpc - ok
20:45:54.0687 1776 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:45:54.0687 1776 hidusb - ok
20:45:54.0703 1776 hpn - ok
20:45:54.0750 1776 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:45:54.0765 1776 HPZid412 - ok
20:45:54.0796 1776 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:45:54.0796 1776 HPZipr12 - ok
20:45:54.0875 1776 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:45:54.0875 1776 HPZius12 - ok
20:45:54.0953 1776 HTTP (909d110c9634b0f1487eaaea837317d9) C:\WINDOWS\system32\Drivers\HTTP.sys
20:45:54.0953 1776 HTTP - ok
20:45:55.0015 1776 i2omgmt - ok
20:45:55.0046 1776 i2omp - ok
20:45:55.0093 1776 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:45:55.0093 1776 i8042prt - ok
20:45:55.0125 1776 Imapi (ad5e8a6c823f24882a6826d7dbccf4a3) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:45:55.0125 1776 Imapi - ok
20:45:55.0156 1776 ini910u - ok
20:45:55.0187 1776 IntelIde - ok
20:45:55.0218 1776 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:45:55.0250 1776 Ip6Fw - ok
20:45:55.0281 1776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:45:55.0281 1776 IpFilterDriver - ok
20:45:55.0312 1776 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:45:55.0312 1776 IpInIp - ok
20:45:55.0375 1776 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:45:55.0375 1776 IpNat - ok
20:45:55.0406 1776 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:45:55.0406 1776 IPSec - ok
20:45:55.0453 1776 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:45:55.0453 1776 IRENUM - ok
20:45:55.0500 1776 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:45:55.0500 1776 isapnp - ok
20:45:55.0546 1776 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:45:55.0562 1776 Kbdclass - ok
20:45:55.0593 1776 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
20:45:55.0593 1776 kmixer - ok
20:45:55.0640 1776 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
20:45:55.0656 1776 KSecDD - ok
20:45:55.0671 1776 lbrtfdc - ok
20:45:55.0703 1776 lmimirr - ok
20:45:55.0765 1776 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
20:45:55.0765 1776 MBAMSwissArmy - ok
20:45:55.0812 1776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:45:55.0828 1776 mnmdd - ok
20:45:55.0875 1776 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:45:55.0875 1776 Modem - ok
20:45:55.0921 1776 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:45:55.0921 1776 Mouclass - ok
20:45:56.0015 1776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:45:56.0015 1776 mouhid - ok
20:45:56.0078 1776 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:45:56.0078 1776 MountMgr - ok
20:45:56.0109 1776 mraid35x - ok
20:45:56.0296 1776 MREMP50 - ok
20:45:56.0343 1776 MREMP50a64 - ok
20:45:56.0343 1776 MREMPR5 - ok
20:45:56.0359 1776 MRENDIS5 - ok
20:45:56.0375 1776 MRESP50 - ok
20:45:56.0375 1776 MRESP50a64 - ok
20:45:56.0546 1776 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:45:56.0546 1776 MRxDAV - ok
20:45:56.0578 1776 MRxSmb (7412ce77c6fd823f8889b4df420c680b) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:45:56.0593 1776 MRxSmb - ok
20:45:56.0640 1776 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:45:56.0640 1776 Msfs - ok
20:45:56.0671 1776 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:45:56.0687 1776 MSKSSRV - ok
20:45:56.0718 1776 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:45:56.0718 1776 MSPCLOCK - ok
20:45:56.0750 1776 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:45:56.0750 1776 MSPQM - ok
20:45:56.0796 1776 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:45:56.0796 1776 mssmbios - ok
20:45:56.0843 1776 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
20:45:56.0843 1776 MSTEE - ok
20:45:56.0875 1776 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
20:45:56.0875 1776 Mup - ok
20:45:56.0937 1776 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:45:56.0937 1776 NABTSFEC - ok
20:45:57.0031 1776 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:45:57.0031 1776 NDIS - ok
20:45:57.0093 1776 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:45:57.0093 1776 NdisIP - ok
20:45:57.0140 1776 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:45:57.0140 1776 NdisTapi - ok
20:45:57.0187 1776 Ndisuio (f08bd495ba387229606d015cb4f459c9) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:45:57.0187 1776 Ndisuio - ok
20:45:57.0203 1776 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:45:57.0203 1776 NdisWan - ok
20:45:57.0250 1776 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:45:57.0250 1776 NDProxy - ok
20:45:57.0296 1776 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:45:57.0312 1776 NetBIOS - ok
20:45:57.0328 1776 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:45:57.0343 1776 NetBT - ok
20:45:57.0640 1776 NIC1394 (e1532ad506e0e874d1e6b4581c4f64ae) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:45:57.0640 1776 NIC1394 - ok
20:45:57.0765 1776 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:45:57.0765 1776 Npfs - ok
20:45:57.0812 1776 Ntfs (23601d0a2c3d71f51315d9bf0cf20ec0) C:\WINDOWS\system32\drivers\Ntfs.sys
20:45:57.0843 1776 Ntfs - ok
20:45:57.0953 1776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:45:57.0953 1776 Null - ok
20:45:58.0015 1776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:45:58.0015 1776 NwlnkFlt - ok
20:45:58.0062 1776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:45:58.0062 1776 NwlnkFwd - ok
20:45:58.0156 1776 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:45:58.0156 1776 ohci1394 - ok
20:45:58.0218 1776 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:45:58.0218 1776 Parport - ok
20:45:58.0265 1776 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:45:58.0265 1776 PartMgr - ok
20:45:58.0281 1776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:45:58.0281 1776 ParVdm - ok
20:45:58.0328 1776 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:45:58.0343 1776 pccsmcfd - ok
20:45:58.0390 1776 PCI (de1d9a5d50166a6d8a51daa936fc56a4) C:\WINDOWS\system32\DRIVERS\pci.sys
20:45:58.0390 1776 PCI - ok
20:45:58.0437 1776 PCIDump - ok
20:45:58.0500 1776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:45:58.0500 1776 PCIIde - ok
20:45:58.0546 1776 Pcmcia (36458ab24389af198194f73b9c6db8fe) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:45:58.0546 1776 Pcmcia - ok
20:45:58.0593 1776 PD0620VID (00a4197ab139819fea9f65faf8320a75) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
20:45:58.0609 1776 PD0620VID - ok
20:45:58.0625 1776 PDCOMP - ok
20:45:58.0640 1776 PDFRAME - ok
20:45:58.0656 1776 PDRELI - ok
20:45:58.0687 1776 PDRFRAME - ok
20:45:58.0703 1776 perc2 - ok
20:45:58.0921 1776 perc2hib - ok
20:45:58.0984 1776 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
20:45:58.0984 1776 pfc - ok
20:45:59.0046 1776 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:45:59.0046 1776 PptpMiniport - ok
20:45:59.0093 1776 Processor (9e372a156f92425a1904b84589093a37) C:\WINDOWS\system32\DRIVERS\processr.sys
20:45:59.0109 1776 Processor - ok
20:45:59.0125 1776 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:45:59.0125 1776 PSched - ok
20:45:59.0187 1776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:45:59.0187 1776 Ptilink - ok
20:45:59.0203 1776 ql1080 - ok
20:45:59.0234 1776 Ql10wnt - ok
20:45:59.0234 1776 ql12160 - ok
20:45:59.0250 1776 ql1240 - ok
20:45:59.0265 1776 ql1280 - ok
20:45:59.0296 1776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:45:59.0296 1776 RasAcd - ok
20:45:59.0375 1776 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:45:59.0375 1776 Rasl2tp - ok
20:45:59.0484 1776 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:45:59.0484 1776 RasPppoe - ok
20:45:59.0531 1776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:45:59.0531 1776 Raspti - ok
20:45:59.0562 1776 Rdbss (ed375ce745c42a14f10753f7022ecd6a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:45:59.0578 1776 Rdbss - ok
20:45:59.0593 1776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:45:59.0593 1776 RDPCDD - ok
20:45:59.0734 1776 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:45:59.0750 1776 rdpdr - ok
20:45:59.0796 1776 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
20:45:59.0796 1776 RDPWD - ok
20:45:59.0828 1776 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:45:59.0828 1776 redbook - ok
20:45:59.0875 1776 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:45:59.0875 1776 rtl8139 - ok
20:45:59.0921 1776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:45:59.0921 1776 Secdrv - ok
20:45:59.0968 1776 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
20:45:59.0968 1776 Serial - ok
20:46:00.0031 1776 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:00.0031 1776 Sfloppy - ok
20:46:00.0062 1776 Simbad - ok
20:46:00.0109 1776 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:46:00.0109 1776 SLIP - ok
20:46:00.0125 1776 Sparrow - ok
20:46:00.0187 1776 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
20:46:00.0187 1776 splitter - ok
20:46:00.0218 1776 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:00.0218 1776 sr - ok
20:46:00.0265 1776 Srv (5230953c21c811b5fc1ff31ae2b48097) C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:00.0265 1776 Srv - ok
20:46:00.0328 1776 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:46:00.0328 1776 StillCam - ok
20:46:00.0531 1776 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:46:00.0531 1776 streamip - ok
20:46:00.0578 1776 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:00.0578 1776 swenum - ok
20:46:00.0625 1776 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:46:00.0625 1776 swmidi - ok
20:46:00.0640 1776 symc810 - ok
20:46:00.0656 1776 symc8xx - ok
20:46:00.0671 1776 sym_hi - ok
20:46:00.0687 1776 sym_u3 - ok
20:46:00.0718 1776 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:00.0718 1776 sysaudio - ok
20:46:00.0781 1776 Tcpip (0601f83f6784c220ee302f03f702316e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:00.0796 1776 Tcpip - ok
20:46:00.0828 1776 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:00.0828 1776 TDPIPE - ok
20:46:00.0859 1776 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:00.0859 1776 TDTCP - ok
20:46:00.0890 1776 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:00.0890 1776 TermDD - ok
20:46:00.0953 1776 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
20:46:00.0953 1776 tmcomm - ok
20:46:00.0968 1776 TosIde - ok
20:46:01.0015 1776 Udfs (5468714efdcc70e24981e5874b5a6ce5) C:\WINDOWS\system32\drivers\Udfs.sys
20:46:01.0031 1776 Udfs - ok
20:46:01.0046 1776 ultra - ok
20:46:01.0093 1776 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
20:46:01.0093 1776 Update - ok
20:46:01.0109 1776 upperdev - ok
20:46:01.0171 1776 usbccgp (dd0b8c7b96107cbf8f70201a6ef7156e) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:01.0171 1776 usbccgp - ok
20:46:01.0203 1776 usbehci (b0d7020386c7187ef9c5a9643f289cd3) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:01.0203 1776 usbehci - ok
20:46:01.0234 1776 usbhub (b928132426e65558a2252e351a3e12db) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:01.0234 1776 usbhub - ok
20:46:01.0250 1776 usbohci (5ad6734f43418aebb8aa0a4df3420b65) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:46:01.0250 1776 usbohci - ok
20:46:01.0296 1776 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:46:01.0296 1776 usbprint - ok
20:46:01.0343 1776 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:46:01.0343 1776 usbscan - ok
20:46:01.0406 1776 usbstor (d31343bc16e50ad3b639e7d8d2639816) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:01.0406 1776 usbstor - ok
20:46:01.0453 1776 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:46:01.0453 1776 VgaSave - ok
20:46:01.0468 1776 ViaIde - ok
20:46:01.0515 1776 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:01.0515 1776 VolSnap - ok
20:46:01.0546 1776 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:01.0546 1776 Wanarp - ok
20:46:01.0593 1776 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:46:01.0609 1776 Wdf01000 - ok
20:46:01.0640 1776 WDICA - ok
20:46:01.0671 1776 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:01.0671 1776 wdmaud - ok
20:46:01.0734 1776 WinDriver6 (9a662b8b09030cbfe396a90ddd5636b4) C:\WINDOWS\system32\drivers\windrvr6.sys
20:46:01.0734 1776 WinDriver6 - ok
20:46:01.0796 1776 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:46:01.0796 1776 WS2IFSL - ok
20:46:01.0828 1776 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:46:01.0843 1776 WSTCODEC - ok
20:46:01.0843 1776 WudfPf - ok
20:46:01.0843 1776 WudfRd - ok
20:46:01.0937 1776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:46:02.0062 1776 \Device\Harddisk0\DR0 - ok
20:46:02.0078 1776 Boot (0x1200) (4ee886f75c279d0f46d6db3b5444ea67) \Device\Harddisk0\DR0\Partition0
20:46:02.0078 1776 \Device\Harddisk0\DR0\Partition0 - ok
20:46:02.0078 1776 ============================================================
20:46:02.0078 1776 Scan finished
20:46:02.0078 1776 ============================================================
20:46:02.0093 0728 Detected object count: 1
20:46:02.0093 0728 Actual detected object count: 1
20:46:35.0531 0728 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
20:46:45.0828 0728 Backup copy found, using it..
20:46:45.0890 0728 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
20:46:45.0890 0728 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
20:47:12.0890 1152 Deinitialize success


ESET Online Scanner:

C:\Documents and Settings\XPPRESP3\Application Data\upd.exe a variant of Win32/Kryptik.FL trojan cleaned by deleting - quarantined
C:\Documents and Settings\XPPRESP3\Desktop\Flashdrive\Laptop stuff\.Trash-1000\files\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe a variant of Win32/Injector.OV trojan cleaned by deleting - quarantined
C:\Documents and Settings\XPPRESP3\Desktop\Unused Desktop\foto.com probably a variant of Win32/Agent.MMCWSCK trojan cleaned by deleting - quarantined
C:\Documents and Settings\XPPRESP3\My Documents\My Scans\Softwares\Nero-8.3.6.0_eng_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Program Files\LP\F7D3\1.exe a variant of Win32/Kryptik.AAET trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\1B.tmp Win32/PSW.Agent.NTM trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\1F.tmp a variant of Win32/Kryptik.YML trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\26.exe a variant of Win32/Kryptik.ZJG trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\2F.exe a variant of Win32/Kryptik.AAET trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\3B.exe a variant of Win32/Kryptik.AAZR trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\3F.exe a variant of Win32/Kryptik.ABHI trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\45.exe a variant of Win32/Kryptik.ABVO trojan cleaned by deleting - quarantined
C:\Program Files\LP\F7D3\48.exe a variant of Win32/Kryptik.ACFH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.03.2012_20.45.44\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan deleted - quarantined
C:\WINDOWS\XPize\uninst.exe Win32/WFPDisabler.A application deleted - quarantined



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 10 March 2012 - 12:05 AM

Looks good now. Is it the paid MBAM?
How is it runnning?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 iml2an

iml2an
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 11 March 2012 - 12:48 AM

It's the free version of MBAM. And it seems to be running fine, thanks!

Also, i have an infected laptop as well, would you like me to post a new topic or just give the details here?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 11 March 2012 - 09:11 PM

Ok great.. a couple things here then we can do the lappy. Do post 2 on it and is it re directing web pages?


On this one you should still have a active or real time AV protection. Install this free AV ... I use this.

Avira Antivir



If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 iml2an

iml2an
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 12 March 2012 - 11:51 PM

Actually its a bit more complicated than that. I have Ubuntu installed on my Laptop as well as Windows 7. They both run together. Ubuntu is installed through Windows. So basically i can just uninstall it. Now I'm a complete noob when using Ubuntu but i like it. I don't know where the virus is that slows down my laptop, Windows or Ubuntu. I don't really know much about Ubuntu or the anti-virus it has so i don't have any installed.

I ran MBAM and no viruses came up. I ran MiniToolBox and this came up. I wasn't gonna put it up but it seems like somethings wrong, do take a look please, thanks!

MiniToolBox by Farbar Version: 18-01-2012
Ran by Rizwan (administrator) on 13-03-2012 at 00:43:05
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B95 Wireless Network Adapter = Wireless Network Connection 2 (Connected)
Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Adrenaline
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
Physical Address. . . . . . . . . : C4-17-FE-2E-C1-FB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::55c2:6270:65d7:4734%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, February 04, 1876 6:51:05 PM
Lease Expires . . . . . . . . . . : Tuesday, March 20, 2012 12:19:21 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 331618302
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-F1-D4-07-70-5A-B6-23-A5-49
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
0.0.0.0
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 70-5A-B6-23-A5-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3D04A317-2920-4F7C-B1D7-295A08AAF109}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {6D18F6D3-B45D-49A4-9BFB-68330B3BD9DB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:102b:8ff:3f57:ff99(Preferred)
Link-local IPv6 Address . . . . . : fe80::102b:8ff:3f57:ff99%23(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 173.194.43.0
173.194.43.1
173.194.43.2
173.194.43.3
173.194.43.4
173.194.43.5
173.194.43.6
173.194.43.7
173.194.43.8
173.194.43.9
173.194.43.14


Pinging google.com [173.194.43.0] with 32 bytes of data:
Reply from 173.194.43.0: bytes=32 time=21ms TTL=54
Reply from 173.194.43.0: bytes=32 time=18ms TTL=54

Ping statistics for 173.194.43.0:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 21ms, Average = 19ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.127.62
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=60ms TTL=50
Reply from 209.191.122.70: bytes=32 time=62ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 62ms, Average = 61ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...c4 17 fe 2e c1 fb ......Atheros AR5B95 Wireless Network Adapter
11...70 5a b6 23 a5 49 ......Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
25...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
27...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.102 281
192.168.0.102 255.255.255.255 On-link 192.168.0.102 281
192.168.0.255 255.255.255.255 On-link 192.168.0.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
23 58 ::/0 On-link
1 306 ::1/128 On-link
23 58 2001::/32 On-link
23 306 2001:0:5ef5:79fd:102b:8ff:3f57:ff99/128
On-link
12 281 fe80::/64 On-link
23 306 fe80::/64 On-link
23 306 fe80::102b:8ff:3f57:ff99/128
On-link
12 281 fe80::55c2:6270:65d7:4734/128
On-link
1 306 ff00::/8 On-link
23 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/02/2012 10:55:07 PM) (Source: Google Update) (User: Rizwan)Rizwan
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (03/02/2012 06:06:02 PM) (Source: Google Update) (User: Rizwan)Rizwan
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request retur

Error: (02/29/2012 02:21:09 PM) (Source: LogMeIn Guardian) (User: SYSTEM)SYSTEM
Description: d96ed14e30d6af8dccb7a2196e990771

Error: (02/23/2012 01:45:22 AM) (Source: Google Update) (User: Rizwan)Rizwan
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (02/05/2012 11:52:40 PM) (Source: Google Update) (User: Rizwan)Rizwan
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (12/26/2011 05:15:12 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {281e2c8d-05cc-4b46-8de4-4457b6dca6ac}

Error: (12/22/2011 00:41:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: NisSrv.exe, version: 3.0.8402.0, time stamp: 0x4db89a7b
Faulting module name: IpsConsumer.dll, version: 3.0.8402.0, time stamp: 0x4db89a85
Exception code: 0xc0000005
Fault offset: 0x000119fc
Faulting process id: 0xab8
Faulting application start time: 0xNisSrv.exe0
Faulting application path: NisSrv.exe1
Faulting module path: NisSrv.exe2
Report Id: NisSrv.exe3

Error: (12/19/2011 09:01:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 8.0.1.4341, time stamp: 0x4ec9a0a8
Faulting module name: icuuc36.dll, version: 3.6.0.0, time stamp: 0x470efe15
Exception code: 0xc0000005
Fault offset: 0x00001f94
Faulting process id: 0xafc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/20/2011 10:30:55 PM) (Source: Google Update) (User: Rizwan)Rizwan
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (10/20/2011 05:36:19 PM) (Source: Google Update) (User: Rizwan)Rizwan
Description: Network Request Error.
Error: 0x8004212e. Http status code: 302.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212e. Http status code 302.
trying WinHTTP.
Send request returned 0x80072f8f. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request r


System errors:
=============
Error: (03/13/2012 01:19:20 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/11/2012 00:30:20 AM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error:
%%13

Error: (03/11/2012 00:30:12 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/09/2012 10:10:38 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/07/2012 05:57:30 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/06/2012 06:41:40 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/02/2012 10:10:39 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (03/02/2012 10:09:40 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/02/2012 03:09:56 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (03/02/2012 00:16:10 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acer Crystal Eye Webcam (Version: 2.2.5.1)
Acer ePower Management (Version: 4.05.3004)
Acer eRecovery Management (Version: 4.05.3005)
Acer ScreenSaver (Version: 1.2.1026)
Acer Updater (Version: 1.01.3017)
Acer VCM (Version: 4.05.3000)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.1 MUI (Version: 9.1.0)
AIM 7
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.14)
Boingo Wi-Fi (Version: 1.7.0020)
CCleaner (Version: 2.33)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
DivX Web Player (Version: 1.5.0)
Download Updater (AOL LLC)
F.lux
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Feedback Tool (Version: 1.1.0)
Garmin Communicator Plugin (Version: 2.9.3)
Garmin USB Drivers (Version: 2.3.0.0)
Google Chrome (Version: 17.0.963.78)
Identity Card (Version: 1.00.3002)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.1929)
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
JDownloader
Junk Mail filter update (Version: 14.0.8089.726)
Launch Manager (Version: 3.0.07)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Inspector smart recovery (Version: 4.50)
Realtek High Definition Audio Driver (Version: 6.0.1.5999)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.1 (Version: 5.1.112)
Spybot - Search & Destroy (Version: 1.6.2)
StarterBackgroundChanger (Version: 0.8.1.0)
Synaptics Pointing Device Driver (Version: 14.0.12.0)
Ubuntu (Version: 10.10-rev197)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VLC media player 1.1.0 (Version: 1.1.0)
Welcome Center (Version: 1.00.3008)
Windows Driver Package - ENE (EUCR) USB (11/23/2009 5.89.0.62) (Version: 11/23/2009 5.89.0.62)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1013.23 MB
Available physical RAM: 433.52 MB
Total Pagefile: 2037.23 MB
Available Pagefile: 1289.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.16 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:54.07 GB) NTFS

========================= Users: ========================================

User accounts for \\ADRENALINE

Administrator Guest Rizwan


**** End of log ****



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 13 March 2012 - 04:33 PM

Ok, I think with rgat set uo we should posy a DDS log,its safer.
We need a deeper look. Please go here....Preparation Guide .

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users