Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Financial site redirect


  • Please log in to reply
4 replies to this topic

#1 stsa84

stsa84

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 10 May 2012 - 03:48 PM

To whoever picks up this post, thank you! You guys have worked miracles for me in the past and I know you will again.

When I try to access my USAA account (banking, insurance, etc), after logging in, I am redirected to a page that appears legit, but is asking for every piece of financial and security info about me (account numbers, credit card info, ATM pin, mother's maiden name, etc). Normally I'd be asked my website login PIN and then brought into my account. I called USAA and they verified that this page is not theirs. (Thought I'd mention, I immediately changed my login info from another computer.)

Redirect website url and image: https://www.usaa.com/inet/ent_logon/j_security_check

Posted Image

Internet browsing is also somewhat slow, the mouse arrow flickers on certain sites, and certain sites that I frequent are loading improperly. I did a speed test and have no problem with my internet connection (25/5 mb/s download/upload speeds)

I performed MBAM and SAS scans, results below:

MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.10.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
AaronRach :: AARONRACH-PC [administrator]

Protection: Disabled

5/10/2012 3:40:47 PM
mbam-log-2012-05-10 (15-40-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189175
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/10/2012 at 04:22 PM

Application Version : 5.0.1148

Core Rules Database Version : 8582
Trace Rules Database Version: 6394

Scan type : Complete Scan
Total Scan Time : 00:30:34

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 352
Memory threats detected : 0
Registry items scanned : 34538
Registry threats detected : 0
File items scanned : 37340
File threats detected : 85

Adware.Tracking Cookie
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\E7B345TM.txt [ /doubleclick.net ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\CAH3E5Q5.txt [ /statse.webtrendslive.com ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\6RIH0MZO.txt [ /serving-sys.com ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\SDAPVRJJ.txt [ /ads.pointroll.com ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\TRDH9PDB.txt [ /atdmt.com ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\EH5VQWSK.txt [ /pointroll.com ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\0NC2EYKT.txt [ /imrworldwide.com ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\9GO3LBAV.txt [ /eyewonder.com ]
C:\Users\AaronRach\AppData\Roaming\Microsoft\Windows\Cookies\O6UJOPCC.txt [ /questionmarket.com ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3404GFZQ.txt [ Cookie:aaronrach@adxpose.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RS80L3V.txt [ Cookie:aaronrach@yieldmanager.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\3LP8YU8U.txt [ Cookie:aaronrach@tribalfusion.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\KURFNGUP.txt [ Cookie:aaronrach@fastclick.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\WXND1RV5.txt [ Cookie:aaronrach@doubleclick.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWR4XPKN.txt [ Cookie:aaronrach@collective-media.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYHIENHS.txt [ Cookie:aaronrach@specificclick.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\AOXX4IBW.txt [ Cookie:aaronrach@at.atwola.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\2E5FMEYQ.txt [ Cookie:aaronrach@adbrite.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\I860L42X.txt [ Cookie:aaronrach@c.atdmt.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\N2T1XGKM.txt [ Cookie:aaronrach@interclick.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\1TU4YHMV.txt [ Cookie:aaronrach@legolas-media.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\IK1YVYKB.txt [ Cookie:aaronrach@ads.pointroll.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\CTOR546R.txt [ Cookie:aaronrach@lucidmedia.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NPHIRDG.txt [ Cookie:aaronrach@mediaplex.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8NGMKYW.txt [ Cookie:aaronrach@intermundomedia.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\8OUXDGM0.txt [ Cookie:aaronrach@invitemedia.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\LI4XKM7A.txt [ Cookie:aaronrach@revsci.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYFPL1YA.txt [ Cookie:aaronrach@2o7.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\1KUU3VVQ.txt [ Cookie:aaronrach@ad.yieldmanager.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\DOCDOXVQ.txt [ Cookie:aaronrach@microsoftsto.112.2o7.net/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\PF6UFFFL.txt [ Cookie:aaronrach@a1.interclick.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\A4FOSEAI.txt [ Cookie:aaronrach@azjmp.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\UTIP3126.txt [ Cookie:aaronrach@imrworldwide.com/cgi-bin ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\494NXQW3.txt [ Cookie:aaronrach@eyewonder.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWS6TNLQ.txt [ Cookie:aaronrach@zedo.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWMBFV9L.txt [ Cookie:aaronrach@ru4.com/ ]
C:\USERS\AARONRACH\AppData\Roaming\Microsoft\Windows\Cookies\Low\I470A8TL.txt [ Cookie:aaronrach@apmebf.com/ ]
C:\USERS\AARONRACH\Cookies\E7B345TM.txt [ Cookie:aaronrach@doubleclick.net/ ]
C:\USERS\AARONRACH\Cookies\CAH3E5Q5.txt [ Cookie:aaronrach@statse.webtrendslive.com/ ]
C:\USERS\AARONRACH\Cookies\SDAPVRJJ.txt [ Cookie:aaronrach@ads.pointroll.com/ ]
C:\USERS\AARONRACH\Cookies\0NC2EYKT.txt [ Cookie:aaronrach@imrworldwide.com/cgi-bin ]
C:\USERS\AARONRACH\Cookies\9GO3LBAV.txt [ Cookie:aaronrach@eyewonder.com/ ]
ia.media-imdb.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
media.cbsinteractive.com.au [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
media.ign.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
media.lvrj.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
media.mtvnservices.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
media.salemwebnetwork.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
media.theonion.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
media1.break.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
msnbcmedia.msn.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
sftrack.searchforce.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
static.discoverymedia.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
video-http.media-imdb.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
videomedia.ign.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
www.clickorlando.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
www.clickthroughs2.me.uk [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
zdmedia.ziffdavis.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3NBRLUEJ ]
.accounts.google.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
www.columbiacountyga.gov [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
sales.liveperson.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
tracking.listhub.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.qksrv.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.qksrv.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.qksrv.net [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.columbiacountyga.gov [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.columbiacountyga.gov [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
.columbiacountyga.gov [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]
www.columbiacountyga.gov [ C:\USERS\AARONRACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5POGYT5F.DEFAULT\COOKIES.SQLITE ]

PUP.CNETInstaller
C:\USERS\AARONRACH\APPDATA\LOCAL\TEMP\ICREINSTALL\CNET2_FGEN_305_EXE.EXE


Thanks again!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 10 May 2012 - 04:55 PM

Does it happen in any browser?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 10 May 2012 - 08:51 PM

Hi Broni, thanks so much for the quick reply. This problem happens in both Firefox and IE. Please find the requested scan logs below.

Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
COMODO Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 30
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Internet & Security Avira Antivirus Avira AntiVir Desktop\sched.exe
Internet & Security Avira Antivirus Avira AntiVir Desktop\avshadow.exe
``````````End of Log````````````


Farbar Service Scanner:

Farbar Service Scanner Version: 08-05-2012
Ran by AaronRach (administrator) on 10-05-2012 at 21:15:22
Running from "C:\Users\AaronRach\Desktop\Slow Stuff 2"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by AaronRach (administrator) on 10-05-2012 at 21:16:55
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AaronRach-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-1D-18-81-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9936:1834:d0f3:18af%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, May 10, 2012 4:35:37 PM
Lease Expires . . . . . . . . . . : Monday, June 17, 2148 3:45:18 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890269
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8B-C9-AB-00-24-1D-18-81-31
DNS Servers . . . . . . . . . . . : 192.168.2.1
75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8b6:2bb3:3f57:fdfc(Preferred)
Link-local IPv6 Address . . . . . : fe80::8b6:2bb3:3f57:fdfc%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.137.138
74.125.137.138


Pinging google.com [74.125.137.138] with 32 bytes of data:
Reply from 74.125.137.138: bytes=32 time=25ms TTL=48
Reply from 74.125.137.138: bytes=32 time=21ms TTL=48

Ping statistics for 74.125.137.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 25ms, Average = 23ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=142ms TTL=49
Reply from 72.30.38.140: bytes=32 time=118ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 118ms, Maximum = 142ms, Average = 130ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 24 1d 18 81 31 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 276
192.168.2.3 255.255.255.255 On-link 192.168.2.3 276
192.168.2.255 255.255.255.255 On-link 192.168.2.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:8b6:2bb3:3f57:fdfc/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::8b6:2bb3:3f57:fdfc/128
On-link
10 276 fe80::9936:1834:d0f3:18af/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/10/2012 09:38:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 12.0.0.4493, time stamp: 0x4f920759
Faulting module name: coreclr.dll, version: 4.1.10111.0, time stamp: 0x4f0e0e4f
Exception code: 0xc00000fd
Fault offset: 0x000157a0
Faulting process id: 0xafc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/10/2012 01:27:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38502

Error: (05/10/2012 01:27:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38502

Error: (05/10/2012 01:27:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/10/2012 01:27:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37503

Error: (05/10/2012 01:27:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37503

Error: (05/10/2012 01:27:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/10/2012 01:27:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36489

Error: (05/10/2012 01:27:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36489

Error: (05/10/2012 01:27:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/10/2012 04:38:52 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue\SystemRoot\System32\LogFiles\HTTPERR\httperr1.log

Error: (05/10/2012 03:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2012 03:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2012 03:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2012 03:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2012 03:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2012 03:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2012 03:49:07 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/10/2012 03:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2012 03:49:04 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (05/10/2012 09:38:58 AM) (Source: Application Error)(User: )
Description: plugin-container.exe12.0.0.44934f920759coreclr.dll4.1.10111.04f0e0e4fc00000fd000157a0afc01cd2eb2223136faC:\Program Files\Internet & Security\Firefox\plugin-container.exeC:\Program Files\Microsoft Silverlight\4.1.10111.0\coreclr.dll7e3b8c47-9aa5-11e1-861c-00241d188131

Error: (05/10/2012 01:27:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38502

Error: (05/10/2012 01:27:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38502

Error: (05/10/2012 01:27:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/10/2012 01:27:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37503

Error: (05/10/2012 01:27:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37503

Error: (05/10/2012 01:27:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/10/2012 01:27:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36489

Error: (05/10/2012 01:27:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36489

Error: (05/10/2012 01:27:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

AC3Filter 1.63b (Version: 1.63b)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.25.1010.0)
Canon MP495 series MP Drivers
Canon MP495 series User Registration
COMODO Internet Security (Version: 4.0.10770.828)
COMODO livePCsupport (Version: 3.0.133262.11)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.8)
erLT (Version: 1.20.138.34)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.111)
Haali Media Splitter
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
K-Lite Codec Pack 6.0.0 (Basic) (Version: 6.0.0)
LAME v3.98.2 for Audacity
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.20.1166.0)
LWS Gallery (Version: 13.20.1166.0)
LWS Help_main (Version: 13.25.1016.0)
LWS Launcher (Version: 13.20.1166.0)
LWS Motion Detection (Version: 13.20.1176.0)
LWS Pictures And Video (Version: 13.25.1010.0)
LWS Twitter (Version: 13.20.1166.0)
LWS Video Mask Maker (Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (Version: 13.20.1168.0)
LWS WLM Plugin (Version: 1.20.1166.0)
LWS YouTube Plugin (Version: 13.20.1166.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Matroska Pack
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Firefox 4.0b8 (x86 en-US) (Version: 4.0b8)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings CS5 (Version: 10.0)
Picasa 3 (Version: 3.8)
PS3 Media Server
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6077)
SIW version 2011.09.16 (Version: 2011.09.16)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.3 (Version: 5.3.120)
Spotify (Version: 0.5.2)
Spotify (Version: 0.8.3.222.g317ab79d)
StreamTorrent 1.0
SUPERAntiSpyware (Version: 5.0.1148)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Devices: ================================

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3061.49 MB
Available physical RAM: 1783.91 MB
Total Pagefile: 6121.27 MB
Available Pagefile: 4433.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930 MB

========================= Partitions: =====================================

1 Drive c: (System) (Fixed) (Total:97.65 GB) (Free:11.41 GB) NTFS
2 Drive d: (Media) (Fixed) (Total:600.97 GB) (Free:88.11 GB) NTFS
4 Drive g: (HP V100W) (Removable) (Total:7.45 GB) (Free:1.71 GB) FAT32
5 Drive x: (Mass Storage) (Fixed) (Total:1863.01 GB) (Free:1776.82 GB) NTFS
6 Drive z: (Storage) (Fixed) (Total:186.31 GB) (Free:186.2 GB) NTFS

========================= Users: ========================================

User accounts for \\AARONRACH-PC

AaronRach Administrator Guest


**** End of log ****



aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-10 21:22:22
-----------------------------
21:22:22.343 OS Version: Windows 6.1.7601 Service Pack 1
21:22:22.343 Number of processors: 2 586 0x1706
21:22:22.343 ComputerName: AARONRACH-PC UserName: AaronRach
21:22:25.307 Initialize success
21:22:30.299 AVAST engine defs: 12051001
21:22:32.920 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
21:22:32.920 Disk 0 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907728MB BusType: 3
21:22:32.935 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6
21:22:32.935 Disk 1 Vendor: WDC_WD2000JB-00GVC0 08.02D08 Size: 190781MB BusType: 3
21:22:32.935 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
21:22:32.935 Disk 2 Vendor: WDC_WD7500AACS-00D6B0 01.01A01 Size: 715403MB BusType: 3
21:22:32.951 Disk 2 MBR read successfully
21:22:32.951 Disk 2 MBR scan
21:22:32.967 Disk 2 Windows XP default MBR code
21:22:32.967 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
21:22:32.982 Disk 2 Partition - 00 0F Extended LBA 615396 MB offset 204796620
21:22:32.998 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 615396 MB offset 204796683
21:22:32.998 Disk 2 scanning sectors +1465128000
21:22:33.544 Disk 2 scanning C:\Windows\system32\drivers
21:22:47.584 Service scanning
21:23:11.920 Modules scanning
21:23:19.736 Disk 2 trace - called modules:
21:23:19.751 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:23:19.751 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8614f648]
21:23:19.767 3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> [0x85cc7878]
21:23:19.767 5 ACPI.sys[8ae903d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85cc1030]
21:23:20.594 AVAST engine scan C:\Windows
21:23:22.622 AVAST engine scan C:\Windows\system32
21:26:41.402 AVAST engine scan C:\Windows\system32\drivers
21:26:55.272 AVAST engine scan C:\Users\AaronRach
21:41:18.709 AVAST engine scan C:\ProgramData
21:43:10.926 File: C:\ProgramData\Windows\wsse.dll **INFECTED** Win32:LockScreen-GB [Trj]
21:43:11.472 Scan finished successfully
21:43:59.273 Disk 2 MBR has been saved successfully to "C:\Users\AaronRach\Desktop\Slow Stuff 2\MBR.dat"
21:43:59.289 The log file has been saved successfully to "C:\Users\AaronRach\Desktop\Slow Stuff 2\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:27 AM

Posted 10 May 2012 - 11:37 PM

It looks like something is there:
C:\ProgramData\Windows\wsse.dll **INFECTED** Win32:LockScreen-GB [Trj]
First of all there is no legit wsse.dll file.
Secondly there shouldn't be "Windows" folder on "Program Data" folder.

To play it safe I suggest you opt for more advanced checks.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 stsa84

stsa84
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 11 May 2012 - 09:50 AM

New post: http://www.bleepingcomputer.com/forums/topic453286.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users