Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus is one tough customer


  • Please log in to reply
32 replies to this topic

#1 MFlavaz

MFlavaz

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 01:52 PM

I've got a pretty nasty redirect virus here on my windows 7, amd gaming rig. I'm something of a technical guy and it's got me really scratching my head here. I've ran every reputable virus/malware and spyware removal tool out there and nothing recognizes this thing. Not even in safe mode. My host file also is normal.

Symptoms:
While in Mozilla or IE, I am often able to search and pull up results, but when I click on a result, I'm redirected to a bogus ad page. For a split second the address bar reads "Click to get Answers" before connection to a bogus ad. When trying to download anything, both IE and Firefox crash. Kaspersky has been the only thing to pick up on a trace as it finds 1 or 2 dropped tmp files that look like "pvqqbaa.tmp." . They respawn with a similar name after reboot no matter if deleted or quarantined. So there's a dropper somewhere.

I've done much research as this is something similar to the google redirect virus but no one has had had much success laying out a workable plan to defeat that. It also changes my desktop taskbar and overall look to appear nearly like safe mode yet alittle mangled. You can tell off the bat, something's not right.

Any help would be sincerely appreciated.

Mike

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:47 PM

Posted 26 May 2012 - 02:03 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 02:56 PM

Security check would not properly run or display a text file on either regular startup or safemode. After "preparing," It says "no instances available" and closes.

However, I'll have the other 3 logs to you momentarily.

Thanks for your extra fast response. It means alot.

-Mike

#4 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 04:06 PM

Here ya go.

Farbar Service Scanner Version: 25-05-2012
Ran by Flavaz (administrator) on 26-05-2012 at 15:34:27
Running from "C:\Users\Flavaz\Desktop\TSs"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2009-07-13 19:21] - [2009-07-13 21:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



MiniToolBox by Farbar Version: 14-01-2012
Ran by Flavaz (administrator) on 26-05-2012 at 15:38:21
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Minimal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Flavaz-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Unable to contact IP driver. General failure.

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/26/2012 03:22:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avfsmn.

System Error:
The system cannot find the file specified.
.

Error: (05/26/2012 03:09:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 12.0.0.4493, time stamp: 0x4f9207d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000222c3
Faulting process id: 0xe88
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (05/26/2012 02:45:30 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (05/26/2012 02:45:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (05/26/2012 02:45:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (05/26/2012 02:36:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab86
Exception code: 0xc0000005
Fault offset: 0x0002df85
Faulting process id: 0x16bc
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (05/26/2012 02:34:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/26/2012 02:34:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 12.0.0.4493, time stamp: 0x4f9207d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000222c3
Faulting process id: 0x12d0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (05/26/2012 01:00:11 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (05/26/2012 01:00:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server


System errors:
=============
Error: (05/26/2012 03:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 03:31:45 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/26/2012 03:31:45 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (05/26/2012 03:22:21 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary avfsmn.

System Error:
The system cannot find the file specified.

Error: (05/26/2012 03:09:24 PM) (Source: Application Error)(User: )
Description: firefox.exe12.0.0.44934f9207d9unknown0.0.0.000000000c0000005000222c3e8801cd3b730eac1e4bC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown4e18e5f4-a766-11e1-aad3-20cf30f55e7b

Error: (05/26/2012 02:45:30 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (05/26/2012 02:45:30 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (05/26/2012 02:45:30 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (05/26/2012 02:36:13 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7600.166954cc7ab86c00000050002df8516bc01cd3b6e6d3e13fbC:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dllab19fc95-a761-11e1-b703-20cf30f55e7b

Error: (05/26/2012 02:34:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2012 02:34:20 PM) (Source: Application Error)(User: )
Description: firefox.exe12.0.0.44934f9207d9unknown0.0.0.000000000c0000005000222c312d001cd3b6e28336c0eC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown67ab0950-a761-11e1-b703-20cf30f55e7b

Error: (05/26/2012 01:00:11 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (05/26/2012 01:00:11 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Media Player (Version: 1.8)
AMD Fuel (Version: 2011.0126.1749.31909)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.812.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Stream SDK v2 Developer (Version: 2.3.0.0)
Bandicam
Bandisoft MPEG-1 Decoder
Bonjour (Version: 3.0.0.10)
Browser Configuration Utility (Version: 1.0.12.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909)
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909)
ccc-core-static (Version: 2011.0126.1749.31909)
ccc-utility64 (Version: 2011.0126.1749.31909)
CCC Help English (Version: 2011.0126.1748.31909)
CCleaner (Version: 3.05)
Curse Client (Version: 4.0.1.260)
DAEMON Tools Lite (Version: 4.40.2.0131)
Diablo III (Version: 1.0.1.9558)
eLicenser Control
EPSON NX420 Series Printer Uninstall
EPSON Scan
EPU (Version: 1.02.21)
Express Gate (Version: 1.5.17.11)
Grand Theft Auto - Vice City (Version: 1.1)
GTA San Andreas (Version: 1.00.00001)
IrfanView (remove only) (Version: 4.28)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
KORG KONTROL Editor (Version: 1.20.0022)
KORG USB-MIDI Driver Tools for Windows (Version: 1.13.0601)
League of Legends (Version: 1.3)
M-Audio Delta Driver 6.0.2 (x64) (Version: 6.0.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Mumble 1.2.3 (Version: 1.2.3)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver (Version: 270.61)
NVIDIA 3D Vision Controller Driver 270.61 (Version: 270.61)
NVIDIA 3D Vision Driver 270.61 (Version: 270.61)
NVIDIA Control Panel 270.61 (Version: 270.61)
NVIDIA Graphics Driver 270.61 (Version: 270.61)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.270.54.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7061)
NVIDIA Update 1.1.34 (Version: 1.1.34)
NVIDIA Update Components (Version: 1.1.34)
Origin (Version: 8.3.7.3619)
Pando Media Booster (Version: 2.6.0.7)
PDF Settings CS5 (Version: 10.0)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6151)
RealUpgrade 1.1 (Version: 1.1.0)
Reason 5.0 (Version: 5.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Steinberg Cubase 6 (Version: 6.0.2)
Steinberg Cubase 6 64bit (Version: 6.0.2)
Steinberg Drum Loop Expansion 01 (Version: 2.0.0.0)
Steinberg Groove Agent ONE Content (Version: 1.0.0.003)
Steinberg Groove Agent ONE Vintage Beatboxes (Version: 1.0.0.000)
Steinberg HALion Sonic SE (Version: 1.5.2)
Steinberg HALion Sonic SE 64bit (Version: 1.5.2)
Steinberg HALion Sonic SE Content (Version: 1.5.2.000)
Steinberg LoopMash Content (Version: 2.0.0.000)
Steinberg LoopMash Content 2 (Version: 1.0.0.000)
Steinberg REVerence Content 01 (Version: 2.0.1.000)
Steinberg VST Amp Rack Content 01 (Version: 1.0.0.000)
The Sims 3
The Sims™ 3 (Version: 1.33.2)
The Sims™ 3 Late Night (Version: 6.5.1)
The Witcher 2 (Version: 1.00.0000)
Trine 2
TurboV EVO (Version: 1.02.32)
Uninstall Analog Laboratory
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
VirtualDJ LE (MixTrack Pro) (Version: 7.0.4)
Vz In Home Agent (Version: 8.03.53)
World of Warcraft (Version: 4.3.4.15595)

========================= Devices: ================================

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 6%
Total physical RAM: 16383.18 MB
Available physical RAM: 15310.95 MB
Total Pagefile: 32764.5 MB
Available Pagefile: 31703.35 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.53 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:269.8 GB) NTFS
2 Drive d: (WNDA3100v2) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
3 Drive e: (Flavaz) (Fixed) (Total:465.63 GB) (Free:383.72 GB) NTFS
4 Drive f: (USB DISK) (Removable) (Total:7.45 GB) (Free:6.7 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator Flavaz Guest
UpdatusUser


**** End of log ****



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.26.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Flavaz :: FLAVAZ-PC [administrator]

5/26/2012 3:43:33 PM
mbam-log-2012-05-26 (16-34-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 438642
Time elapsed: 50 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\AnalogLaboratory.dll (Spyware.OnlineGames) -> No action taken.

(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 16:36:16
-----------------------------
16:36:16.118 OS Version: Windows x64 6.1.7600
16:36:16.118 Number of processors: 4 586 0x403
16:36:16.118 ComputerName: FLAVAZ-PC UserName: Flavaz
16:36:17.737 Initialize success
16:36:45.713 AVAST engine defs: 12052601
16:37:03.638 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:37:03.643 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
16:37:03.649 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
16:37:03.655 Disk 1 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
16:37:03.678 Disk 0 MBR read successfully
16:37:03.680 Disk 0 MBR scan
16:37:03.684 Disk 0 Windows 7 default MBR code
16:37:03.688 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
16:37:03.737 Disk 0 scanning C:\Windows\system32\drivers
16:37:16.285 Service scanning
16:37:46.521 Modules scanning
16:37:46.540 Disk 0 trace - called modules:
16:37:46.567 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
16:37:46.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800da65060]
16:37:46.589 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> [0xfffffa800d9ae9b0]
16:37:46.600 5 ACPI.sys[fffff88000fab781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800da52060]
16:37:53.084 AVAST engine scan C:\Windows
16:37:57.934 AVAST engine scan C:\Windows\system32
16:46:36.306 AVAST engine scan C:\Windows\system32\drivers
16:47:35.844 AVAST engine scan C:\Users\Flavaz
16:55:22.088 AVAST engine scan C:\ProgramData
16:59:00.932 Scan finished successfully
17:01:43.801 Disk 0 MBR has been saved successfully to "C:\Users\Flavaz\Desktop\Reply\MBR.dat"
17:01:43.805 The log file has been saved successfully to "C:\Users\Flavaz\Desktop\Reply\aswMBR.txt"



Let me know what you think. Thanks!

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:47 PM

Posted 26 May 2012 - 05:25 PM

Any particular reason why you ran all scans from safe mode?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 05:51 PM

Actually, I don't think I did. I may have ran one in Safe Mode because it was getting closed. I made sure I updated the two and scanned from there. I did inface lose the internet connection after updating although I'm fairly sure I didn't run all or perhaps any in safemode. However I must admit that I've been in and out of safe mode all day dealing with this so it's becoming a blur.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:47 PM

Posted 26 May 2012 - 06:41 PM

I need you to re-run FSS and MiniToolbox from normal mode.
Your MBAM log says "No action taken" so I need you to re-run it as well and fix all issues this time.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 07:11 PM

Okay. That sounds good. The Labatory.dll is a registered Arturia soft synthesizer. Not sure why that would be coming back negative.

Edited by MFlavaz, 26 May 2012 - 07:15 PM.


#9 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 07:22 PM

arbar Service Scanner Version: 25-05-2012
Ran by Flavaz (administrator) on 26-05-2012 at 20:17:46
Running from "C:\Users\Flavaz\Desktop\TSs"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============



MiniToolBox by Farbar Version: 14-01-2012
Ran by Flavaz (administrator) on 26-05-2012 at 20:19:13
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Flavaz-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 20-CF-30-F5-5E-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7463:e0b6:308f:aa36%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, May 26, 2012 8:10:07 PM
Lease Expires . . . . . . . . . . : Sunday, May 27, 2012 8:10:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 237031216
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0D-E8-F2-20-CF-30-F5-5E-7B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30c8:24f5:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::30c8:24f5:3f57:fefd%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.3
74.125.228.5
74.125.228.1
74.125.228.9
74.125.228.8
74.125.228.4
74.125.228.0
74.125.228.6
74.125.228.14
74.125.228.7
74.125.228.2


Pinging google.com [74.125.228.9] with 32 bytes of data:
Reply from 74.125.228.9: bytes=32 time=21ms TTL=55
Reply from 74.125.228.9: bytes=32 time=14ms TTL=55

Ping statistics for 74.125.228.9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 21ms, Average = 17ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=53ms TTL=50
Reply from 98.139.183.24: bytes=32 time=61ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 61ms, Average = 57ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...20 cf 30 f5 5e 7b ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:30c8:24f5:3f57:fefd/128
On-link
11 276 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::30c8:24f5:3f57:fefd/128
On-link
11 276 fe80::7463:e0b6:308f:aa36/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/26/2012 08:16:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (05/26/2012 05:41:17 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe Files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe" ; Description = StopZILLA! Restore Point.; Error = 0x8007043c).

Error: (05/26/2012 05:34:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/26/2012 04:39:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16722, time stamp: 0x4d0c2f29
Faulting module name: ws2_32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb4a
Exception code: 0xc0000005
Fault offset: 0x00006af9
Faulting process id: 0xf70
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/26/2012 03:22:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avfsmn.

System Error:
The system cannot find the file specified.
.

Error: (05/26/2012 03:09:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 12.0.0.4493, time stamp: 0x4f9207d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000222c3
Faulting process id: 0xe88
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (05/26/2012 02:45:30 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (05/26/2012 02:45:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (05/26/2012 02:45:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (05/26/2012 02:36:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab86
Exception code: 0xc0000005
Fault offset: 0x0002df85
Faulting process id: 0x16bc
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3


System errors:
=============
Error: (05/26/2012 08:10:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv

Error: (05/26/2012 05:40:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 05:40:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 05:40:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 05:40:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 05:40:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 05:40:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/26/2012 05:40:36 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/26/2012 05:40:36 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/26/2012 05:40:35 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (05/26/2012 08:16:04 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/26/2012 05:41:17 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe Files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe" StopZILLA! Restore Point.0x8007043c

Error: (05/26/2012 05:34:10 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\STOPzilla!\STOPzilla.exe

Error: (05/26/2012 04:39:42 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.167224d0c2f29ws2_32.dll6.1.7600.163854a5bdb4ac000000500006af9f7001cd3b7fac16cf25C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\ws2_32.dlleb6bc8b4-a772-11e1-911c-20cf30f55e7b

Error: (05/26/2012 03:22:21 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary avfsmn.

System Error:
The system cannot find the file specified.

Error: (05/26/2012 03:09:24 PM) (Source: Application Error)(User: )
Description: firefox.exe12.0.0.44934f9207d9unknown0.0.0.000000000c0000005000222c3e8801cd3b730eac1e4bC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown4e18e5f4-a766-11e1-aad3-20cf30f55e7b

Error: (05/26/2012 02:45:30 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (05/26/2012 02:45:30 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (05/26/2012 02:45:30 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (05/26/2012 02:36:13 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637ntdll.dll6.1.7600.166954cc7ab86c00000050002df8516bc01cd3b6e6d3e13fbC:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\ntdll.dllab19fc95-a761-11e1-b703-20cf30f55e7b


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Media Player (Version: 1.8)
AMD Fuel (Version: 2011.0126.1749.31909)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.812.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Stream SDK v2 Developer (Version: 2.3.0.0)
Bandicam
Bandisoft MPEG-1 Decoder
Bonjour (Version: 3.0.0.10)
Browser Configuration Utility (Version: 1.0.12.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909)
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909)
ccc-core-static (Version: 2011.0126.1749.31909)
ccc-utility64 (Version: 2011.0126.1749.31909)
CCC Help English (Version: 2011.0126.1748.31909)
CCleaner (Version: 3.05)
Curse Client (Version: 4.0.1.260)
DAEMON Tools Lite (Version: 4.40.2.0131)
Diablo III (Version: 1.0.1.9558)
eLicenser Control
EPSON NX420 Series Printer Uninstall
EPSON Scan
EPU (Version: 1.02.21)
Express Gate (Version: 1.5.17.11)
Grand Theft Auto - Vice City (Version: 1.1)
GTA San Andreas (Version: 1.00.00001)
IrfanView (remove only) (Version: 4.28)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
KORG KONTROL Editor (Version: 1.20.0022)
KORG USB-MIDI Driver Tools for Windows (Version: 1.13.0601)
League of Legends (Version: 1.3)
M-Audio Delta Driver 6.0.2 (x64) (Version: 6.0.2)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Mumble 1.2.3 (Version: 1.2.3)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver (Version: 270.61)
NVIDIA 3D Vision Controller Driver 270.61 (Version: 270.61)
NVIDIA 3D Vision Driver 270.61 (Version: 270.61)
NVIDIA Control Panel 270.61 (Version: 270.61)
NVIDIA Graphics Driver 270.61 (Version: 270.61)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.270.54.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7061)
NVIDIA Update 1.1.34 (Version: 1.1.34)
NVIDIA Update Components (Version: 1.1.34)
Origin (Version: 8.3.7.3619)
Pando Media Booster (Version: 2.6.0.7)
PDF Settings CS5 (Version: 10.0)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6151)
RealUpgrade 1.1 (Version: 1.1.0)
Reason 5.0 (Version: 5.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Steinberg Cubase 6 (Version: 6.0.2)
Steinberg Cubase 6 64bit (Version: 6.0.2)
Steinberg Drum Loop Expansion 01 (Version: 2.0.0.0)
Steinberg Groove Agent ONE Content (Version: 1.0.0.003)
Steinberg Groove Agent ONE Vintage Beatboxes (Version: 1.0.0.000)
Steinberg HALion Sonic SE (Version: 1.5.2)
Steinberg HALion Sonic SE 64bit (Version: 1.5.2)
Steinberg HALion Sonic SE Content (Version: 1.5.2.000)
Steinberg LoopMash Content (Version: 2.0.0.000)
Steinberg LoopMash Content 2 (Version: 1.0.0.000)
Steinberg REVerence Content 01 (Version: 2.0.1.000)
Steinberg VST Amp Rack Content 01 (Version: 1.0.0.000)
The Sims 3
The Sims™ 3 (Version: 1.33.2)
The Sims™ 3 Late Night (Version: 6.5.1)
The Witcher 2 (Version: 1.00.0000)
Trine 2
TurboV EVO (Version: 1.02.32)
Uninstall Analog Laboratory
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
VirtualDJ LE (MixTrack Pro) (Version: 7.0.4)
Vz In Home Agent (Version: 8.03.53)
World of Warcraft (Version: 4.3.4.15595)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 16383.18 MB
Available physical RAM: 14321.32 MB
Total Pagefile: 32764.5 MB
Available Pagefile: 30726.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.34 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:268.96 GB) NTFS
2 Drive d: (WNDA3100v2) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
3 Drive e: (Flavaz) (Fixed) (Total:465.63 GB) (Free:383.72 GB) NTFS
4 Drive f: (USB DISK) (Removable) (Total:7.45 GB) (Free:6.7 GB) FAT32

========================= Users: ========================================

User accounts for \\FLAVAZ-PC

Administrator Flavaz Guest
UpdatusUser


**** End of log ****




Malwarebytes log coming up in a few.

Thanks!

#10 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 07:29 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.26.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Flavaz :: FLAVAZ-PC [administrator]

5/26/2012 8:23:12 PM
mbam-log-2012-05-26 (20-23-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223260
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\AnalogLaboratory.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

(end)

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:47 PM

Posted 26 May 2012 - 08:22 PM

So far I don't see much....

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

============================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 08:36 PM

Yes, I know what you mean. As of right now, if I pull up a browser and do a search, the results/links look really old school, as in what they would look like 10 years ago. Lack of coloration, and placement on the webpage is all over the place. Aside from that, the connection is mad slow and of course i"m still being redirected to random pages. Aside from that, it's blocked use of games. It seems that IE and FF crash pretty quick now too. Also, no matter if I change my display settings to a more visually pleasing desktop...It always reverts back to an old, colorless, safe mode looking desktop. My adobe cs5 needs reinstall now for some reason and so does my analog laboratory, which isn't that big of a deal. I'm also a producer and freelance editor and to have to do a complete wipe, back up, and reinstall is going to be a nightmare. I'd like to avoid that. Whatever this is, it's a pretty nasty thing. I'll be right back with GMER and Bootkit. Again, thanks alot for all your help!

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:47 PM

Posted 26 May 2012 - 08:37 PM

Sure thing :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 MFlavaz

MFlavaz
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 May 2012 - 08:50 PM

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


GMER took all of 2 secs to provide me with this which i'm assuming is normal. BOOTKIT log coming up next...

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:47 PM

Posted 26 May 2012 - 08:56 PM

You just posted it :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users