Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirection in SERPs


  • Please log in to reply
9 replies to this topic

#1 JoeSaswic

JoeSaswic

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2012 - 12:06 PM

Hi all. I have random results being redirected to what appear to be affiliate related products. For example, if I search "Spybot," the first result is obviously the spybot homepage. Hovering shows it will go to the correct page but it ends up jumping through the same IP as this poster. I can see it jumping through digital river then lands on a sale site for BitDefender. Some affiliate slime hijack.

Anyways, since this is the same problem as the other topic, I took the liberty of following the instructions there and will post them below. Thanks in advance.

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 29
Out of date Java installed!
Adobe Flash Player 11.3.300.257
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Thermaltake Ttesports Ultimate Ttsystray3.exe
Thermaltake Ttesports Ultimate tTOSD2k1001.exe
``````````End of Log````````````


Farbar Service Scanner Version: 25-06-2012 01
Ran by Bobby (administrator) on 28-06-2012 at 12:18:56
Running from "C:\Users\Bobby\Downloads\Redirect"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


MiniToolBox by Farbar Version: 25-06-2012
Ran by Bobby (administrator) on 28-06-2012 at 12:20:59
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = HardWired (Connected)
DW1525 (802.11n) WLAN PCIe Card = Wireless Network Connection (Hardware not present)
TeamViewer VPN Adapter = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="HardWired" nexthop=192.168.1.1 publish=Yes
add address name="HardWired" address=192.168.1.200 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Bobby-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TeamViewer VPN Adapter
Physical Address. . . . . . . . . : 00-FF-36-BD-55-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter HardWired:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F0-4D-A2-3A-5C-C2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::24d2:1537:21dd:78f2%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 250629538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-7F-10-A9-F0-4D-A2-3A-5C-C2
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{73C5E4E0-B734-4E9E-953B-BF2CBCD71941}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 2607:f8b0:4004:801::1007
74.125.228.36
74.125.228.41
74.125.228.35
74.125.228.32
74.125.228.33
74.125.228.40
74.125.228.37
74.125.228.34
74.125.228.39
74.125.228.46
74.125.228.38


Pinging google.com [74.125.228.36] with 32 bytes of data:
Reply from 74.125.228.36: bytes=32 time=13ms TTL=252
Reply from 74.125.228.36: bytes=32 time=16ms TTL=252

Ping statistics for 74.125.228.36:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 16ms, Average = 14ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=69ms TTL=248
Reply from 209.191.122.70: bytes=32 time=69ms TTL=248

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 69ms, Average = 69ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...00 ff 36 bd 55 d1 ......TeamViewer VPN Adapter
10...f0 4d a2 3a 5c c2 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.200 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.200 266
192.168.1.200 255.255.255.255 On-link 192.168.1.200 266
192.168.1.255 255.255.255.255 On-link 192.168.1.200 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.200 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.200 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::24d2:1537:21dd:78f2/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/28/2012 11:03:48 AM) (Source: SDWinSec.exe) (User: )
Description: The service process could not connect to the service controller

Error: (06/27/2012 01:20:46 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0d3135a7-b812-4eba-92b0-

87d128a46eec}

Error: (06/26/2012 06:18:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version: 11.3.300.257, time stamp: 0x4fc82063
Faulting module name: NPSWF32_11_3_300_257.dll, version: 11.3.300.257, time stamp: 0x4fc821fc
Exception code: 0xc0000005
Fault offset: 0x0016b4ac
Faulting process id: 0x11c4
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_257.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_257.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_257.exe2
Report Id: FlashPlayerPlugin_11_3_300_257.exe3

Error: (06/24/2012 01:00:02 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup

settings and check the backup location. (0x81000006).

Error: (06/22/2012 03:39:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version: 11.3.300.257, time stamp: 0x4fc82063
Faulting module name: NPSWF32_11_3_300_257.dll, version: 11.3.300.257, time stamp: 0x4fc821fc
Exception code: 0xc0000005
Fault offset: 0x000ccb60
Faulting process id: 0x3b8
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_257.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_257.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_257.exe2
Report Id: FlashPlayerPlugin_11_3_300_257.exe3

Error: (06/17/2012 01:00:02 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup

settings and check the backup location. (0x81000006).

Error: (06/16/2012 08:43:58 AM) (Source: Application Hang) (User: )
Description: The program plugin-container.exe version 13.0.0.4535 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the

problem history in the Action Center control panel.

Process ID: c94

Start Time: 01cd4bbd36a17e40

Termination Time: 5

Application Path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

Report Id:

Error: (06/14/2012 02:13:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: vlc.exe, version: 2.0.1.0, time stamp: 0x4f63d546
Faulting module name: vlc.exe, version: 2.0.1.0, time stamp: 0x4f63d546
Exception code: 0xc0000005
Fault offset: 0x000016d5
Faulting process id: 0x6c4
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (06/10/2012 01:00:02 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup

settings and check the backup location. (0x81000006).

Error: (06/06/2012 00:40:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 12.0.6607.1000, time stamp: 0x4e398dcd
Faulting module name: OGL.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4f46f50b
Exception code: 0xc0000005
Fault offset: 0x66d30ae3
Faulting process id: 0x2548
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3


System errors:
=============
Error: (06/28/2012 03:30:53 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/28/2012 00:13:26 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/28/2012 00:13:16 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/28/2012 00:13:06 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/28/2012 00:12:56 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/28/2012 00:12:47 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/28/2012 00:11:37 AM) (Source: WMPNetworkSvc) (User: )
Description: 0xc00d28af192.168.1.201

Error: (06/27/2012 02:09:53 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (06/27/2012 03:31:38 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/26/2012 04:13:24 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1


Microsoft Office Sessions:
=========================
Error: (06/06/2012 00:40:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds

of active time. This session ended with a crash.

Error: (04/25/2012 02:41:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 77 seconds with 60

seconds of active time. This session ended with a crash.

Error: (11/24/2011 10:19:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 209762 seconds with

3120 seconds of active time. This session ended with a crash.

Error: (08/31/2011 11:22:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 54 seconds with 0

seconds of active time. This session ended with a crash.

Error: (07/27/2011 11:55:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 18 seconds with 0

seconds of active time. This session ended with a crash.

Error: (05/19/2011 11:34:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0

seconds of active time. This session ended with a crash.

Error: (01/06/2011 11:36:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3286 seconds with 240

seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR (Version: 3.0.0.4080)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Download Assistant (Version: 1.0.5)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Help Viewer CS3 (Version: 1)
Adobe PDF Library Files (Version: 8.0)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
ArcSoft TotalMedia Extreme (Version: 1.0.9.9)
ATI Catalyst Control Center (Version: 2.010.0517.1741)
Auction Sentry (Version: 4.0.4)
Audacity 2.0
Auslogics BoostSpeed (Version: 5.2)
AVS Cover Editor 2.0.1.3
AVS Disc Creator version 5.0.1
AVS DVD Authoring
AVS DVD Copy version 4.1.2
AVS Media Player 4.1.6.80
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.6.136
AVS4YOU Software Navigator 1.4
Better File Series
Blue cloner ver 2.50 build 516
Bonus Ball Scoreboard version 0.9.10.8 (Version: 0.9.10.8)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.5.0.7)
Canon Utilities EOS Utility (Version: 2.8.1.0)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0517.1742.29870)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0517.1742.29870)
Catalyst Control Center InstallProxy (Version: 2010.0517.1742.29870)
Catalyst Control Center Localization All (Version: 2010.0517.1742.29870)
ccc-core-static (Version: 2010.0517.1742.29870)
ccc-utility64 (Version: 2010.0517.1742.29870)
CCC Help Chinese Standard (Version: 2010.0517.1741.29870)
CCC Help Chinese Traditional (Version: 2010.0517.1741.29870)
CCC Help Czech (Version: 2010.0517.1741.29870)
CCC Help Danish (Version: 2010.0517.1741.29870)
CCC Help Dutch (Version: 2010.0517.1741.29870)
CCC Help English (Version: 2010.0517.1741.29870)
CCC Help Finnish (Version: 2010.0517.1741.29870)
CCC Help French (Version: 2010.0517.1741.29870)
CCC Help German (Version: 2010.0517.1741.29870)
CCC Help Greek (Version: 2010.0517.1741.29870)
CCC Help Hungarian (Version: 2010.0517.1741.29870)
CCC Help Italian (Version: 2010.0517.1741.29870)
CCC Help Japanese (Version: 2010.0517.1741.29870)
CCC Help Korean (Version: 2010.0517.1741.29870)
CCC Help Norwegian (Version: 2010.0517.1741.29870)
CCC Help Polish (Version: 2010.0517.1741.29870)
CCC Help Portuguese (Version: 2010.0517.1741.29870)
CCC Help Russian (Version: 2010.0517.1741.29870)
CCC Help Spanish (Version: 2010.0517.1741.29870)
CCC Help Swedish (Version: 2010.0517.1741.29870)
CCC Help Thai (Version: 2010.0517.1741.29870)
CCC Help Turkish (Version: 2010.0517.1741.29870)
CCleaner (Version: 3.18)
CloneDVD2 (Version: 2.9.2.8)
Conexant USB D400 V.92 Modem (Version: 2.0.20.0)
CPUID CPU-Z 1.56
Defraggler (Version: 2.09)
Dell Edoc Viewer (Version: 1.0.0)
Digital Line Detect (Version: 1.21)
DirectXInstallService (Version: 9.0.2)
DVD-Cloner V8.00 Build 1003 (Version: 8.00.0.1003)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
DVD43 Plug-in v1.0.0.5
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
FeedReader
GDR 4064 for SQL Server 2008 (KB2494089) (64-bit) (Version: 10.2.4064.0)
GetFLV Pro 8.9.9.7
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 19.0.1084.56)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
IHA_MessageCenter (Version: 1.2.3)
ImgBurn (Version: 2.5.5.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Internet Explorer (Version: 8)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 29 (Version: 6.0.290)
Macro Express 3 (Version: 3.8.1.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Digital Image Pro 7.0 (Version: 7.0.0.0000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Common Files (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Management Studio (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Native Client (Version: 10.2.4064.0)
Microsoft SQL Server 2008 Policies (Version: 10.2.4000.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.2.4064.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 Query Tools English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
MiniTool Partition Wizard Home Edition 5.2
MiniTool Partition Wizard Professional Edition 6.0
Modem Diagnostic Tool (Version: 1.0.28.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MT300 Driver Version 1.0
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0)
Netwaiting (Version: 2.5.59)
NexDef Plug-in
NirSoft Mail PassView
Open DVD ripper 1.70 Build 430 (Version: 1.700.430)
PCFriendly
PDFCreator (Version: 1.2.3)
PGA Championship Golf CE
PhoneTray Free (Version: 1.35)
PhotoFiltre
Pixel Ruler
RAMDisk (Version: 3.5.130)
Realtek High Definition Audio Driver (Version: 6.0.1.6050)
Redist (Version: 3.00.0000)
Remove on Reboot Shell Extension
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.106)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
SEO Link Robot - Fast Indexer 2.0.1.0 (Version: 2.0.1.0)
Service Pack 2 for SQL Server 2008 (KB2285068) (64-bit) (Version: 10.2.4000.0)
Skins (Version: 2010.0517.1742.29870)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Speccy (Version: 1.07)
Spybot - Search & Destroy (Version: 1.6.2)
StampManage 2012 (Version: 2012)
swMSM (Version: 12.0.0.1)
TeamViewer 6 (Version: 6.0.11656)
TeamViewer 7 (Version: 7.0.12799)
THX TruStudio PC (Version: 1.0)
Tt eSPORTS Challenger Ultimate (Version: 2.0.2.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst (Version: 1.00.0000)
Verizon Help and Support Tool
Verizon Media Manager (Version: 9.4.94)
VLC media player 2.0.1 (Version: 2.0.1)
WeatherBug (Version: 7.0.0.7)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinHTTrack Website Copier 3.43-9D (Version: 3.43.12)

========================= Devices: ================================

Name: DW1525 (802.11n) WLAN PCIe Card
Description: DW1525 (802.11n) WLAN PCIe Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 24566.93 MB
Available physical RAM: 14839.75 MB
Total Pagefile: 49132.04 MB
Available Pagefile: 39564.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.97 MB

========================= Partitions: =====================================

1 Drive c: (Operating System) (Fixed) (Total:75 GB) (Free:41.61 GB) NTFS
2 Drive d: (DVDs) (Fixed) (Total:845.58 GB) (Free:526.32 GB) NTFS
3 Drive e: (Programs (SSD)) (Fixed) (Total:73.84 GB) (Free:59.88 GB) NTFS
4 Drive f: (Local Disk) (Fixed) (Total:596.17 GB) (Free:423.08 GB) NTFS
5 Drive g: () (Fixed) (Total:5.99 GB) (Free:5.99 GB) FAT32
6 Drive h: () (Removable) (Total:3.72 GB) (Free:3.62 GB) FAT32
8 Drive t: (Temporary & Paging Files (SSD)) (Fixed) (Total:10 GB) (Free:8.73 GB) NTFS

========================= Users: ========================================

User accounts for \\BOBBY-PC

Administrator Bobby Guest


**** End of log ****



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bobby :: BOBBY-PC [administrator]

6/28/2012 12:46:00 PM
mbam-log-2012-06-28 (12-46-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238600
Time elapsed: 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 12:27:53
-----------------------------
12:27:53.233 OS Version: Windows x64 6.1.7601 Service Pack 1
12:27:53.234 Number of processors: 8 586 0x1A05
12:27:53.234 ComputerName: BOBBY-PC UserName: Bobby
12:27:54.571 Initialize success
12:28:13.722 AVAST engine defs: 12062800
12:28:16.621 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:28:16.623 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
12:28:16.624 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:28:16.626 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
12:28:16.627 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
12:28:16.629 Disk 2 Vendor: OCZ-VERT 1.23 Size: 85857MB BusType: 3
12:28:16.631 Disk 3 \Device\Harddisk3\DR0 -> \Device\00000007
12:28:16.634 Disk 3 Vendor: ( Size: 6144MB BusType: 0
12:28:16.656 Disk 1 MBR read successfully
12:28:16.658 Disk 1 MBR scan
12:28:16.661 Disk 1 Windows VISTA default MBR code
12:28:16.674 Disk 1 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:28:16.698 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
12:28:16.749 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 76800 MB offset 22900736
12:28:16.772 Disk 1 Partition - 00 0F Extended LBA 865878 MB offset 180201105
12:28:16.817 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 865878 MB offset 180201168
12:28:16.877 Disk 1 scanning C:\Windows\system32\drivers
12:28:31.512 Service scanning
12:28:57.481 Modules scanning
12:28:57.488 Disk 1 trace - called modules:
12:28:57.514 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:28:57.517 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8013f5c060]
12:28:57.520 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8013c77050]
12:28:58.016 AVAST engine scan C:\Windows
12:29:00.102 AVAST engine scan C:\Windows\system32
12:34:36.959 AVAST engine scan C:\Windows\system32\drivers
12:34:59.642 AVAST engine scan C:\Users\Bobby
12:36:12.047 Disk 1 MBR has been saved successfully to "C:\Users\Bobby\Downloads\Redirect\MBR.dat"
12:36:12.053 The log file has been saved successfully to "C:\Users\Bobby\Downloads\Redirect\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 12:47:56
-----------------------------
12:47:56.847 OS Version: Windows x64 6.1.7601 Service Pack 1
12:47:56.847 Number of processors: 8 586 0x1A05
12:47:56.848 ComputerName: BOBBY-PC UserName: Bobby
12:47:57.631 Initialize success
12:48:01.541 AVAST engine defs: 12062800
12:48:16.762 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:48:16.763 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
12:48:16.765 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:48:16.766 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
12:48:16.768 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
12:48:16.770 Disk 2 Vendor: OCZ-VERT 1.23 Size: 85857MB BusType: 3
12:48:16.772 Disk 3 \Device\Harddisk3\DR0 -> \Device\00000007
12:48:16.774 Disk 3 Vendor: ( Size: 6144MB BusType: 0
12:48:16.787 Disk 1 MBR read successfully
12:48:16.789 Disk 1 MBR scan
12:48:16.793 Disk 1 Windows VISTA default MBR code
12:48:16.797 Disk 1 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:48:16.811 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
12:48:16.835 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 76800 MB offset 22900736
12:48:16.857 Disk 1 Partition - 00 0F Extended LBA 865878 MB offset 180201105
12:48:16.873 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 865878 MB offset 180201168
12:48:16.903 Disk 1 scanning C:\Windows\system32\drivers
12:48:28.453 Service scanning
12:48:47.970 Modules scanning
12:48:47.977 Disk 1 trace - called modules:
12:48:47.994 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:48:48.000 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8013f5c060]
12:48:48.005 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8013c77050]
12:48:48.729 AVAST engine scan C:\Windows
12:48:51.111 AVAST engine scan C:\Windows\system32
12:52:28.161 AVAST engine scan C:\Windows\system32\drivers
12:52:42.548 AVAST engine scan C:\Users\Bobby
12:55:22.837 AVAST engine scan C:\ProgramData
12:56:21.379 Scan finished successfully
12:58:20.885 Disk 1 MBR has been saved successfully to "C:\Users\Bobby\Downloads\Redirect\MBR.dat"
12:58:20.889 The log file has been saved successfully to "C:\Users\Bobby\Downloads\Redirect\aswMBR.txt"

BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:57 AM

Posted 28 June 2012 - 12:20 PM

Do you recognize this partition or drive?
5 Drive g: () (Fixed) (Total:5.99 GB) (Free:5.99 GB) FAT32

Run Eset online scanner;

Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go to the Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic


#3 JoeSaswic

JoeSaswic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2012 - 12:35 PM

Do you recognize this partition or drive?
5 Drive g: () (Fixed) (Total:5.99 GB) (Free:5.99 GB) FAT32


Yes, that is a drive in RAM for temp internet files.

Scan is running now...

#4 JoeSaswic

JoeSaswic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2012 - 03:11 PM

C:\Documents and Settings\Bobby\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdcdadhdededhgddedhdfdegfdjdd\background.html Win32/BHO.OEI trojan
C:\Documents and Settings\Bobby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\38f8f1e3-682a7066 a variant of Java/JShrink.A application
C:\Documents and Settings\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\jjcm2nnc.default\extensions\robgqleewc@robgqleewc.org.xpi JS/Redirector.NCA trojan
C:\Documents and Settings\Bobby\Downloads\mailpv_setup.exe a variant of Win32/PSWTool.MailPassView.E application
C:\Documents and Settings\Bobby\Downloads\PDFCreator-1_2_3_setup.exe multiple threats
C:\Users\Bobby\AppData\Local\Google\Chrome\User Data\Default\Default\aagfdcdadhdededhgddedhdfdegfdjdd\background.html Win32/BHO.OEI trojan
C:\Users\Bobby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\38f8f1e3-682a7066 a variant of Java/JShrink.A application
C:\Users\Bobby\AppData\Roaming\Mozilla\Firefox\Profiles\jjcm2nnc.default\extensions\robgqleewc@robgqleewc.org.xpi JS/Redirector.NCA trojan
C:\Users\Bobby\Downloads\mailpv_setup.exe a variant of Win32/PSWTool.MailPassView.E application
C:\Users\Bobby\Downloads\PDFCreator-1_2_3_setup.exe multiple threats
E:\Program Files (x86)\NirSoft\Mail PassView\mailpv.exe a variant of Win32/PSWTool.MailPassView.E application
E:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application
F:\Installation and Keys\Registry Booster\registrybooster.exe a variant of Win32/RegistryBooster application
F:\Installation and Keys\SQLyog\SoftonicDownloader_for_sqlyog.exe a variant of Win32/SoftonicDownloader.A application
F:\My Documents\Downloaded Installations\Registry Booster\registrybooster.exe a variant of Win32/RegistryBooster application
F:\My Documents\Downloaded Installations\SQLyog\SoftonicDownloader_for_sqlyog.exe a variant of Win32/SoftonicDownloader.A application

#5 JoeSaswic

JoeSaswic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2012 - 03:13 PM

I see 2 lines that I think are bad guys but I'll wait for a response before doing anything.

#6 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:57 AM

Posted 28 June 2012 - 03:38 PM

There are some files that needed to be deleted because they are infected:

delfile.bat
Open Notepad and past the content of this code into it;
@echo off
del /f /s /q "C:\Documents and Settings\Bobby\Downloads\PDFCreator-1_2_3_setup.exe"
del /f /s /q "C:\Users\Bobby\Downloads\mailpv_setup.exe"
del /f /s /q "C:\Users\Bobby\Downloads\PDFCreator-1_2_3_setup.exe"
del /f /s /q "E:\Program Files (x86)\NirSoft\Mail PassView\mailpv.exe"
del /f /s /q "E:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
del /f /s /q "F:\Installation and Keys\Registry Booster\registrybooster.exe"
del /f /s /q "F:\Installation and Keys\SQLyog\SoftonicDownloader_for_sqlyog.exe" 
del /f /s /q "F:\My Documents\Downloaded Installations\Registry Booster\registrybooster.exe" 
del /f /s /q "F:\My Documents\Downloaded Installations\SQLyog\SoftonicDownloader_for_sqlyog.exe"
del %0

  • Save the Notepad file on your desktop as delfile.bat. Save type as "All Files".
  • Double click on delfile.bat to execute it.
  • A black CMD window will flash, then disappear, this is normal.
  • The files, if found will have been deleted and the "delfile.bat" file will also be deleted.

Please also clean up your Java cache and Google Chrome cache and Firefox cache.

Edited by ElFasso, 28 June 2012 - 03:40 PM.


#7 JoeSaswic

JoeSaswic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 28 June 2012 - 09:21 PM

Seems to have worked like a charm!

Thank you!

#8 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:57 AM

Posted 29 June 2012 - 05:41 AM

Please also update:
  • Internet Explorer 8
  • Java


And please enable UAC because of Windows 7 x64 (UAC is disabled!) .

1. Open the Control Panel.
2. Click on the User Accounts icon.
3. Click on the Change User Account Control settings link.
4. If prompted by UAC, click on Yes to approve.
5. Adjust the slider to the level of protection of how much you want to be notified from UAC.
6. Click on OK when done.

#9 JoeSaswic

JoeSaswic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 29 June 2012 - 10:31 PM

Done, Done, and Done.

Did you get my PM?

#10 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:57 AM

Posted 30 June 2012 - 09:24 AM

Happy safe surfing again. B)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users