Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus imbedded in my internet browsers?


  • Please log in to reply
8 replies to this topic

#1 PhoenyxAngel

PhoenyxAngel

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 19 August 2012 - 02:41 PM

Hi,

I'm having a problem with my internet browsers. I have: Google Chrome, Firefox, and IE (though I don't use IE).

Basically what is happening is that when I'm on a website it will redirect me back to my homepage. And it will do this on and off. It also opens new windows randomly which can get very annoying. It'll open 20 new windows at a time.

Prior to this problem I also had a google redirect problem. Whenever I clicked a link it would redirect me to another site. I basically avoided it by using an AVG safe search engine which didn't seem to be effected. That started about a month ago.

This current problem started up yesterday, so I tried a system restore. That didn't work. I ran the following anti-virus programs: PC Tools Spyware Doctor (full version), AVG free, Maleware Bytes, Avast! Free anti-virus program, and ComboFix (I believe that's the name of it, I got it from bleepingcomputers). Nothing works.

I'm running Windows 7. Can anyone help me? I've tried everything I could think of but I can't figure this out :(

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:24 PM

Posted 19 August 2012 - 03:29 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 PhoenyxAngel

PhoenyxAngel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 August 2012 - 11:13 AM

Ok, I restored my computer back to it's original settings and I'm STILL having the problem. I'm going to download what you posted and post the results in a bit.

#4 PhoenyxAngel

PhoenyxAngel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 August 2012 - 11:47 AM

Security Check results:

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

FSS results:

Farbar Service Scanner Version: 06-08-2012
Ran by Katie (administrator) on 20-08-2012 at 12:18:13
Running from "C:\Users\Katie\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-20 23:24] - [2010-11-20 23:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-07-27 01:08] - [2011-07-27 01:08] - 1924480 ____A (Microsoft Corporation) DC08410DB2D0CC542DACAC7A90E6CB7A

C:\Windows\System32\dnsrslvr.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Mini Tool Box:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Katie (administrator) on 20-08-2012 at 12:20:24
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6150 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Katie-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cmts.sth.ptd.net

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-5B-19-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-49-8D-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-49-8D-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : cmts.sth.ptd.net
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-49-8D-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::807f:5e53:3144:c64e%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 20, 2012 1:28:53 AM
Lease Expires . . . . . . . . . . : Tuesday, August 21, 2012 12:07:10 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 322971074
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-C1-49-D3-10-1F-74-0E-9A-46
DNS Servers . . . . . . . . . . . : 204.186.80.251
216.144.187.101
216.144.187.199
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 10-1F-74-0E-9A-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DB1EAA8B-8C46-4BA5-8922-19F4C6AD72CE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.cmts.sth.ptd.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cmts.sth.ptd.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:d1:2639:e78c:2e1b(Preferred)
Link-local IPv6 Address . . . . . : fe80::d1:2639:e78c:2e1b%38(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{0AFF0FD5-394E-4F79-BEBE-153F6EFDF43A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8AAD99FE-90C0-4B18-AD52-3E7BE550A222}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D5C4DE0C-D53F-4750-BA57-E2172CFC436E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns.str.ptd.net
Address: 204.186.80.251

Name: google.com
Addresses: 2607:f8b0:4006:802::1000
173.194.43.14
173.194.43.0
173.194.43.1
173.194.43.2
173.194.43.3
173.194.43.4
173.194.43.5
173.194.43.6
173.194.43.7
173.194.43.8
173.194.43.9


Pinging google.com [173.194.43.0] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 173.194.43.0:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server: dns.str.ptd.net
Address: 204.186.80.251

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=407ms TTL=55
Reply from 98.139.183.24: bytes=32 time=559ms TTL=55

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 407ms, Maximum = 559ms, Average = 483ms
Server: dns.str.ptd.net
Address: 204.186.80.251

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...64 d4 da 5b 19 b6 ......Intel® Centrino® WiMAX 6150
17...40 25 c2 49 8d 55 ......Microsoft Virtual WiFi Miniport Adapter #2
16...40 25 c2 49 8d 55 ......Microsoft Virtual WiFi Miniport Adapter
14...40 25 c2 49 8d 54 ......Intel® Centrino® Wireless-N 6150
11...10 1f 74 0e 9a 46 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
38...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
38 58 ::/0 On-link
1 306 ::1/128 On-link
38 58 2001::/32 On-link
38 306 2001:0:4137:9e76:d1:2639:e78c:2e1b/128
On-link
14 281 fe80::/64 On-link
38 306 fe80::/64 On-link
38 306 fe80::d1:2639:e78c:2e1b/128
On-link
14 281 fe80::807f:5e53:3144:c64e/128
On-link
1 306 ff00::/8 On-link
14 281 ff00::/8 On-link
38 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 01:43:00 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/20/2012 01:41:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/20/2012 01:41:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/20/2012 01:41:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/20/2012 01:30:51 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/20/2012 01:43:00 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/20/2012 01:41:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/20/2012 01:41:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/20/2012 01:41:22 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/20/2012 01:30:51 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X MUI (Version: 10.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
AIM for Windows
ATI Catalyst Install Manager (Version: 3.0.816.0)
AuthenTec TrueAPI (Version: 1.2.1.33)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bing Bar (Version: 7.0.610.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.6699)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0315.958.16016)
Catalyst Control Center Graphics Previews Common (Version: 2011.0315.958.16016)
Catalyst Control Center InstallProxy (Version: 2011.0315.958.16016)
Catalyst Control Center Localization All (Version: 2011.0315.958.16016)
Catalyst Control Center Profiles Mobile (Version: 2011.0315.958.16016)
ccc-utility64 (Version: 2011.0315.958.16016)
CCC Help Chinese Standard (Version: 2011.0315.0957.16016)
CCC Help Chinese Traditional (Version: 2011.0315.0957.16016)
CCC Help Czech (Version: 2011.0315.0957.16016)
CCC Help Danish (Version: 2011.0315.0957.16016)
CCC Help Dutch (Version: 2011.0315.0957.16016)
CCC Help English (Version: 2011.0315.0957.16016)
CCC Help Finnish (Version: 2011.0315.0957.16016)
CCC Help French (Version: 2011.0315.0957.16016)
CCC Help German (Version: 2011.0315.0957.16016)
CCC Help Greek (Version: 2011.0315.0957.16016)
CCC Help Hungarian (Version: 2011.0315.0957.16016)
CCC Help Italian (Version: 2011.0315.0957.16016)
CCC Help Japanese (Version: 2011.0315.0957.16016)
CCC Help Korean (Version: 2011.0315.0957.16016)
CCC Help Norwegian (Version: 2011.0315.0957.16016)
CCC Help Polish (Version: 2011.0315.0957.16016)
CCC Help Portuguese (Version: 2011.0315.0957.16016)
CCC Help Russian (Version: 2011.0315.0957.16016)
CCC Help Spanish (Version: 2011.0315.0957.16016)
CCC Help Swedish (Version: 2011.0315.0957.16016)
CCC Help Thai (Version: 2011.0315.0957.16016)
CCC Help Turkish (Version: 2011.0315.0957.16016)
Chuzzle Deluxe (Version: 2.2.0.95)
CyberLink YouCam (Version: 3.5.1.3908)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Evernote v. 4.2.2 (Version: 4.2.2.3979)
Farm Frenzy (Version: 2.2.0.95)
FATE - The Traitor Soul (Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.1.5.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (Version: 4.0.45.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.2.4)
HP MovieStore (Version: 1.0.047)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.1.2)
HP Power Manager (Version: 1.2.3)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13231.3673)
HP SimplePass 2011 (Version: 5.1.0.495)
HP Software Framework (Version: 4.0.110.1)
HP Support Assistant (Version: 5.2.9.2)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
IDT Audio (Version: 1.0.6329.0)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Display Audio Driver (Version: 6.14.00.3074)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.30.0)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
Magic Desktop (Version: 3.0)
Mah Jong Medley (Version: 2.2.0.95)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Norton Internet Security (Version: 18.5.0.125)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
PX Profile Update (Version: 1.00.1.)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek PCIE Card Reader (Version: 6.1.7600.74)
Recovery Manager (Version: 2.0.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
RoxioNow Player (Version: 1.9.5.103)
Slingo Supreme (Version: 2.2.0.95)
Synaptics Pointing Device Driver (Version: 15.2.4.4)
Update Installer for WildTangent Games App
Validity WBF DDK (Version: 4.3.118.0)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 8139.86 MB
Available physical RAM: 4440.91 MB
Total Pagefile: 16277.92 MB
Available Pagefile: 12262.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.58 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:683.98 GB) (Free:648.25 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.36 GB) (Free:1.6 GB) NTFS

========================= Users: ========================================

User accounts for \\KATIE-HP

Administrator Guest Katie


**** End of log ****

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malware Bytes:

Nothing was found.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 12:29:13
-----------------------------
12:29:13.149 OS Version: Windows x64 6.1.7601 Service Pack 1
12:29:13.150 Number of processors: 4 586 0x2A07
12:29:13.150 ComputerName: KATIE-HP UserName: Katie
12:29:14.974 Initialize success
12:36:22.596 AVAST engine defs: 12082000
12:38:53.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:38:53.673 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
12:38:53.687 Disk 0 MBR read successfully
12:38:53.689 Disk 0 MBR scan
12:38:53.693 Disk 0 Windows 7 default MBR code
12:38:53.695 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:38:53.709 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700396 MB offset 409600
12:38:53.744 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14705 MB offset 1434820608
12:38:53.761 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
12:38:53.792 Disk 0 scanning C:\Windows\system32\drivers
12:39:00.194 Service scanning
12:39:26.371 Modules scanning
12:39:26.377 Disk 0 trace - called modules:
12:39:26.723 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
12:39:26.728 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009bdf060]
12:39:26.732 3 CLASSPNP.SYS[fffff88001b8a43f] -> nt!IofCallDriver -> [0xfffffa8007e67b10]
12:39:26.738 5 hpdskflt.sys[fffff88001b31361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d4b050]
12:39:28.193 AVAST engine scan C:\Windows
12:39:30.550 AVAST engine scan C:\Windows\system32
12:41:18.383 AVAST engine scan C:\Windows\system32\drivers
12:41:27.705 AVAST engine scan C:\Users\Katie
12:42:53.372 AVAST engine scan C:\ProgramData
12:43:16.671 Scan finished successfully
12:45:22.199 Disk 0 MBR has been saved successfully to "C:\Users\Katie\Desktop\MBR.dat"
12:45:22.204 The log file has been saved successfully to "C:\Users\Katie\Desktop\aswMBR.txt"

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:24 PM

Posted 20 August 2012 - 05:19 PM

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 PhoenyxAngel

PhoenyxAngel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 August 2012 - 05:35 PM

When I downloaded Google Chrome the problem persisted. Is it possible my google account has the virus rather than my computer?

#7 PhoenyxAngel

PhoenyxAngel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 August 2012 - 05:37 PM

Rkill:

Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2012 06:36:23 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Katie\Desktop\rkill\rkill-08-20-2012-06-36-26.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WatAdminSvc [Missing Service]

Searching for Missing Digital Signatures:
* No issues found.

Program finished at: 08/20/2012 06:36:29 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:24 PM

Posted 20 August 2012 - 06:01 PM

I don't see anything malicious.
Are all browsers affected?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 PhoenyxAngel

PhoenyxAngel
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 20 August 2012 - 07:17 PM

It's not as a bad as it was before. Before recovering my computer it effected IE, Google Chrome, and Firefox. And it was a Google Redirect virus, would redirect me back to my homepage without my consent, and would open several windows at a time.

Now, after the recovery, it's only done the redirecting to homepage a few times. And it did it for Google Chrome and Firefox.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users