Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus - Firefox (please help)


  • Please log in to reply
5 replies to this topic

#1 jtrexler

jtrexler

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 12 September 2012 - 02:42 PM

Hi,

I believe I have a "Google Redirect Virus" but it only seems to happen with firefox, not IE. Symantec full scan didn't find anything. I downloaded MalwareBytes and did a quick scan and it quarantined 3 files. (See report below)... I just got another redirect today though, so I ran a full scan with MalwareBytes and it doesn't find anything anymore.

Thanks for the help!

Initial MalwareBytes quick scan:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
jtrexler :: WWKLT1831 [administrator]

9/11/2012 8:54:15 AM
mbam-log-2012-09-11 (08-54-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260682
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|assembly (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\jtrexler\AppData\Local\Authentica\assembly\mkfuiav.dll",CreateInstance -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|assembly (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\jtrexler\AppData\Local\Authentica\assembly\mkfuiav.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\jtrexler\AppData\Local\Authentica\assembly\mkfuiav.dll (Trojan.RedirRdll3.Gen) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:39 AM

Posted 12 September 2012 - 10:02 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Edited by Broni, 12 September 2012 - 10:02 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jtrexler

jtrexler
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 13 September 2012 - 07:59 AM

Great, thanks! I will do all of this and post the results. Two questions before I start:

1. Do I need to do any or all of these with my computer in Safe Mode, or does it not matter?

2. Do I need to turn off or disable my Symantec Endpoint Protection while I run these?

Also, looks like I will have to wait and do this from home. My work blocks access to the first link for the SystemCheck.exe file. So it might take me a bit longer.

Edited by jtrexler, 13 September 2012 - 08:40 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:39 AM

Posted 13 September 2012 - 06:58 PM

1. Normal mode is preferred.
2. No.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 jtrexler

jtrexler
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 13 September 2012 - 08:22 PM

Ok good, that's what thought. here are the reports below.


Security Check report:
________________________________________________________________________________________

Results of screen317's Security Check version 0.99.50
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.265
Mozilla Firefox (for.)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

________________________________________________________________________________________





FSS report:
________________________________________________________________________________________

Farbar Service Scanner Version: 06-08-2012
Ran by jtrexler (administrator) on 13-09-2012 at 20:00:58
Running from "C:\Users\jtrexler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXWERC8"
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2011-08-22 08:13] - [2011-03-03 01:29] - 0132608 ____N (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____N (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____N (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____N (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____N (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____N (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
________________________________________________________________________________________






MiniToolBox report:
________________________________________________________________________________________


MiniToolBox by Farbar Version: 23-07-2012
Ran by jtrexler (administrator) on 13-09-2012 at 20:06:22
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

11b/g/n Wireless LAN Mini-PCI Express Adapter II = Wireless Network Connection (Connected)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : WWKLT1831
Primary Dns Suffix . . . . . . . : na.ad.crbard.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : na.ad.crbard.com
ad.crbard.com
crbard.com

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 78-DD-08-B8-62-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-26-2D-FF-70-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : 11b/g/n Wireless LAN Mini-PCI Express Adapter II
Physical Address. . . . . . . . . : 70-F1-A1-87-F8-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2809:6e79:5f9f:88a6%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.141(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 13, 2012 5:41:37 PM
Lease Expires . . . . . . . . . . : Friday, September 14, 2012 5:41:37 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242282913
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-8A-DC-3D-70-F1-A1-87-F8-39
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.ma.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2ce3:20bf:3f57:fe72(Preferred)
Link-local IPv6 Address . . . . . : fe80::2ce3:20bf:3f57:fe72%20(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{47C81F07-5C7D-480B-87B9-8FCEDA04A99D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5047EE38-95A6-4A09-B882-9F1BB16C8EFA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4006:803::1004
74.125.226.231
74.125.226.227
74.125.226.225
74.125.226.232
74.125.226.230
74.125.226.228
74.125.226.229
74.125.226.224
74.125.226.226
74.125.226.233
74.125.226.238


Pinging google.com [74.125.226.199] with 32 bytes of data:
Reply from 74.125.226.199: bytes=32 time=18ms TTL=55
Reply from 74.125.226.199: bytes=32 time=16ms TTL=55

Ping statistics for 74.125.226.199:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 18ms, Average = 17ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=56ms TTL=52
Reply from 98.139.183.24: bytes=32 time=53ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 56ms, Average = 54ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...78 dd 08 b8 62 8c ......Bluetooth Device (Personal Area Network)
12...00 26 2d ff 70 80 ......Intel® 82577LM Gigabit Network Connection
11...70 f1 a1 87 f8 39 ......11b/g/n Wireless LAN Mini-PCI Express Adapter II
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.141 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.141 281
192.168.1.141 255.255.255.255 On-link 192.168.1.141 281
192.168.1.255 255.255.255.255 On-link 192.168.1.141 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.141 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.141 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 58 ::/0 On-link
1 306 ::1/128 On-link
20 58 2001::/32 On-link
20 306 2001:0:9d38:6ab8:2ce3:20bf:3f57:fe72/128
On-link
11 281 fe80::/64 On-link
20 306 fe80::/64 On-link
11 281 fe80::2809:6e79:5f9f:88a6/128
On-link
20 306 fe80::2ce3:20bf:3f57:fe72/128
On-link
1 306 ff00::/8 On-link
20 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2012 07:27:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/13/2012 06:35:51 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/13/2012 05:28:54 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (09/13/2012 03:36:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/13/2012 09:07:24 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/12/2012 00:19:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/12/2012 09:20:40 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/12/2012 08:26:36 AM) (Source: PerfNet) (User: )
Description:

Error: (09/11/2012 10:11:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/10/2012 10:12:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: Smc.exe, version: 11.0.6005.440, time stamp: 0x4bc92841
Faulting module name: cspcore.dll, version: 8.30.14.0, time stamp: 0x4a94df34
Exception code: 0x40000015
Fault offset: 0x000b834f
Faulting process id: 0x5e8
Faulting application start time: 0xSmc.exe0
Faulting application path: Smc.exe1
Faulting module path: Smc.exe2
Report Id: Smc.exe3


System errors:
=============
Error: (09/13/2012 05:30:49 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/13/2012 05:30:49 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NA due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/13/2012 05:14:58 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/13/2012 11:21:03 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/13/2012 11:20:50 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/13/2012 11:20:37 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/13/2012 11:20:24 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/13/2012 11:20:10 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/13/2012 11:19:57 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/13/2012 11:19:44 AM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (09/08/2012 07:45:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 8249 seconds with 3060 seconds of active time. This session ended with a crash.

Error: (04/18/2012 03:02:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 24616 seconds with 3000 seconds of active time. This session ended with a crash.

Error: (02/23/2012 00:18:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 645 seconds with 420 seconds of active time. This session ended with a crash.

Error: (02/23/2012 11:32:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6782 seconds with 3600 seconds of active time. This session ended with a crash.

Error: (02/16/2012 04:08:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 98464 seconds with 4800 seconds of active time. This session ended with a crash.

Error: (02/01/2012 09:49:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 927 seconds with 600 seconds of active time. This session ended with a crash.

Error: (01/26/2012 06:14:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/26/2012 06:13:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 10865 seconds with 840 seconds of active time. This session ended with a crash.

Error: (11/11/2011 10:17:24 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2792 seconds with 360 seconds of active time. This session ended with a crash.

Error: (11/04/2011 08:28:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 878 seconds with 240 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Meeting Manager for Mozilla Firefox/Netscape Navigator (Version: 7.5.3)
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Access Help (Version: 3.00)
Adobe Acrobat X Pro (Version: 10.1.3)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Altiris Application Metering Agent (Version: 6.1.31)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Bootstrapper (Version: 1.0.0.0)
Burn.Now 4.5 (Version: 4.5.0)
Burn.Now Lenovo Edition (Version: 4.5.0)
CCleaner (Version: 3.16)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Citrix Presentation Server Client (Version: 10.150.58643)
Client Security - Password Manager (Version: 8.30.0023.00)
Conexant 20585 SmartAudio HD (Version: 4.95.31.3)
Corel DVD MovieFactory (Version: 7.0.0)
Corel DVD MovieFactory 7 Lenovo Edition (Version: 7.0.0)
Create Recovery Media (Version: 1.20.0.00)
Direct DiscRecorder (Version: 1.00.0000)
FileOpen Client (Version: 3.0.67.914)
Garmin TOPO U.S. 2008 (Version: 4.0.0.0)
Integrated Camera Driver Installer Package Ver.1.1.0.17 (Version: 1.1.0.17)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.3)
InterVideo WinDVD 8 (Version: 8.0.20.157)
IRM Client for Microsoft Office (Version: 5.00.210)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8089.726)
Lenovo System Interface Driver (Version: 1.01)
Lenovo ThinkVantage Toolbox (Version: 6.0.5387.31)
Lenovo Warranty Information (Version: 1.0.0002.00)
Lenovo Welcome (Version: 2.0.020.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MasterControl.MasterControlWord (Version: 1.0.1.41)
Message Center Plus (Version: 2.0.0012.00)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Research AutoCollage Touch 2009 (Version: 2.00.2009)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Minitab 16 (Version: 16.1.1)
Minitab16 (Version: 16.1.1.0)
Mobile Broadband Connect (Version: 3.5.0010)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
On Screen Display (Version: 6.01.00)
Quicken 2009 (Version: 18.1.1.29)
QuickTime (Version: 7.72.80.56)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (Version: 4.30.0025.00)
Symantec Endpoint Protection (Version: 11.0.6005.562)
SyncToy 2.1 (x86) (Version: 2.1.0)
System Update (Version: 4.00.0009)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.100)
ThinkPad FullScreen Magnifier (Version: 2.12)
ThinkPad Power Management Driver (Version: 1.60.0.4)
ThinkPad Power Manager (Version: 3.10a)
ThinkPad UltraNav Driver (Version: 14.0.15.0)
ThinkPad UltraNav Utility (Version: 2.11)
ThinkPad Wireless LAN Adapter Software (Version: 1.00.0016)
ThinkVantage Active Protection System (Version: 1.71)
ThinkVantage Fingerprint Software (Version: 5.9.2.5912)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
WebEx
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Intel (e1kexpress) Net (11/19/2009 11.5.5.0) (Version: 11/19/2009 11.5.5.0)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (Version: 10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (Version: 08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 2931.67 MB
Available physical RAM: 1684.99 MB
Total Pagefile: 4975.95 MB
Available Pagefile: 3508.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.58 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:122.07 GB) (Free:42.79 GB) NTFS
2 Drive d: () (Fixed) (Total:110.72 GB) (Free:96.35 GB) NTFS

========================= Users: ========================================

User accounts for \\WWKLT1831

davol Guest warwickadmin


**** End of log ****
_____________________________________________________________________________________





MBAM report:
_____________________________________________________________________________________
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.13.10

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
jtrexler :: WWKLT1831 [administrator]

9/13/2012 8:14:58 PM
mbam-log-2012-09-13 (20-14-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262350
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

___________________________________________________________________________________________



aswMBR report:
__________________________________________________________________________________________

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 21:06:14
-----------------------------
21:06:14.910 OS Version: Windows 6.1.7600
21:06:14.910 Number of processors: 4 586 0x2502
21:06:14.910 ComputerName: WWKLT1831 UserName: jtrexler
21:06:25.237 Initialize success
21:07:13.345 AVAST engine defs: 12091301
21:07:44.592 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:07:44.607 Disk 0 Vendor: TOSHIBA_ PS11 Size: 238475MB BusType: 3
21:07:44.638 Disk 0 MBR read successfully
21:07:44.638 Disk 0 MBR scan
21:07:44.654 Disk 0 Windows 7 default MBR code
21:07:44.670 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:07:44.716 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 125000 MB offset 206848
21:07:44.763 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 113373 MB offset 256206848
21:07:44.779 Disk 0 scanning sectors +488394752
21:07:44.841 Disk 0 scanning C:\Windows\system32\drivers
21:07:58.366 Service scanning
21:08:47.273 Modules scanning
21:09:00.735 Disk 0 trace - called modules:
21:09:01.297 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:09:01.297 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88183ac8]
21:09:01.313 3 CLASSPNP.SYS[8b7d259e] -> nt!IofCallDriver -> [0x865fa140]
21:09:01.328 5 ACPI.sys[8b08c3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8665e028]
21:09:02.467 AVAST engine scan C:\Windows
21:09:04.464 AVAST engine scan C:\Windows\system32
21:12:41.960 AVAST engine scan C:\Windows\system32\drivers
21:12:58.418 AVAST engine scan C:\Users\jtrexler
21:16:59.174 Disk 0 MBR has been saved successfully to "C:\Users\jtrexler\Desktop\Bleep Files\MBR.dat"
21:16:59.189 The log file has been saved successfully to "C:\Users\jtrexler\Desktop\Bleep Files\aswMBR.txt"



___________________________________________________________________________________________



Also, when I restarted the computer after I ran the MBAM quick scan, upon restart I had a message that popped up, so I viewed it and it said it was a C++ runtime error. I think it said it was from Symantec End Point something. I tried to capture a print screen but it wouldn't let me. I clicked ok and then it went away.

Then I continued with the aswMBR download.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:39 AM

Posted 13 September 2012 - 08:27 PM

All logs look clean.

Uninstall Firefox completely using this manual: http://kb.mozillazine.org/Uninstalling_Firefox
Install fresh copy and see if the issue is gone.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users