Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus & Misloading Web Pages


  • Please log in to reply
23 replies to this topic

#1 HEstes66

HEstes66

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 02:23 PM

Hey Gang! I have caught a redirect virus that seems pretty stubborn. It wouldn't even let me on BleepingComputer until I kept refreshing the registration pages. I see my desktop icons flicker and now my computer is slowing as well. I have run Malwarebytes Anti-Malware, Super Anti-Spyware, tdsskiller, and updated Norton 360. They found nothing. I was reading the forums for steps and ran tdsskiller to get a log (it found nothing). I then ran AVAST aswMBR. I have a log but it found nothing. I then ran eset online scanner found 2 items. At this point, I thought i better reach out to the experts here to see if there are any other steps I should take and for review of the logs.

Thanks in advance!
H

Win 7 Pro SP1

Edited by HEstes66, 04 October 2012 - 02:27 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 AM

Posted 04 October 2012 - 02:40 PM

Welcome aboard Posted Image

Which browser is affected?
Did you check other browser(s)?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 03:24 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Howard (administrator) on 04-10-2012 at 15:57:25
Running from "C:\Users\Howard\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****







MiniToolBox by Farbar Version: 23-07-2012
Ran by Howard (administrator) on 04-10-2012 at 15:59:44
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : EALaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 38-59-F9-1F-69-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : C0-F8-DA-E5-91-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 38-59-F9-1F-69-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5410:8169:8746:a2ed%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, October 04, 2012 12:15:55 PM
Lease Expires . . . . . . . . . . : Friday, October 05, 2012 3:53:22 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 238574073
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-AD-27-E5-D0-67-E5-31-2F-90
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : D0-67-E5-31-2F-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5d75:cc3:307e:2d9%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.2.217(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 248539109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-AD-27-E5-D0-67-E5-31-2F-90
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BEBBC84B-0BCC-43C7-B3D8-30C6BD10A8FA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E9AC6978-FDEF-4550-B171-260079C01529}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DECC2CBF-FAD4-4681-85B8-2DC90F0E4675}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:803::1001
74.125.228.69
74.125.228.68
74.125.228.67
74.125.228.65
74.125.228.64
74.125.228.78
74.125.228.72
74.125.228.73
74.125.228.71
74.125.228.66
74.125.228.70


Pinging google.com [74.125.228.70] with 32 bytes of data:
Reply from 74.125.228.70: bytes=32 time=43ms TTL=55
Reply from 74.125.228.70: bytes=32 time=32ms TTL=55

Ping statistics for 74.125.228.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 43ms, Average = 37ms
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=759ms TTL=56
Reply from 72.30.38.140: bytes=32 time=619ms TTL=56

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 619ms, Maximum = 759ms, Average = 689ms
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...38 59 f9 1f 69 d2 ......Microsoft Virtual WiFi Miniport Adapter
15...c0 f8 da e5 91 fc ......Bluetooth Device (Personal Area Network)
13...38 59 f9 1f 69 d2 ......DW1501 Wireless-N WLAN Half-Mini Card
11...d0 67 e5 31 2f 90 ......Broadcom NetXtreme 57xx Gigabit Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.21 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.2.217 276
169.254.2.217 255.255.255.255 On-link 169.254.2.217 276
169.254.255.255 255.255.255.255 On-link 169.254.2.217 276
192.168.1.0 255.255.255.0 On-link 192.168.1.21 286
192.168.1.21 255.255.255.255 On-link 192.168.1.21 286
192.168.1.255 255.255.255.255 On-link 192.168.1.21 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.2.217 276
224.0.0.0 240.0.0.0 On-link 192.168.1.21 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.2.217 276
255.255.255.255 255.255.255.255 On-link 192.168.1.21 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
13 286 fe80::/64 On-link
13 286 fe80::5410:8169:8746:a2ed/128
On-link
11 276 fe80::5d75:cc3:307e:2d9/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
13 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/04/2012 02:33:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 02:33:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 02:33:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 02:32:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 02:32:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 01:38:18 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (10/04/2012 01:38:18 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Estes & Associates, LLC.QBW;ENG=QB_data_engine_21;DBN=b87bf6dbdc4b46c990dbac722a6f09ef

Error: (10/04/2012 01:38:18 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection Error:Invalid user ID or password

Error: (10/04/2012 01:20:38 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (10/04/2012 01:20:38 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Estes & Associates, LLC.QBW;ENG=QB_data_engine_21;DBN=9540710a837f4188960e97a2e5055853


System errors:
=============
Error: (10/04/2012 03:53:23 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/04/2012 03:22:13 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/04/2012 03:20:13 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/04/2012 00:17:34 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/04/2012 00:17:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/04/2012 00:17:25 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (10/04/2012 00:16:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/04/2012 00:15:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:11:24 PM on ?10/?4/?2012 was unexpected.

Error: (10/04/2012 11:10:41 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/04/2012 11:10:29 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 4.2.1)
AccelerometerP11 (Version: 2.00.10.22)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AuthenTec Fingerprint Software (Version: 8.4.4.20)
BioAPI Framework (Version: 1.0.2)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 14.4.6.2)
BufferChm (Version: 100.0.170.000)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Custom (Version: 01.00.00.000)
CustomerResearchQFolder (Version: 1.00.0000)
CutePDF Writer 2.8
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager (Version: 1.3.1)
Dell Data Protection | Access (Version: 01.01.01.001)
Dell Data Protection | Access (Version: 2.0.00001.001)
Dell Data Protection | Access | Drivers (Version: 1.00.011)
Dell Data Protection | Access | Middleware (Version: 1.00.005)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell MFP 1125
Dell System Manager (Version: 1.6.00000)
Dell Touchpad (Version: 7.1208.101.118)
Dell Webcam Central (Version: 1.40.28)
DellAccess (Version: 01.01.00.053)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
DirectX 9 Runtime (Version: 1.00.0000)
DW WLAN Card Utility (Version: 5.100.235.13)
EMBASSY Security Center (Version: 04.03.00.067)
ESET Online Scanner v3
Gemalto (Version: 01.64.01.0010)
Google Update Helper (Version: 1.3.21.111)
HP Color LaserJet CM2320 MFP Series 3.1 (Version: 3.1)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
hppCLJCM2320 (Version: 003.001.00097)
hppFaxDrvCM2320 (Version: 003.000.00001)
hppFaxUtilityCM2320 (Version: 003.001.00095)
hppFonts (Version: 001.001.00061)
hppManualsCM2320 (Version: 003.001.00087)
hppQFolderCM2320 (Version: 1.00.0000)
hppScanToCM2320 (Version: 003.001.00090)
hppSendFaxCM2320 (Version: 003.000.00001)
hppusgCM2320 (Version: 1.1.0.1)
Intel® Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2347)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 100.0.170.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer 2007 (Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modem Diagnostic Tool (Version: 1.0.28.0)
Mozilla Firefox 13.0 (x86 en-US) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Netwaiting (Version: 2.5.59)
Norton 360 (Version: 6.4.0.9)
NTRU TCG Software Stack (Version: 2.1.34)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.23)
O2Micro OZ776 SCR Driver (Version: 2.1.4.210GS)
PC-CCID (Version: 2.0.0)
PhotoShowExpress (Version: 2.0.063)
Preboot Manager (Version: 03.03.00.049)
Private Information Manager (Version: 07.01.00.007)
QuickBooks (Version: 21.0.4011.904)
QuickBooks Pro 2011 (Version: 21.0.4011.904)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype™ 5.8 (Version: 5.8.154)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SPBA 5.9 (Version: 5.9.4.6686)
Streamripper (Remove only)
TrayApp (Version: 100.0.170.000)
Trusted Drive Manager (Version: 4.0.5.8)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Upek Touchchip Fingerprint Reader (Version: 1.2.004)
Wave Infrastructure Installer (Version: 07.66.40.0008)
Wave Support Software Installer (Version: 05.13.00.014)
WebReg (Version: 100.0.170.000)
WIDCOMM Bluetooth Software (Version: 6.3.0.7900)
Winamp (Version: 5.621 )
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 3992.93 MB
Available physical RAM: 1564.75 MB
Total Pagefile: 10135.13 MB
Available Pagefile: 7564.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.07 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:287.75 GB) (Free:222.92 GB) NTFS

========================= Users: ========================================

User accounts for \\EALAPTOP

Administrator Guest Howard


**** End of log ****

#4 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 03:26 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.04.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Howard :: EALAPTOP [administrator]

10/4/2012 4:01:19 PM
mbam-log-2012-10-04 (16-01-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 200680
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 14:03:01
-----------------------------
14:03:01.237 OS Version: Windows x64 6.1.7601 Service Pack 1
14:03:01.237 Number of processors: 4 586 0x2A07
14:03:01.237 ComputerName: EALAPTOP UserName: Howard
14:03:02.277 Initialize success
14:05:49.637 AVAST engine defs: 12100302
14:06:01.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:06:01.958 Disk 0 Vendor: TOSHIBA_ MC00 Size: 305245MB BusType: 3
14:06:01.974 Disk 0 MBR read successfully
14:06:01.990 Disk 0 MBR scan
14:06:01.990 Disk 0 Windows VISTA default MBR code
14:06:02.005 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:06:02.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10544 MB offset 81920
14:06:02.021 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 294660 MB offset 21676032
14:06:02.052 Disk 0 scanning C:\Windows\system32\drivers
14:06:12.176 Service scanning
14:06:41.068 Modules scanning
14:06:41.083 Disk 0 trace - called modules:
14:06:41.115 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
14:06:41.629 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800631a060]
14:06:41.629 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80061b1cb0]
14:06:41.645 5 stdcfltn.sys[fffff880019f7c52] -> nt!IofCallDriver -> [0xfffffa800478cb20]
14:06:41.661 7 ACPI.sys[fffff88000f3e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004798050]
14:06:42.503 AVAST engine scan C:\Windows
14:06:44.874 AVAST engine scan C:\Windows\system32
14:09:45.944 AVAST engine scan C:\Windows\system32\drivers
14:10:02.558 AVAST engine scan C:\Users\Howard
14:16:08.862 AVAST engine scan C:\ProgramData
14:18:17.625 Scan finished successfully
14:19:51.666 Disk 0 MBR has been saved successfully to "C:\Users\Howard\Desktop\MBR.dat"
14:19:51.666 The log file has been saved successfully to "C:\Users\Howard\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 16:09:31
-----------------------------
16:09:31.286 OS Version: Windows x64 6.1.7601 Service Pack 1
16:09:31.286 Number of processors: 4 586 0x2A07
16:09:31.301 ComputerName: EALAPTOP UserName: Howard
16:09:32.269 Initialize success
16:09:41.285 AVAST engine defs: 12100302
16:11:06.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:11:06.461 Disk 0 Vendor: TOSHIBA_ MC00 Size: 305245MB BusType: 3
16:11:06.477 Disk 0 MBR read successfully
16:11:06.477 Disk 0 MBR scan
16:11:06.508 Disk 0 Windows VISTA default MBR code
16:11:06.508 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
16:11:06.539 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10544 MB offset 81920
16:11:06.555 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 294660 MB offset 21676032
16:11:06.586 Disk 0 scanning C:\Windows\system32\drivers
16:11:17.194 Service scanning
16:11:48.207 Modules scanning
16:11:48.223 Disk 0 trace - called modules:
16:11:48.285 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
16:11:48.301 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062fa060]
16:11:48.301 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800619bcb0]
16:11:48.316 5 stdcfltn.sys[fffff8800184bc52] -> nt!IofCallDriver -> [0xfffffa8004771e40]
16:11:48.332 7 ACPI.sys[fffff88000f577a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004775050]
16:11:49.003 AVAST engine scan C:\Windows
16:11:51.405 AVAST engine scan C:\Windows\system32
16:15:28.261 AVAST engine scan C:\Windows\system32\drivers
16:15:52.270 AVAST engine scan C:\Users\Howard
16:20:52.827 AVAST engine scan C:\ProgramData
16:22:41.670 Scan finished successfully
16:23:12.230 Disk 0 MBR has been saved successfully to "C:\Users\Howard\Desktop\MBR.dat"
16:23:12.230 The log file has been saved successfully to "C:\Users\Howard\Desktop\aswMBR.txt"

#5 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 03:28 PM

Thanks so much for your help!

Here was what eset found:


C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Default\aadbgfdjgbgggedhggdcdjdcdegddfgf\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\Default\aadbgfdjgbgggedhggdcdjdcdegddfgf\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined


I ran the items from your reply afterward.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 AM

Posted 04 October 2012 - 03:31 PM

I still need Security Check log.

Which browser is acting up?
What about other browser(s)?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 03:48 PM

Yahoo was the one acting up that I noticed. I didnt want to make it worse by gettng into other browsers. Should i try them at this point?

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 AM

Posted 04 October 2012 - 05:26 PM

I meant browser not search engine.
Browsers are Internet Explorer, Firefox, Google Chrome etc.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 05:43 PM

My mistake, Broni.

Internet Explorer 9.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 AM

Posted 04 October 2012 - 05:47 PM

Do you have any other browser installed so you can check if that is affected as well?

Then go on with other scans...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 05:54 PM

i just tried using Firefox. it has the same redirect thru Google.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 AM

Posted 04 October 2012 - 05:57 PM

Thanks...

Go on...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 06:02 PM

and run scans? i dont have any other browsers than FF and IE.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 AM

Posted 04 October 2012 - 06:20 PM

Ooopps...my bad...

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 HEstes66

HEstes66
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 04 October 2012 - 07:01 PM

I wasnt asked to reboot, but I did.

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/04/2012 07:58:43 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* c:\Windows\SysWOW64\srvany.exe (PID: 2352) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Howard\Desktop\rkill\rkill-10-04-2012-07-58-53.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/04/2012 07:59:08 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users