Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Browser has been hi-jacked, need help


  • This topic is locked This topic is locked
2 replies to this topic

#1 RJ1976

RJ1976

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 07 December 2012 - 03:43 AM

As the title says, I have had some issues regarding my web browser and tried everything I can to fix it. I currently use Firefox, not IE, not Safarri, not Opera etc. When I google something, such as baseball and click a link, I get redirected to random sites. I click back and click the link again, it usually gets me to the right link the second time, if not for sure by the third time. I have googled for help, done a billion things and still coming up with no real solution to the problem. So I am here and I will now list all the needed information in hopes someone here is willing and can help me.

First, I use Firefox on Windows 7 Professional. I have a lap top.

I have purchased Malware Bytes and Hitman Pro in hopes of helping to solve this problem. I currently use Microsoft Security Essentials.

These are the steps I have done to try and solve this issue.
1. Scanned Malware bytes, corrected all issues. Did a quick scan and 3 full scans... problem still remains.
2. Scanned with Hitman Pro 3 times, corrected the issues and still having the same problems.
3. Scanned with MSE and still having the same issues but only did this once and did it before trying the other two options.
4. Used GMER.exe to try and locate the issue and correct it, didn't work.
5. Used ComboFix with the CFScript following with a CCleaner to try and clean the registry afterwards. Still having issues.
6. Used TFC to try and locate this trojan or virus but at lass still no solution.

As far as I can tell, your my last hope before I wind up wiping my entire computer and reinstalling my OS. I would prefer not to do that over this particular situation, but I may have too. Here are my scans I believe you will need to help me figure this out.

GooredFix

GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:11 on 07/12/2012 (Ray Sowell)
Firefox version 17.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:37 06/12/2012]

C:\Users\Ray Sowell\Application Data\Mozilla\Firefox\Profiles\kt39bmhy.default\extensions\
support@lastpass.com [05:23 21/09/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"="C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" [02:31 24/09/2012]

-=E.O.F=-

Checkup

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


FSS

Farbar Service Scanner Version: 07-12-2012
Ran by Ray Sowell (administrator) on 07-12-2012 at 01:25:31
Running from "C:\Users\Ray Sowell\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


MiniToolBox

MiniToolBox by Farbar Version: 25-11-2012
Ran by Ray Sowell (administrator) on 07-12-2012 at 01:27:41
Running from "C:\Users\Ray Sowell\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
Intel® WiFi Link 5300 AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : RaySowell-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN
Physical Address. . . . . . . . . : 00-21-6A-16-15-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-90-F5-85-9B-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ec35:2caa:1c6f:e683%10(Preferred)
IPv4 Address. . . . . . . . . . . : 69.146.145.97(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Friday, December 07, 2012 1:01:50 AM
Lease Expires . . . . . . . . . . : Friday, December 07, 2012 7:01:46 AM
Default Gateway . . . . . . . . . : 69.146.144.1
DHCP Server . . . . . . . . . . . : 172.18.131.26
DHCPv6 IAID . . . . . . . . . . . : 234918133
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EE-04-55-00-90-F5-85-9B-01
DNS Servers . . . . . . . . . . . : 69.145.248.4
69.146.17.2
69.144.49.29
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10bb:cc2:ba6d:6e9e(Preferred)
Link-local IPv6 Address . . . . . : fe80::10bb:cc2:ba6d:6e9e%16(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable ISATAP Interface {2CB0A421-035F-45DE-A6B6-8E57D9A41BC9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{14AAC873-C54C-47ED-BB71-43F2CD755738}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4592:9161::4592:9161(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 69.145.248.4
69.146.17.2
69.144.49.29
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: blnmt001dns.ext.bresnan.net
Address: 69.145.248.4

Name: google.com
Addresses: 2607:f8b0:400a:801::1005
173.194.33.35
173.194.33.36
173.194.33.37
173.194.33.38
173.194.33.39
173.194.33.40
173.194.33.41
173.194.33.46
173.194.33.32
173.194.33.33
173.194.33.34


Pinging google.com [173.194.33.38] with 32 bytes of data:
Reply from 173.194.33.38: bytes=32 time=19ms TTL=56
Reply from 173.194.33.38: bytes=32 time=20ms TTL=56

Ping statistics for 173.194.33.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 20ms, Average = 19ms
Server: blnmt001dns.ext.bresnan.net
Address: 69.145.248.4

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=51ms TTL=53
Reply from 72.30.38.140: bytes=32 time=63ms TTL=53

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 63ms, Average = 57ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
11...00 21 6a 16 15 0a ......Intel® WiFi Link 5300 AGN
10...00 90 f5 85 9b 01 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 69.146.144.1 69.146.145.97 20
69.146.144.0 255.255.252.0 On-link 69.146.145.97 276
69.146.145.97 255.255.255.255 On-link 69.146.145.97 276
69.146.147.255 255.255.255.255 On-link 69.146.145.97 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 69.146.145.97 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 69.146.145.97 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:10bb:cc2:ba6d:6e9e/128
On-link
17 1025 2002::/16 On-link
17 281 2002:4592:9161::4592:9161/128
On-link
10 276 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::10bb:cc2:ba6d:6e9e/128
On-link
10 276 fe80::ec35:2caa:1c6f:e683/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/06/2012 04:24:52 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/05/2012 09:39:23 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/05/2012 02:05:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/05/2012 02:03:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (12/05/2012 02:52:45 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/03/2012 00:49:31 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (12/03/2012 04:45:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.6.5.6215, time stamp: 0x50a67cdf
Faulting module name: splitter.ax, version: 1.11.288.0, time stamp: 0x4e68caa4
Exception code: 0xc0000005
Fault offset: 0x000080d1
Faulting process id: 0x12d8
Faulting application start time: 0xmpc-hc.exe0
Faulting application path: mpc-hc.exe1
Faulting module path: mpc-hc.exe2
Report Id: mpc-hc.exe3

Error: (12/02/2012 10:30:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.6.5.6215, time stamp: 0x50a67cdf
Faulting module name: avcodec-lav-54.dll, version: 0.0.0.0, time stamp: 0x509fce1f
Exception code: 0x40000015
Fault offset: 0x003bb44a
Faulting process id: 0x3810
Faulting application start time: 0xmpc-hc.exe0
Faulting application path: mpc-hc.exe1
Faulting module path: mpc-hc.exe2
Report Id: mpc-hc.exe3

Error: (12/02/2012 10:26:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.6.5.6215, time stamp: 0x50a67cdf
Faulting module name: avcodec-lav-54.dll, version: 0.0.0.0, time stamp: 0x509fce1f
Exception code: 0x40000015
Fault offset: 0x003bb44a
Faulting process id: 0x2bbc
Faulting application start time: 0xmpc-hc.exe0
Faulting application path: mpc-hc.exe1
Faulting module path: mpc-hc.exe2
Report Id: mpc-hc.exe3

Error: (12/02/2012 10:25:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: mpc-hc.exe, version: 1.6.5.6215, time stamp: 0x50a67cdf
Faulting module name: avcodec-lav-54.dll, version: 0.0.0.0, time stamp: 0x509fce1f
Exception code: 0x40000015
Fault offset: 0x003bb44a
Faulting process id: 0x335c
Faulting application start time: 0xmpc-hc.exe0
Faulting application path: mpc-hc.exe1
Faulting module path: mpc-hc.exe2
Report Id: mpc-hc.exe3


System errors:
=============
Error: (12/07/2012 01:03:55 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/07/2012 01:03:55 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/07/2012 00:55:14 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/07/2012 00:54:43 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/07/2012 00:52:53 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/06/2012 10:53:27 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/06/2012 10:44:41 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/06/2012 10:44:41 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/06/2012 10:42:40 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (12/06/2012 04:13:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.1281.0).


Microsoft Office Sessions:
=========================
Error: (12/06/2012 04:24:52 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/05/2012 09:39:23 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/05/2012 02:05:43 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/05/2012 02:03:49 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (12/05/2012 02:52:45 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/03/2012 00:49:31 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (12/03/2012 04:45:26 AM) (Source: Application Error)(User: )
Description: mpc-hc.exe1.6.5.621550a67cdfsplitter.ax1.11.288.04e68caa4c0000005000080d112d801cdd14baa9d71d0C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exeC:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.axed5eef36-3d3e-11e2-9538-0090f5859b01

Error: (12/02/2012 10:30:20 PM) (Source: Application Error)(User: )
Description: mpc-hc.exe1.6.5.621550a67cdfavcodec-lav-54.dll0.0.0.0509fce1f40000015003bb44a381001cdd117425cae1bC:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exeC:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll86bb66cd-3d0a-11e2-9538-0090f5859b01

Error: (12/02/2012 10:26:23 PM) (Source: Application Error)(User: )
Description: mpc-hc.exe1.6.5.621550a67cdfavcodec-lav-54.dll0.0.0.0509fce1f40000015003bb44a2bbc01cdd116b927d67bC:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exeC:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dllf99bb1bf-3d09-11e2-9538-0090f5859b01

Error: (12/02/2012 10:25:50 PM) (Source: Application Error)(User: )
Description: mpc-hc.exe1.6.5.621550a67cdfavcodec-lav-54.dll0.0.0.0509fce1f40000015003bb44a335c01cdd116a37ec82aC:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exeC:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dlle5da0830-3d09-11e2-9538-0090f5859b01


CodeIntegrity Errors:
===================================
Date: 2012-12-07 00:54:43.056
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 00:54:43.024
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-12 04:15:00.251
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-11-12 04:14:43.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 3.2.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Media Player (Version: 1.8)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Application Verifier (x64) (Version: 4.1.1078)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG2100 series MP Drivers
Canon MG2100 series On-screen Manual
Canon MG2100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 3.25)
D3DX10 (Version: 15.4.2368.0902)
DealCabby (Version: 1.0921.1509)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
GnuCash 2.4.11
HitmanPro 3.7 (Version: 3.7.0.179)
Intel® Matrix Storage Manager and Intel® Turbo Memory
Intel® Turbo Memory
iTunes (Version: 10.7.0.21)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
JMicron Flash Media Controller Driver (Version: 1.0.67.0)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 9.5.0 (Full) (Version: 9.5.0)
LastPass (uninstall only)
League of Legends (Version: 1.3)
LOLReplay (Version: 0.8.0.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.30319)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514)
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
n52te Editor (Version: 5.01)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
PDF Settings CS5 (Version: 10.0)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
Razer Megalodon Firmware Updater (Version: 2.12.02)
Skype™ 5.11 (Version: 5.11.102)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows SDK IntellisenseNFX (Version: 7.1.30514)
WinZip 17.0 (Version: 17.0.10283)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 4090.86 MB
Available physical RAM: 2443.62 MB
Total Pagefile: 8179.91 MB
Available Pagefile: 6271.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:99.42 GB) NTFS

========================= Users: ========================================

User accounts for \\RAYSOWELL-PC

Administrator Guest Ray Sowell
UpdatusUser


**** End of log ****


Malware Bytes

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ray Sowell :: RAYSOWELL-PC [administrator]

Protection: Enabled

12/7/2012 1:24:55 AM
mbam-log-2012-12-07 (01-24-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227917
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


aswMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-07 01:28:32
-----------------------------
01:28:32.256 OS Version: Windows x64 6.1.7601 Service Pack 1
01:28:32.256 Number of processors: 2 586 0x170A
01:28:32.257 ComputerName: RAYSOWELL-PC UserName: Ray Sowell
01:28:33.243 Initialize success
01:29:46.523 AVAST engine defs: 12120602
01:31:46.962 The log file has been saved successfully to "C:\Users\Ray Sowell\Desktop\aswMBR.txt"



Hope all this is helpful and if you can, please lend me a hand. Thank you!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 PM

Posted 10 December 2012 - 10:38 PM

Hello two things ..

In FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date


The other is if that did not work,having run combofix,we'll need to see that log with the DDS log from this guide in a new topic.
Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.

Include this link back to here...
http://www.bleepingcomputer.com/forums/topic477674.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:10 AM

Posted 20 December 2012 - 07:15 PM

http://www.bleepingcomputer.com/forums/topic479132.html/page__p__2926477#entry2926477

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis

Edited by hamluis, 20 December 2012 - 07:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users