Jump to content


Photo

What is visicom_antiphising


  • Please log in to reply
6 replies to this topic

#1 J_townSonny

J_townSonny

    New Member

  • Members
  • Pip
  • 28 posts
  • Gender:Male

Posted 17 November 2012 - 04:16 AM

I recently heard my PC "processing" something suddenly since being idle for over 5 hours. My system is only set to hibernates because I use MagicJack. Nothing was open besides MJ and nothing is set to auto update; all are set to notify or prompt only. I opened up task manager and noticed a new prog there: visicom_antiphishing. This happened about 3 hours before I registered here and was also the reason for this. My CPU usage is now all over the board; from 3% to nearly 97% with only the task manager open: and the pagefile usage is over 1.15GB steadily; which is about 65% and kernel times nearly match CPU usage. I have MalPRO and MSE but neither detect this. I have searched this program and came to the conclusion that Nobody has a clue about this. Most of the posts are only a month old so I assume it's something new. My PC seemed to slow down noticably Tuesday night but didn't noticed this until now. Any suggestions on what to do or look for? System info: eMachines eL1200-w, Win XP Home SP3, 500G hard drive, 896 megRAM, Firefox Browser, Comcast Cable internet & Motorola modem. As stated above, the only program running 24/7 is MagicJack.

#2 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,883 posts
  • Gender:Not Telling

Posted 17 November 2012 - 09:17 AM

I have searched this program and came to the conclusion that Nobody has a clue about this. Most of the posts are only a month old so I assume it's something new.


Hi:

We'll need to wait for one of the MBAM staff or experts to weigh in, but I was able to find quite a few references to this. :)
And it seems it's been around for quite a while. :)
It appears to be a Panda-branded application.
Perhaps it was installed alongside or bundled with your antivirus or with some other program?
Or perhaps it was provided by your ISP?

Here are a few links to get you started:
http://www.sophos.co...%20advisor.aspx
http://www.bleepingc...opic456157.html
http://systemexplore...ntiphishing-exe

Here is the software publisher's product web page:
http://software.visicommedia.com/en/products/antiphishing/

-->While we await an expert opinion (especially regarding how to remove this software, if you wish to do so), you might want to run the DDS scanner tool (instructions below) and attach both of the resulting logs to your next reply here.
The logs will provide the them with a bit of info about your system, e.g. whether you might be infected, etc.
They will then be able to better advise you on how to proceed.

HTH,

daledoc1

-----------------

DDS Instructions

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
  • When done, DDS will open two (2) logs:

  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please attach both of the following logs to your next reply: DDS.txt and Attach.txt
    -->>>You can ignore the note about zipping the Attach.txt file in most cases.

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#3 J_townSonny

J_townSonny

    New Member

  • Members
  • Pip
  • 28 posts
  • Gender:Male

Posted 17 November 2012 - 06:15 PM

Download and run application successful. Results as follow: .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI
Adobe Shockwave Player 11.6
Agere Systems PCI-SV92EX Soft Modem
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
CyberLink DVD Suite
CyberLink Power2Go
CyberLink PowerDVD
DealCabby
DefaultTab
EasyRecovery DataRecovery
eMachines Games
ffdshow manager
Google Chrome
Google Desktop
Google Talk Plugin
Google Update Helper
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
iTunes
Java Auto Updater
Java™ 6 Update 37
Java™ 6 Update 5
LG USB Modem Drivers
LightScribe 1.4.142.1
LSI PCI-SV92EX Soft Modem
magicJack
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WinUsb 1.0
Microsoft Works
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVC90_x86
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
Pale Moon 15.0 (x86 en-US)
PC Connectivity Solution
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Search-Results Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
.
==== End Of File ===========================

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 7.0.6000.17112 BrowserJavaVersion: 1.6.0_37
Run by USER at 16:52:33 on 2012-11-17
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Documents and Settings\USER\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Documents and Settings\All Users\Application Data\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe
C:\Documents and Settings\All Users\Application Data\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0812&m=el1200-05w
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0812&m=el1200-05w
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0812&m=el1200-05w
uInternet Connection Wizard,ShellNext = hxxp://help.bigfix.com/kb/kb50.html
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RivalGaming Games: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - c:\documents and settings\user\local settings\application data\rivalgaming\RivalGaming.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\user\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: DataMngr: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} -
BHO: Search-Results Toolbar: {bff6b2ca-366c-4a90-b685-d87776deb0d2} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Search-Results Toolbar: {bff6b2ca-366c-4a90-b685-d87776deb0d2} -
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\user\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SPMTray] {pf}\\PC Speed Maximizer\\SPMTray.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [LaunchApp] <no file>
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346026604625
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347280703812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{49E32791-1992-4019-BA40-83D90DC34943} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\2250de6i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-01 15:46; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2012-10-09 00:06; afurladvisor@anchorfree.com; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2012-10-19 23:14; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-03 21:05; exif_viewer@mozilla.doslash.org; c:\documents and settings\user\application data\mozilla\firefox\profiles\2250de6i.default\extensions\exif_viewer@mozilla.doslash.org.xpi
FF - ExtSQL: 2012-11-03 21:05; imageviewer@toptip.ca; c:\documents and settings\user\application data\mozilla\firefox\profiles\2250de6i.default\extensions\imageviewer@toptip.ca.xpi
FF - ExtSQL: 2012-11-03 21:05; {B2EA3FAB-912C-48a1-BABD-C5B00BB885BB}; c:\documents and settings\user\application data\mozilla\firefox\profiles\2250de6i.default\extensions\{B2EA3FAB-912C-48a1-BABD-C5B00BB885BB}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQM4MFXtQ&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5ce11b5b000000000000001d72a66e96
FF - user.js: extensions.incredibar_i.instlDay - 15622
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:59:36
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQM4MFXtQ
FF - user.js: extensions.incredibar_i.upn2n - 92543719417037406
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0AyCyC0EzyyCtC0ByD0BtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=251039576
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0AyCyC0EzyyCtC0ByD0BtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=251039576
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0AyCyC0EzyyCtC0ByD0BtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=251039576&q=
FF - user.js: extensions.funmoods.id - 001D72A66E961B5B
FF - user.js: extensions.funmoods.instlDay - 15622
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:46:10
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - test312
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - test312
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
.
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=5ce11b5b000000000000001d72a66e96&q=
FF - user.js: extensions.BabylonToolbar.id - 5ce11b5b000000000000001d72a66e96
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15651
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.819:29:27
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-11-14 05:58:14 -------- d-----w- c:\documents and settings\user\application data\QuickScan
2012-11-13 02:47:22 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8d8fc786-226c-4bc2-a4ac-104608d7b0f4}\mpengine.dll
.
==================== Find3M ====================
.
2012-11-11 03:36:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-11 03:36:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-23 23:39:26 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-10-23 23:39:26 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-10-23 23:39:22 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-10-04 04:01:02 172456 ----a-w- c:\program files\64res.dll
2012-10-01 20:45:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-10-01 20:45:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 20:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 18:51:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-21 17:05:08 15544 ----a-w- c:\windows\system32\roboot.exe
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 16:53:31.64 ===============

By the way, a new error code when updating MES definitions: 0x80070005.

#4 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,017 posts
  • Gender:Male
  • Location:US

Posted 17 November 2012 - 06:39 PM

Please ATTACH both logs. Do not copy/paste them.

Click on the "More Reply Options button to allow attaching both of the logs.

Thank you

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#5 J_townSonny

J_townSonny

    New Member

  • Members
  • Pip
  • 28 posts
  • Gender:Male

Posted 17 November 2012 - 07:34 PM

It froze my PC for 35 min the first time. It finally loaded using basic but still took 15 min. This seems to be getting worse.

Attached Files



#6 J_townSonny

J_townSonny

    New Member

  • Members
  • Pip
  • 28 posts
  • Gender:Male

Posted 17 November 2012 - 07:42 PM

I am attching the addresses for what the MS tech sent me that should also help withthis. Look them over and let me know which ones areapplicable. Not sure on all of them. Thanks

Attached Files



#7 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,017 posts
  • Gender:Male
  • Location:US

Posted 17 November 2012 - 09:08 PM

You have a lot of items that can cause redirect and other issues or possibly bring in an infection.
I would recommend you choose one of the options below and let one of the Experts guide you in scanning your system for infections and removing any found as we do not work on that type of issue in this forum, thanks.


Here are the steps needed to get your computer cleaned....
Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:
  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support
OPTION 1


As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the
Malware Removal forum so a qualified helper can help you fix any malware related problems or infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.
NOTE: Please do not post back to (bump) your topic within the first 48 hours.
Replying to your own posts changes the post count and helpers are looking for topics with zero replies.
If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

  • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    Or
  • You may send a Private Message to a Moderator asking for assistance.
OPTION 2


Alternatively, as a paying customer, you can contact the help desk here


OPTION 3


If you would like to use our Malwarebytes Premium Consumer Services partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site.


Please be patient, someone will assist you as soon as possible.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users