BleepingComputer.com: BOTNET et al

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

BOTNET et al Botnet infection, probably others as well

#1 User is offline   dwatsoncds 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 23-October 10

Posted 06 December 2011 - 11:04 PM

I'm sure I'm not the first one with this tale of malware misery and Windows woes. My troubles began about a year ago with the install of a Windows 7 upgrade; as part of the 'updates' to the OS, Windows wanted to install the 'Windows Security Center.' Like every good Microsoft Lemming, I installed the program, ran a scan with it, whereupon it reported that I was infected with all kinds of malware. Long story short, since then I've tried every major AV software (Norton, McAfee, AVG, NOD32, etc) to clean up my machines, have tried wiping the drives & reinstalling the OS, but I have had continued problems with slow internet connections, complete loss of connectivity, data loss, program instability, you name it.

Most recent reliable info on infections came from OPENDNS, which reported detecting BOT NET on my connection. Two machines appear to be infected: Sony VAIO VGN-FJ370 notebook running Windows XP Home SP3 (because of a frame-up restore from Sony restore CD's) and a customized INTEL I5 PC running Windows 7 Home Premium, 64 bit (the 'upgraded' pc). Can't get an internet connection at all on the PC, and the notebook has similar connectivity problems which I am sure are malware-related.

Any assistance with these issues would be appreciated.

Sincerely,
dwatsoncds

This post has been edited by dwatsoncds: 07 December 2011 - 12:29 PM

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 25 January 2012 - 09:24 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#3 User is offline   dwatsoncds 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 23-October 10

Posted 26 January 2012 - 01:29 AM

Here are the log files from each utility; all ran to completion except aswMBR which failed with a BSOD while scanning c:\windows\system32 then spontaneously rebooted. Upon reboot, Norton Internet Security reported 'Virus Definitions are corrupt.' A second run of the aswMBR yielded the result below.

Your assistance is sincerely appreciated.
-dwatsoncds

>>>CHECKUP.TXT 1/25/2012 7:30PM<<<

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 30
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````


>>>FSS.TXT 1/25/2012 7:32PM<<<

Farbar Service Scanner Version: 18-01-2012 01
Ran by DWATSON (administrator) on 25-01-2012 at 19:31:23
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

>>>RESULT.TXT 1/25/2012 7:36PM<<<

MiniToolBox by Farbar Version: 18-01-2012
Ran by DWATSON (administrator) on 25-01-2012 at 19:33:26
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® 82578DC Gigabit Network Connection = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DWATSON-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 00-27-0E-02-A9-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.100.100.192(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, January 25, 2012 6:59:07 PM
Lease Expires . . . . . . . . . . : Thursday, January 26, 2012 6:59:07 PM
Default Gateway . . . . . . . . . : 10.100.100.1
DHCP Server . . . . . . . . . . . : 10.100.100.1
DNS Servers . . . . . . . . . . . : 10.100.100.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-24-7E-AA-35-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{08237E47-6E84-4795-A6ED-2DAC53C6399C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2037:242c:b947:9ad4(Preferred)
Link-local IPv6 Address . . . . . : fe80::2037:242c:b947:9ad4%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{FD4CA853-3BD1-4E32-AE62-1BAC80A5ABDF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.100.100.1

Name: google.com
Addresses: 74.125.227.148
74.125.227.144
74.125.227.145
74.125.227.146
74.125.227.147


Pinging google.com [74.125.227.145] with 32 bytes of data:
Reply from 74.125.227.145: bytes=32 time=60ms TTL=54
Reply from 74.125.227.145: bytes=32 time=59ms TTL=54

Ping statistics for 74.125.227.145:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 60ms, Average = 59ms
Server: UnKnown
Address: 10.100.100.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=40ms TTL=57
Reply from 72.30.2.43: bytes=32 time=41ms TTL=57

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 40ms, Maximum = 41ms, Average = 40ms
Server: UnKnown
Address: 10.100.100.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 27 0e 02 a9 08 ......Intel® 82578DC Gigabit Network Connection
11...00 24 7e aa 35 89 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.100.100.1 10.100.100.192 20
10.100.100.0 255.255.255.0 On-link 10.100.100.192 276
10.100.100.192 255.255.255.255 On-link 10.100.100.192 276
10.100.100.255 255.255.255.255 On-link 10.100.100.192 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.100.100.192 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.100.100.192 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:2037:242c:b947:9ad4/128
On-link
14 306 fe80::/64 On-link
14 306 fe80::2037:242c:b947:9ad4/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/25/2012 07:01:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/25/2012 07:01:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/25/2012 07:01:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/25/2012 07:00:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2012 10:16:32 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (01/24/2012 09:20:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2012 09:20:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2012 09:20:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/24/2012 09:20:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/23/2012 10:32:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (01/24/2012 10:26:43 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/23/2012 11:36:28 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (01/23/2012 11:36:28 PM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/23/2012 11:36:28 PM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (01/23/2012 11:36:19 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/21/2012 08:28:22 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/21/2012 07:42:30 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DW_VAIO
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{08237E47-6E84-4795-A6ED-2DAC53C6399C}.
The master browser is stopping or an election is being forced.

Error: (01/21/2012 06:30:34 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DW_VAIO
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{08237E47-6E84-4795-A6ED-2DAC53C6399C}.
The master browser is stopping or an election is being forced.

Error: (01/21/2012 02:08:26 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/20/2012 11:50:20 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DW_VAIO
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{08237E47-6E84-4795-A6ED-2DAC53C6399C}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (01/25/2012 07:01:18 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/25/2012 07:01:18 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/25/2012 07:01:03 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/25/2012 07:00:59 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/24/2012 10:16:32 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (01/24/2012 09:20:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/24/2012 09:20:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/24/2012 09:20:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/24/2012 09:20:26 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFCLOC,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\WinZip System Utilities Suite\mfc90u.dllC:\Program Files (x86)\WinZip System Utilities Suite\Microsoft.VC90.MFCLOC.MANIFEST4

Error: (01/23/2012 10:32:48 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
DivX Codec (Version: 6.8.0)
DivX Content Uploader (Version: 1.2.1)
DivX Converter (Version: 6.6.0)
DivX Player (Version: 6.7.0)
DivX Web Player (Version: 1.4.0)
Dolby Control Center (Version: 2.2.1)
Google Chrome (Version: 16.0.912.75)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
Intel® Network Connections Drivers (Version: 14.2)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Internet Security (Version: 16.8.3.6)
Realtek High Definition Audio Driver (Version: 6.0.1.6482)
Samsung_MonSetup (Version: 1.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
WinZip System Utilities Suite (Version: 1.0.648.9967)
Yawcam 0.3.7

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 4022.18 MB
Available physical RAM: 2317.32 MB
Total Pagefile: 8042.56 MB
Available Pagefile: 5875.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.25 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:596.07 GB) (Free:565.36 GB) NTFS
2 Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
3 Drive e: () (Fixed) (Total:60 GB) (Free:42.45 GB) NTFS
4 Drive f: (WzSysUtilsSuite) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: () (Fixed) (Total:871.41 GB) (Free:871.26 GB) NTFS

========================= Users: ========================================

User accounts for \\DWATSON-PC

Administrator DWATSON Guest


**** End of log ****

>>>MBAB-LOG-2012-01-25 (19-39-53).TXT<<<

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DWATSON :: DWATSON-PC [administrator]

Protection: Enabled

1/25/2012 7:39:53 PM
mbam-log-2012-01-25 (19-39-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212535
Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

>>>ASWMBR.TXT 1/25/2012 10:55 PM<<<

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-25 22:50:39
-----------------------------
22:50:39.180 OS Version: Windows x64 6.1.7601 Service Pack 1
22:50:39.180 Number of processors: 4 586 0x2505
22:50:39.180 ComputerName: DWATSON-PC UserName: DWATSON
22:50:41.614 Initialize success
22:50:46.933 AVAST engine defs: 12012501
22:50:51.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
22:50:51.504 Disk 0 Vendor: WDC_WD6400BEVT-11A0RT0 01.01A01 Size: 610480MB BusType: 3
22:50:51.520 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
22:50:51.520 Disk 1 Vendor: ST1000DL002-9TT153 CC32 Size: 953869MB BusType: 3
22:50:51.520 Disk 0 MBR read successfully
22:50:51.535 Disk 0 MBR scan
22:50:51.535 Disk 0 Windows 7 default MBR code
22:50:51.551 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610378 MB offset 206848
22:50:51.567 Service scanning
22:50:53.345 Modules scanning
22:50:53.345 Disk 0 trace - called modules:
22:50:53.423 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:50:53.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042e0060]
22:50:53.953 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80040349b0]
22:50:53.953 5 ACPI.sys[fffff88000f4d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa800406d680]
22:50:55.638 AVAST engine scan C:\Windows
22:51:03.548 AVAST engine scan C:\Windows\system32
22:53:14.775 AVAST engine scan C:\Windows\system32\drivers
22:53:27.083 AVAST engine scan C:\Users\DWATSON
22:55:09.182 Disk 0 MBR has been saved successfully to "C:\Users\DWATSON\Documents\MBR.dat"
22:55:09.197 The log file has been saved successfully to "C:\Users\DWATSON\Documents\aswMBR.txt"

#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 26 January 2012 - 11:21 AM

Nothing so far...

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.


IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#5 User is offline   dwatsoncds 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 23-October 10

Posted 27 January 2012 - 12:57 AM

>>> GMER.LOG 1-26-2012 22:33 <<<

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-26 22:33:33
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247eaa3589
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247eaa3589 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\EfaData\SYMEFA.DB-journal 33344 bytes

---- EOF - GMER 1.0.15 ----

#6 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 27 January 2012 - 11:17 AM

All looks clean to me.

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#7 User is offline   dwatsoncds 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 6
  • Joined: 23-October 10

Posted 02 February 2012 - 12:08 AM

Ran the TFC program to completion, no errors reported.

Disabled NIS2012, MBAM, WinZip SP and ran the ESET Online Scanner to completion, no threats/infected files found.

#8 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 02 February 2012 - 12:09 AM

You should be good to go.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users