Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect problems


  • Please log in to reply
5 replies to this topic

#1 slivimn

slivimn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 20 July 2011 - 04:12 PM

I'm seeing some other posts similar to what I'm experiencing. When I google something and click on one of the links, it redirects me to some other "adzilla" or shopping type websites instead of the link I clicked on.

I ran malwarebytes, nothing found.

I ran checkup. Here is the txt:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java Media Framework 2.1.1e
Java™ 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.1.53.64
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro Client Server Security Agent tmlisten.exe
``````````End of Log````````````


Recommendations?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:11 PM

Posted 20 July 2011 - 07:36 PM

Welcome aboard Posted Image

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 slivimn

slivimn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 21 July 2011 - 10:33 AM

MiniToolBox by Farbar
Ran by Sandy (administrator) on 21-07-2011 at 07:58:42
Windows 7 Professional (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : slivi-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tierneybrothers.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : A4-BA-DB-FD-4B-F8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8e4:7e65:41d3:de3c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.111.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 20, 2011 3:28:36 PM
Lease Expires . . . . . . . . . . : Thursday, July 21, 2011 8:40:05 AM
Default Gateway . . . . . . . . . : 192.168.111.1
DHCP Server . . . . . . . . . . . : 192.168.111.1
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2D-68-75-A4-BA-DB-FD-4B-F8
DNS Servers . . . . . . . . . . . : 172.16.16.10
192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c2f:1051:9c72:5b1b(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c2f:1051:9c72:5b1b%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: tbifile.tierneybrothers.com
Address: 172.16.16.10

Name: google.com
Addresses: 74.125.93.104
74.125.93.105
74.125.93.99
74.125.93.106
74.125.93.147
74.125.93.103


Pinging google.com [74.125.93.104] with 32 bytes of data:
Reply from 74.125.93.104: bytes=32 time=42ms TTL=48
Reply from 74.125.93.104: bytes=32 time=42ms TTL=48

Ping statistics for 74.125.93.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 42ms, Average = 42ms
Server: tbifile.tierneybrothers.com
Address: 172.16.16.10

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=83ms TTL=54
Reply from 98.137.149.56: bytes=32 time=131ms TTL=54

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 131ms, Average = 107ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...a4 ba db fd 4b f8 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.111.1 192.168.111.9 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.111.0 255.255.255.0 On-link 192.168.111.9 276
192.168.111.9 255.255.255.255 On-link 192.168.111.9 276
192.168.111.255 255.255.255.255 On-link 192.168.111.9 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.111.9 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.111.9 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:2c2f:1051:9c72:5b1b/128
On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
11 276 fe80::8e4:7e65:41d3:de3c/128
On-link
14 306 fe80::2c2f:1051:9c72:5b1b/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/16/2011 02:25:35 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:23:04 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:21:12 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:18:35 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:17:28 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/16/2011 02:17:28 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/16/2011 02:16:01 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:13:25 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:11:50 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:08:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {18a763fe-fd7b-4480-a61e-91ef6f88ba25}


System errors:
=============
Error: (07/19/2011 09:25:16 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/19/2011 09:24:39 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/14/2011 10:42:11 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/14/2011 10:42:11 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/14/2011 10:41:30 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/11/2011 05:20:04 PM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/11/2011 05:19:43 PM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/07/2011 10:56:00 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/07/2011 10:55:40 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/06/2011 09:00:48 AM) (Source: Service Control Manager) (User: )
Description: The Local System Utility service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (07/16/2011 02:25:35 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:23:04 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:21:12 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:18:35 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:17:28 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/16/2011 02:17:28 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/16/2011 02:16:01 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:13:25 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:11:50 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {89f1a632-6423-414a-950a-07cab03fc08a}

Error: (07/16/2011 02:08:00 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-1851087837-3805739048-2614759361-1002.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {18a763fe-fd7b-4480-a61e-91ef6f88ba25}


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 8151.11 MB
Available physical RAM: 5171.36 MB
Total Pagefile: 16300.37 MB
Available Pagefile: 12683.89 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.84 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:339.24 GB) NTFS
3 Drive e: (SimpleDrive) (Fixed) (Total:931.51 GB) (Free:308.96 GB) NTFS

========================= Users: ========================================

User accounts for \\SLIVI-PC

Administrator Guest pcsadmin
Sandy


== End of log ==




Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7213

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/21/2011 8:09:55 AM
mbam-log-2011-07-21 (08-09-55).txt

Scan type: Quick scan
Objects scanned: 220261
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




This is a 64bit computer, so GMER won't run. Thanks for your help.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:11 PM

Posted 21 July 2011 - 08:00 PM

GMER will run on 64-bit.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 slivimn

slivimn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 July 2011 - 01:37 PM

ok I downloaed & ran GMER. It cam up with no errors. The log file is completely empty. What's the next step? Thanks for your time -

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:11 PM

Posted 22 July 2011 - 08:31 PM

I still need Security Check log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users