Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit, possible anti-virus screw up?


  • Please log in to reply
9 replies to this topic

#1 Quiet Bagel

Quiet Bagel

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 26 September 2011 - 09:45 AM

Hey,

Well yesterday, upon surfing my usual sites, one of them happened to be hacked (by some hacker organization, Tiger something). I started having problems during the afternoon when my avast! Antivirus found 3 files that were infected with a trojan. I forget the name, but the 3 files were .dll files and were located in a folder called the SysWOW64 folder. Anyway, two of the files were successfully moved to the Chest, but the last one (which appeared to be the same file as the first one) failed to move to the Chest because it apparently did not exist anymore. So I just ignored that one and proceeded to do a boot scan like avast! suggested.

After the boot scan completed, I logged back on to Windows normally and everything seemed fine... Except the fact that I could no longer run a majority of my .exe files. I could still run Task Manager, Windows Explorer and Microsoft Security Essentials, but programs such as Mozilla Firefox, Google Chrome, avast! Antivirus, Malwarebytes, etc. all were unable to run. I looked in the Task Manager and what was usually 100 processes at startup had dwindled to about 60 processes. It definitely was not lag because my computer was not using any memory at all. At this point, I started to suspect either A. it is a rootkit virus and the trojan was just a mask or B. some of my essential files got deleted, preventing me from starting any .exe programs.

So far, I have concluded that it is most likely not the loss or corruption of file association with .exe programs because in regedit, the /exefile/shell/open/default "1%" * or something key is still intact AND because I still had rundll32.exe and dllhost.exe on my system.

However, at the same time, it appears unlikely that it is a virus as well. In Safe Mode (yes, .exes even failed to run in Safe Mode, only could use Microsoft Security Essentials), I did a full scan with MSE and it found nothing. Subsequently, I went ahead and used Kaspersky Rescue Disk 10, which ran a scan and found nothing and then I used BitDefender Rescue Disk, which ran a scan and found nothing.

So at that point I was fairly lost about what to do because I couldn't run anything in Safe Mode or in normal mode and anti-viruses failed to find anything. (In total, I've ran avast!, MSE, Spybot-Search & Destroy, Kaspersky AND BitDefender) So in desperation, I attempted to do a System Restore via the System Repair Tool. And it worked. I'm typing this on the problematic computer right now, and everything seems to run absolutely perfectly (save for a long load-up at start after the System Restore, but I suspect that's natural because the system is indexing files) which makes me suspect that maybe avast! deleted or corrupted one of my important files during the boot scan.

However, I am still not fully convinced that this is not just some very nasty rootkit virus. So if possible, I would very much appreciate it if someone could give me directions to help ensure my computer is not infected.

Thanks in advance.

Edited by Quiet Bagel, 26 September 2011 - 09:45 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:40 AM

Posted 26 September 2011 - 11:05 AM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Quiet Bagel

Quiet Bagel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 26 September 2011 - 12:59 PM

SecurityCheck.exe Log

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Spybot Teatimer.exe is disabled!
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Microsoft Security Client Antimalware MpCmdRun.exe
Admin Desktop ANTI-MALWARE SecurityCheck.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````


MiniToolBox Log

MiniToolBox by Farbar
Ran by Admin (administrator) on 26-09-2011 at 13:05:07
Windows 7 Professional Service Pack 1 (X64)

***************************************************************************

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15055 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Admin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cgocable.net

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 1C-4B-D6-0B-22-3F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 48-5B-39-4B-E5-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : cgocable.net
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 1C-4B-D6-A8-A0-1A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8176:f526:2c1a:34cf%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.118(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : September-26-11 12:34:27 PM
Lease Expires . . . . . . . . . . : September-27-11 1:03:02 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 236735446
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-AE-A6-2F-1C-4B-D6-A8-A0-1A
DNS Servers . . . . . . . . . . . : 24.226.1.93
24.226.10.193
24.226.10.194
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.phub.net.cable.rogers.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {06443884-AD4A-490D-8EEA-58FA5EF34F9A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c9:3483:e772:f188(Preferred)
Link-local IPv6 Address . . . . . : fe80::c9:3483:e772:f188%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {DFCE3D73-EAAA-4174-A109-FDDDCF50729B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{48426525-F79C-420A-8072-6E9C4BC8684B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D22BFCBB-84F8-4464-A5BB-1418B126A102}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.cgocable.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cgocable.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns3.cgocable.net
Address: 24.226.1.93

Name: google.com
Addresses: 74.125.226.18
74.125.226.20
74.125.226.16
74.125.226.17
74.125.226.19


Pinging google.com [74.125.226.20] with 32 bytes of data:
Reply from 74.125.226.20: bytes=32 time=25ms TTL=57
Reply from 74.125.226.20: bytes=32 time=12ms TTL=57

Ping statistics for 74.125.226.20:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 25ms, Average = 18ms
Server: ns3.cgocable.net
Address: 24.226.1.93

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=59ms TTL=54
Reply from 69.147.125.65: bytes=32 time=73ms TTL=54

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 73ms, Average = 66ms

Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
12...1c 4b d6 0b 22 3f ......Bluetooth Device (Personal Area Network)
11...48 5b 39 4b e5 4e ......Atheros AR8131 PCI-E Gigabit Ethernet Controller
10...1c 4b d6 a8 a0 1a ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.118 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.118 281
192.168.1.118 255.255.255.255 On-link 192.168.1.118 281
192.168.1.255 255.255.255.255 On-link 192.168.1.118 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.118 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.118 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:c9:3483:e772:f188/128
On-link
10 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::c9:3483:e772:f188/128
On-link
10 281 fe80::8176:f526:2c1a:34cf/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2011 00:36:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2011 00:36:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2011 00:32:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2011 00:32:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/25/2011 07:55:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/25/2011 07:55:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/25/2011 07:53:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.12.7533, time stamp: 0x4dd7398b
Faulting module name: nvtray.exe, version: 7.17.12.7533, time stamp: 0x4dd7398b
Exception code: 0x40000015
Fault offset: 0x000000000002352e
Faulting process id: 0xe8c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (09/24/2011 09:45:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/24/2011 09:45:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/24/2011 09:44:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/26/2011 00:35:28 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (09/26/2011 00:35:15 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%1053

Error: (09/26/2011 00:35:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee SiteAdvisor Service service to connect.

Error: (09/26/2011 11:36:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (09/26/2011 11:34:27 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: SYSTEM)
Description: CBS Client initialization failed. Last error: 0x8007045b

Error: (09/26/2011 11:34:12 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (09/26/2011 11:03:59 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (09/26/2011 10:21:13 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (09/26/2011 10:20:36 AM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service hung on starting.

Error: (09/26/2011 01:43:06 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
64 Bit HP CIO Components Installer (Version: 6.2.2)
ABC Amber Nokia Converter
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.2.0)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0)
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Alcor Micro USB Card Reader (Version: 1.5.17.25482)
ASUS AI Recovery (Version: 1.0.8)
ASUS FancyStart (Version: 1.0.8)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS MultiFrame (Version: 1.0.0021)
ASUS Power4Gear Hybrid (Version: 1.1.27)
ASUS SmartLogon (Version: 1.0.0008)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0028)
ASUS USB2.0 UVC VGA WebCam (Version: 5.8.53120.202)
ASUS Virtual Camera (Version: 1.0.19)
ASUS_Screensaver
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.0.0054)
ATK Media (Version: 2.0.0006)
ATKOSD2 (Version: 7.0.0008)
µTorrent (Version: 2.2.0)
Audacity 1.3.12 (Unicode)
avast! Free Antivirus (Version: 6.0.1203.0)
bpd_scan (Version: 3.00.0000)
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (Version: 3.05)
Click to Call with Skype (Version: 5.5.8013)
ControlDeck (Version: 1.0.5)
CyberLink LabelPrint (Version: 2.5.1720)
CyberLink Power2Go (Version: 6.1.2713)
DivX Setup (Version: 2.2.1.2)
ETDWare PS/2-x64 7.0.5.9_WHQL
Fast Boot (Version: 1.0.5)
Heroes of Newerth (Version: 2.0.33)
HP Update (Version: 5.002.002.002)
ImgBurn (Version: 2.5.5.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2021)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Turbo Boost Technology Monitor (Version: 1.0.115.11)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LAME v3.98.3 for Audacity
League of Legends (Version: 1.3)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
McAfee SiteAdvisor (Version: 3.4.143)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (Version: 7.1.36.0)
Nokia PC Suite (Version: 7.1.60.0)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 275.33 (Version: 275.33)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA Optimus 1.3.5 (Version: 1.3.5)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
PC Connectivity Solution (Version: 10.50.2.0)
PowerISO (Version: 4.7)
Rainmeter
Realtek High Definition Audio Driver (Version: 6.0.1.6029)
RPG Maker VX (Version: 1.02)
RPG Maker VX RTP (Version: 1.02)
SAMSUNG CDMA Modem Driver Set
Samsung Kies (Version: 2.0.1.11053_99)
Skype™ 5.5 (Version: 5.5.113)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.4 (Version: 4.4.0)
SRS Premium Sound Control Panel (Version: 1.8.3800)
StepMania 3.9b (remove only)
System Requirements Lab CYRI (Version: 4.4.16.0)
TrueCrypt (Version: 7.0a)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.8 (Version: 1.1.8)
WIDCOMM Bluetooth Software (Version: 6.2.5.500)
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) (Version: 06/11/2009 6.2.0.9500)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8) (Version: 06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6) (Version: 10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdbus) USB (10/15/2009 5.02.0.0) (Version: 10/15/2009 5.02.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdmdm) Modem (10/15/2009 5.02.0.0) (Version: 10/15/2009 5.02.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdserd) Ports (10/15/2009 5.02.0.0) (Version: 10/15/2009 5.02.0.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinFlash (Version: 2.29.0)
WinRAR archiver
Wireless Console 3 (Version: 3.0.15)
ZoneAlarm (Version: 9.2.102.000)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 7980.48 MB
Available physical RAM: 5797.27 MB
Total Pagefile: 15959.15 MB
Available Pagefile: 13592.67 MB
Total Virtual: 4095.88 MB
Available Virtual: 3997.25 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:25.09 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:208.92 GB) (Free:125.76 GB) NTFS

========================= Users: ========================================

User accounts for \\ADMIN-PC

Administrator Guest Admin
UpdatusUser


**** End of log ****


GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-26 13:54:58
Windows 6.1.7601 Service Pack 1
Running: 4vjb3qu2.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60b223f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60b223f@0018913606f2 0x92 0xF7 0xD2 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60b223f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60b223f@0018913606f2 0x92 0xF7 0xD2 0x80 ...

---- EOF - GMER 1.0.15 ----



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:40 AM

Posted 26 September 2011 - 01:07 PM

...and Malwarebytes...

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Quiet Bagel

Quiet Bagel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 26 September 2011 - 03:03 PM

Malwarebytes Anti-Malware Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7801

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26/09/2011 3:57:27 PM
mbam-log-2011-09-26 (15-57-27).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 382770
Time elapsed: 51 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I figured nothing would show up. Starting to think maybe the avast! boot scan corrupted some files or something. I haven't run an avast! scan since I System Restored last night though, maybe I should do that.

Also, strangely I restarted my computer earlier today and when I logged on there was a pop-up saying something along the lines of "Windows must restart for these changes to take place" with the options [Restart Later] and [Restart Now]. There was a little bubble in the corner saying some USB thing installed as well, but I never touched anything before these messages showed up. I restarted once more and they haven't showed up. Maybe I'm just being paranoid, but is it possible that could be related?

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:40 AM

Posted 26 September 2011 - 03:06 PM

Well, so far all looks clean...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Quiet Bagel

Quiet Bagel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 26 September 2011 - 05:33 PM

I just finished the ESET Online Scan and it didn't give me the "List of found threats" or the "Export to text file" option, presumably because it didn't find anything during the scan.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:40 AM

Posted 26 September 2011 - 05:50 PM

Update your Java version here: http://www.java.com/en/download/installed.jsp

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Quiet Bagel

Quiet Bagel
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 26 September 2011 - 06:40 PM

Aha, I found the problem.

I looked into my avast! logs and found the name of the trojan virus that caused all of this: Win32-Cycbot-KI [Trj] which was found in 3 instances, one in C:\Windows\SysWoW64\kernell32.dll|>[Emul], C:\Windows\winsxs\...kernel32.dll|>[Emul] and C:\Windows\SysWoW64\kernell32.dll|>[Emul] (same as the first one).

When I found these with avast! yesterday, I moved them all to avast!'s quarantine. Apparently kernel32.dll is an important dll file that, if missing, prevents most .exe programs from activating including avast! I've researched this trojan a bit, and I'm not sure if its a false positive or not, but everyone I've seen who had the same virus found it using avast! and had the same problem, not being able to run any .exes after a restart.

The thing is, I just checked my avast! logs and the kernel32.dll file that I apparently moved to quarantine "could not be found". Running another avast! scan right now.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:40 AM

Posted 26 September 2011 - 07:15 PM

OK....

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users