Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Start Menu Shortcuts


  • This topic is locked This topic is locked
8 replies to this topic

#1 genjaguar

genjaguar

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 01 November 2011 - 03:20 PM

So I believe I got one of those system restore viruses. It hid my desktop icons as well as mostly all my computer files. I restarted my computer in safe mode and ran Malwarebytes. It found the infection and removed it. I then restarted the computer and since I just thought my icons were hidden, I started manually unhiding my whole disk drive(just mass selected and unchecked hidden). I then read up on the virus and found the program unhide which should work for me. I ran the program, but it did not restore all my desktop icons and while the start menu->all programs has all the folders, it has no icons.

I then figured I would try a system restore. This hung at the shutdown and restoring screen but just said restore initializing. I rebooted and the virus was back...so I ran Malwarebytes again to remove it. Then ran unhide and again it did not restore my shortcut icons in the start menu folders.

I checked my temp/smtmp and it has the 1 and 4 folder. 4 has nothing and 1 has the folders but no icons or shortcuts.
Is there any way to get them back or do I have to add them back in manually?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 PM

Posted 01 November 2011 - 03:27 PM

Hello, see post 2 here
http://www.bleepingcomputer.com/forums/topic405724.html/page__p__2305412__hl__missing+start+menu+shortcuts+__fromsearch__1#entry2305412
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 genjaguar

genjaguar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 01 November 2011 - 06:31 PM

So I thought I had got rid of the infection...but I have not. Sometimes when I restart the computer the virus returns. When I run Malewarebytes, it finds the problem file (svchost.exe). It states it needs to restart to complete removal and so I let it. When Windows restarts it asks to run and I let it...however if I scan again the same file is there still infected.

The virus also returns sometimes on restarts(even after I had just scanned and Malewarebytes asked me to restart). It comes up with bunches of errors and its "system restore" window. If I run Malewarebytes during this time, it finds more files(about 5 I think). It removes those and asks to restart. When running a scan after the restart it again finds the svchost.exe file.

Here are what it finds while the virus is running: (sometimes finds more sometimes less)
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8064

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/1/2011 6:30:16 PM
mbam-log-2011-11-01 (18-30-07).txt

Scan type: Quick scan
Objects scanned: 192283
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\programdata\wlfpfmouqayx.exe (Rogue.FakeAlert) -> 4516 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wLFPFmouqaYX.exe (Rogue.FakeAlert) -> Value: wLFPFmouqaYX.exe -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\wlfpfmouqayx.exe (Rogue.FakeAlert) -> No action taken.
c:\Windows\Temp\p5tm1qbi6dss92.exe.tmp (Rogue.FakeAlert) -> No action taken.
c:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\thpm4837143962050533628.tmp (Exploit.Drop.3) -> No action taken.



Also, it seems like my Mozilla keeps closing by itself...not sure if that is related or not.

Edited by genjaguar, 01 November 2011 - 06:42 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 PM

Posted 01 November 2011 - 08:12 PM

Hello ,I see "No action taken" in that log. Either you copied the before or you did not click the Remove Selected button.
Did you run RKILL before MBAM?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 genjaguar

genjaguar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 02 November 2011 - 01:32 AM

That Malewarebytes log was before I clicked to remove all the items. I have both run and not run RKill before Malewarebytes with the same result.

Here's the logs from the other two :
MiniToolBox by Farbar
Windows 7 Home Premium (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Gorczowski-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 1A-4B-D6-F9-C3-DC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cfl.rr.com
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 48-5B-39-98-A5-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 1C-4B-D6-F9-C3-DC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a980:eab2:75cf:9433%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 01, 2011 11:14:08 PM
Lease Expires . . . . . . . . . . : Wednesday, November 02, 2011 11:14:08 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 236735446
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-04-E0-42-1C-4B-D6-F9-C3-DC
DNS Servers . . . . . . . . . . . : 68.94.156.1
68.94.157.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{61B66C64-46DC-4877-959F-CC58E4253AFF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7AEF14BB-9E5D-4936-B5C8-A8FA32E37493}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cbe:7f1:3f57:fe9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cbe:7f1:3f57:fe9b%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.cfl.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: google.com
Addresses: 74.125.225.51
74.125.225.52
74.125.225.50
74.125.225.49
74.125.225.48


Pinging google.com [74.125.225.19] with 32 bytes of data:
Reply from 74.125.225.19: bytes=32 time=16ms TTL=52
Reply from 74.125.225.19: bytes=32 time=16ms TTL=52

Ping statistics for 74.125.225.19:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=68ms TTL=50
Reply from 67.195.160.76: bytes=32 time=71ms TTL=50

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 71ms, Average = 69ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...1a 4b d6 f9 c3 dc ......Microsoft Virtual WiFi Miniport Adapter
12...48 5b 39 98 a5 3d ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
11...1c 4b d6 f9 c3 dc ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 286
192.168.1.100 255.255.255.255 On-link 192.168.1.100 286
192.168.1.255 255.255.255.255 On-link 192.168.1.100 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:2cbe:7f1:3f57:fe9b/128
On-link
11 286 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::2cbe:7f1:3f57:fe9b/128
On-link
11 286 fe80::a980:eab2:75cf:9433/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/01/2011 11:28:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (11/01/2011 11:28:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (11/01/2011 11:28:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (11/01/2011 11:28:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (11/01/2011 11:19:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: lxctJSWX.EXE, version: 3.150.24.0, time stamp: 0x44b4fa58
Faulting module name: lxctJSWX.EXE, version: 3.150.24.0, time stamp: 0x44b4fa58
Exception code: 0xc000041d
Fault offset: 0x000000000001425e
Faulting process id: 0xc24
Faulting application start time: 0xlxctJSWX.EXE0
Faulting application path: lxctJSWX.EXE1
Faulting module path: lxctJSWX.EXE2
Report Id: lxctJSWX.EXE3

Error: (11/01/2011 11:07:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: lxctcoms.exe, version: 6.3.22.0, time stamp: 0x44b6bab3
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc0000005
Fault offset: 0x0003311d
Faulting process id: 0x12ec
Faulting application start time: 0xlxctcoms.exe0
Faulting application path: lxctcoms.exe1
Faulting module path: lxctcoms.exe2
Report Id: lxctcoms.exe3

Error: (11/01/2011 11:07:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: lxctcoms.exe, version: 6.3.22.0, time stamp: 0x44b6bab3
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc0000005
Fault offset: 0x00033100
Faulting process id: 0xcbc
Faulting application start time: 0xlxctcoms.exe0
Faulting application path: lxctcoms.exe1
Faulting module path: lxctcoms.exe2
Report Id: lxctcoms.exe3

Error: (11/01/2011 09:54:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (11/01/2011 09:54:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (11/01/2011 07:02:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00650072
Faulting process id: 0x56c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (11/01/2011 11:18:08 PM) (Source: Service Control Manager) (User: )
Description: The lxct_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/01/2011 11:14:05 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002c5a6d7, 0x0000000000000000, 0x000007fffffa0000)C:\Windows\MEMORY.DMP110111-32994-01

Error: (11/01/2011 11:14:01 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:12:00 PM on ?11/?1/?2011 was unexpected.

Error: (11/01/2011 11:08:16 PM) (Source: Service Control Manager) (User: )
Description: The lxct_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/01/2011 11:07:40 PM) (Source: Service Control Manager) (User: )
Description: The lxct_device service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/01/2011 06:33:54 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (11/01/2011 06:33:54 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (11/01/2011 06:02:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/01/2011 06:02:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/01/2011 06:02:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/01/2011 11:28:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gorczowski\Downloads\esetsmartinstaller_enu(1).exe

Error: (11/01/2011 11:28:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gorczowski\Downloads\esetsmartinstaller_enu(1).exe

Error: (11/01/2011 11:28:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gorczowski\Downloads\esetsmartinstaller_enu(1).exe

Error: (11/01/2011 11:28:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gorczowski\Downloads\esetsmartinstaller_enu.exe

Error: (11/01/2011 11:19:59 PM) (Source: Application Error)(User: )
Description: lxctJSWX.EXE3.150.24.044b4fa58lxctJSWX.EXE3.150.24.044b4fa58c000041d000000000001425ec2401cc9916911c5c50C:\Windows\system32\spool\DRIVERS\x64\3\lxctJSWX.EXEC:\Windows\system32\spool\DRIVERS\x64\3\lxctJSWX.EXEecb1f517-0509-11e1-beb0-485b3998a53d

Error: (11/01/2011 11:07:57 PM) (Source: Application Error)(User: )
Description: lxctcoms.exe6.3.22.044b6bab3ntdll.dll6.1.7600.163854a5bdb3bc00000050003311d12ec01cc9914ffd7298eC:\Windows\SysWOW64\lxctcoms.exeC:\Windows\SysWOW64\ntdll.dll3e62dcbb-0508-11e1-bd68-485b3998a53d

Error: (11/01/2011 11:07:53 PM) (Source: Application Error)(User: )
Description: lxctcoms.exe6.3.22.044b6bab3ntdll.dll6.1.7600.163854a5bdb3bc000000500033100cbc01cc9914fd3f0fd4C:\Windows\SysWOW64\lxctcoms.exeC:\Windows\SysWOW64\ntdll.dll3c2a2277-0508-11e1-bd68-485b3998a53d

Error: (11/01/2011 09:54:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gorczowski\Downloads\esetsmartinstaller_enu.exe

Error: (11/01/2011 09:54:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gorczowski\Downloads\esetsmartinstaller_enu.exe

Error: (11/01/2011 07:02:56 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c00000050065007256c01cc98eadb99ac24\\.\globalroot\systemroot\svchost.exeunknown04244638-04e6-11e1-bd68-485b3998a53d


=========================== Installed Programs ============================

AC3Filter 1.62b (Version: 1.62b)
Acrobat.com (Version: 1.6.65)
Action Replay Code Manager
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.4.6 MUI (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Akamai NetSession Interface
Alcor Micro USB Card Reader (Version: 1.6.17.25401)
Alice Greenfingers
Amazon Kindle For PC v1.0
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ASUS AI Recovery (Version: 1.0.9)
ASUS AP Bank (Version: 1.0.0.0)
ASUS CopyProtect (Version: 1.0.0015)
ASUS FancyStart (Version: 1.0.8)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS Live Update (Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.37)
ASUS SmartLogon (Version: 1.0.0008)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0028)
ASUS Video Magic (Version: 6.0.4015)
ASUS Virtual Camera (Version: 1.0.19)
ASUS_Screensaver
ATI Catalyst Install Manager (Version: 3.0.769.0)
ATK Package (Version: 1.0.0005)
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Boingo Wi-Fi (Version: 1.7.0048)
Bonjour (Version: 3.0.0.2)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0330.2135.36914)
Catalyst Control Center Graphics Full Existing (Version: 2010.0330.2135.36914)
Catalyst Control Center Graphics Full New (Version: 2010.0330.2135.36914)
Catalyst Control Center Graphics Light (Version: 2010.0330.2135.36914)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0330.2135.36914)
Catalyst Control Center InstallProxy (Version: 2010.0330.2135.36914)
Catalyst Control Center Localization All (Version: 2010.0330.2135.36914)
ccc-core-static (Version: 2010.0330.2135.36914)
ccc-utility64 (Version: 2010.0330.2135.36914)
CCC Help Chinese Standard (Version: 2010.0330.2134.36914)
CCC Help Chinese Traditional (Version: 2010.0330.2134.36914)
CCC Help Czech (Version: 2010.0330.2134.36914)
CCC Help Danish (Version: 2010.0330.2134.36914)
CCC Help Dutch (Version: 2010.0330.2134.36914)
CCC Help English (Version: 2010.0330.2134.36914)
CCC Help Finnish (Version: 2010.0330.2134.36914)
CCC Help French (Version: 2010.0330.2134.36914)
CCC Help German (Version: 2010.0330.2134.36914)
CCC Help Greek (Version: 2010.0330.2134.36914)
CCC Help Hungarian (Version: 2010.0330.2134.36914)
CCC Help Italian (Version: 2010.0330.2134.36914)
CCC Help Japanese (Version: 2010.0330.2134.36914)
CCC Help Korean (Version: 2010.0330.2134.36914)
CCC Help Norwegian (Version: 2010.0330.2134.36914)
CCC Help Polish (Version: 2010.0330.2134.36914)
CCC Help Portuguese (Version: 2010.0330.2134.36914)
CCC Help Russian (Version: 2010.0330.2134.36914)
CCC Help Spanish (Version: 2010.0330.2134.36914)
CCC Help Swedish (Version: 2010.0330.2134.36914)
CCC Help Thai (Version: 2010.0330.2134.36914)
CCC Help Turkish (Version: 2010.0330.2134.36914)
Chicken Invaders 2
Choice Guard (Version: 1.2.87.0)
Combat Arms
ControlDeck (Version: 1.0.8)
Crysis 2 Demo
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink MediaShow Espresso (Version: 5.0.1606_25588)
CyberLink PhotoNow (Version: 1.1.6904)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDirector (Version: 8.0.2609a)
CyberLink PowerDVD 9 (Version: 9.0.3009.50)
DAEMON Tools Pro (Version: 4.41.0315.0262)
Diablo II
DivX Setup (Version: 2.5.0.8)
Dragon Age II Demo
Dream Day Wedding Married in Manhattan
Driver Detective (Version: 8.0.1)
Empire Earth II (Version: 1.20)
Empire Earth II: The Art of Supremacy (Version: 1.0)
ESET Online Scanner v3
ETDWare PS/2-x64 7.0.5.12_WHQL (Version: 7.0.5.12)
Express Gate (Version: 1.4.10.1)
Fast Boot (Version: 1.0.5)
FrostWire 4.21.8 (Version: 4.21.8.0)
Futuremark SystemInfo (Version: 4.0.0.0)
Game Park Console (Version: 6.2.0.2)
Google Chrome (Version: 15.0.874.106)
Google Earth (Version: 6.0.3.2197)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.79)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Junk Mail filter update (Version: 14.0.8050.1202)
League of Legends (Version: 1.3)
Lego Star Wars Saga
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 1.2.121.0)
Microsoft Silverlight (Version: 2.0.31005.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MotioninJoy ds3 driver version 0.6.0001 (Version: 0.5.0001)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSI Afterburner 2.1.0 (Version: 2.1.0)
MSVC80_x64 (Version: 1.0.1.0)
MSVC80_x86 (Version: 1.0.1.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Mumble 1.2.3 (Version: 1.2.3)
Nero Burning ROM 10 (Version: 10.6.10500.3.100)
Nero Burning ROM 10 (Version: 10.6.10600)
Nero BurningROM 10 Help (CHM) (Version: 10.6.10600)
Nero BurnRights 10 (Version: 4.4.10300.1.100)
Nero BurnRights 10 Help (CHM) (Version: 10.6.10600)
Nero Control Center 10 (Version: 10.6.12600.0.5)
Nero ControlCenter 10 Help (CHM) (Version: 10.6.10600)
Nero Core Components 10 (Version: 2.0.18800.9.2)
Nero Update (Version: 1.0.10600.28.0)
Nexon Game Manager
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.3.6.0)
PC Connectivity Solution (Version: 8.47.7.0)
Piggly FREE
Project64 1.6 (Version: 1.6)
QuickTime (Version: 7.70.80.34)
RIFT (Version: 1.0.0)
RollerCoaster Tycoon 2
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Skype™ 4.2 (Version: 4.2.155)
Smileyville FREE
Spiral Knights
Spybot - Search & Destroy (Version: 1.6.2)
SRS Premium Sound Control Panel (Version: 1.8.5700)
Steam (Version: 1.0.0.0)
syncables desktop SE (Version: 5.5.615.9518)
System Requirements Lab (Version: 4.1.72.0)
Times Reader (Version: 2.055)
Titan Quest: Immortal Throne
TQ Defiler.NET (Version: 1.3.6)
Trend Micro Internet Security (Version: 17.50)
USB2.0 UVC 2M WebCam (Version: 5.8.54000.205)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 1.1.11 (Version: 1.1.11)
Vuze (Version: 4.6)
Vuze (Version: 4.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Family Safety (Version: 14.0.8052.1208)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.817.1)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Toolbar (Version: 14.0.8052.1208)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinFlash (Version: 2.30.2)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip 16.0 (Version: 16.0.9661)
Wireless Console 3 (Version: 3.0.17)
World of Warcraft (Version: 4.3.0.14899)
World of Warcraft Public Test (Version: 0.0.0.0)
Worms Reloaded Demo

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 4093.82 MB
Available physical RAM: 2704.88 MB
Total Pagefile: 8185.78 MB
Available Pagefile: 6680.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.71 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:116.45 GB) (Free:42.52 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:329.78 GB) (Free:224.15 GB) NTFS

========================= Users: ========================================

User accounts for \\GORCZOWSKI-PC

Administrator Gorczowski Guest
Guest1

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

ESET Scanner
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1e27aad4-5d1b3649 a variant of Java/TrojanDownloader.OpenStream.NCM trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1d192924-44315e09 a variant of Java/Agent.DU trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\1f9529a5-5aa33ae6 a variant of Java/TrojanDownloader.OpenStream.NCM trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-13347f08 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-15da46a4 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-2d0bd30c a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-3a444221 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-4c0eedae a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6731dc9e a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\a9f2a37-381a6aea a variant of Java/Agent.DU trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\37634ebb-2000d2e1 a variant of Java/Agent.DU trojan deleted - quarantined


Here's a log with Malewarebytes when it just detects the one file :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8066

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/2/2011 1:32:11 AM
mbam-log-2011-11-02 (01-32-11).txt

Scan type: Quick scan
Objects scanned: 192267
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by genjaguar, 02 November 2011 - 01:35 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 PM

Posted 02 November 2011 - 04:20 PM

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 genjaguar

genjaguar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 02 November 2011 - 11:02 PM

I went ahead and removed my old Java as well as Adobe Reader. While removing Java, it stated that svchost.exe was using, which I just told it to close and continued on.

However, Malewarebytes is still unable to remove the file. I run it, it gets detected and says it needs to restart to complete removal. If I run Malewarebytes after the restart, it still detects the file.

I also tried Spybot S&D which also finds the file. It calls it smitfraud-c.gp. However, it is unable to remove it as well. Not sure what else I should try or do.

Edited by genjaguar, 02 November 2011 - 11:02 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:46 PM

Posted 03 November 2011 - 08:49 AM

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:46 PM

Posted 03 November 2011 - 07:02 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic426212.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users