Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JS/Blacole.AC - Virus help always appreciated


  • Please log in to reply
16 replies to this topic

#1 znick46

znick46

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 January 2012 - 08:36 PM

Hi,

I've been getting popups when i search the web. My computer crashes randomly from time to time, and will always crash when i put it on power save mode. Microsoft Security Essentials found this virus one day(not during a scan) "JS/Blacole.AC" when i tried to remove it, MSE(microsoft security...) couldn't find the location of the virus. So i tried to find it manually using the info it provided " C:windows/system32/config/systemprofile/appdata/local/microsoft/windows/temporary internet files/content/5YES4kks/sp3stats[1].htm ", but when i got to the windows part the only folder in it was explorer(I'm not a computer wiz as you probably noticed).

Please advise
Thank you for taking the time to read my post
-Nick

Edited by hamluis, 13 January 2012 - 09:38 PM.
Moved to AII from Vista.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:02 AM

Posted 13 January 2012 - 09:25 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 January 2012 - 11:05 PM

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````


Your the man Broni!
thanks for the speedy help

#4 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 January 2012 - 11:10 PM

Farbar Service Scanner
Ran by Nick (administrator) on 13-01-2012 at 20:06:27
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 13:27] - [2011-09-20 13:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2010-09-02 23:59] - [2009-04-10 22:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2010-09-03 00:00] - [2009-04-10 22:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2010-09-02 23:59] - [2009-04-10 22:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2010-09-02 23:59] - [2009-04-10 22:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#5 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 January 2012 - 11:17 PM

During the minitoolbox scan, while its "getting ipconfig" a error message comes up(nslookup.exe - Ordinal Not found " The ordinal 1109 could not be located in the dynamic link library WSOCK32.dll.)




MiniToolBox by Farbar
Ran by Nick (administrator) on 13-01-2012 at 20:14:01
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Nick-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gv.shawcable.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gv.shawcable.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E0-CB-4E-32-6F-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1525:cf00:d047:dc38%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : January-13-12 3:46:26 PM
Lease Expires . . . . . . . . . . : January-14-12 7:36:01 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 148949838
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-12-4F-00-E0-CB-4E-32-6F-7A
DNS Servers . . . . . . . . . . . : 64.59.160.13
64.59.160.15
64.59.161.68
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.127.99] with 32 bytes of data:

Reply from 74.125.127.99: bytes=32 time=20ms TTL=52

Reply from 74.125.127.99: bytes=32 time=19ms TTL=52



Ping statistics for 74.125.127.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=101ms TTL=51

Reply from 209.191.122.70: bytes=32 time=90ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 101ms, Average = 95ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
8 ...e0 cb 4e 32 6f 7a ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.104 286
192.168.1.104 255.255.255.255 On-link 192.168.1.104 286
192.168.1.255 255.255.255.255 On-link 192.168.1.104 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.104 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.104 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
8 286 fe80::/64 On-link
8 286 fe80::1525:cf00:d047:dc38/128
On-link
1 306 ff00::/8 On-link
8 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/13/2012 08:18:04 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000138, fault offset 0x00009f5d,
process id 0x124c, application start time 0xnslookup.exe0.

Error: (01/13/2012 08:17:56 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000138, fault offset 0x00009f5d,
process id 0x114c, application start time 0xnslookup.exe0.

Error: (01/13/2012 08:17:14 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000138, fault offset 0x00009f5d,
process id 0x9b8, application start time 0xnslookup.exe0.

Error: (01/13/2012 08:13:20 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000138, fault offset 0x00009f5d,
process id 0x1400, application start time 0xnslookup.exe0.

Error: (01/13/2012 08:13:14 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000138, fault offset 0x00009f5d,
process id 0x1060, application start time 0xnslookup.exe0.

Error: (01/13/2012 08:13:01 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000138, fault offset 0x00009f5d,
process id 0x12b0, application start time 0xnslookup.exe0.

Error: (01/13/2012 05:57:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10328

Error: (01/13/2012 05:57:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10328

Error: (01/13/2012 05:57:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2012 05:57:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9329


System errors:
=============
Error: (01/13/2012 03:48:05 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/13/2012 03:48:05 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (01/13/2012 03:48:05 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/13/2012 03:47:02 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/13/2012 03:44:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/13/2012 03:25:07 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/13/2012 03:25:07 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (01/13/2012 03:25:07 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/13/2012 03:24:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (01/13/2012 03:23:25 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:21:25 PM on 13/01/2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (01/13/2012 08:18:04 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e3d5c000013800009f5d124c01ccd27381913170

Error: (01/13/2012 08:17:56 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e3d5c000013800009f5d114c01ccd2737d0ce1d0

Error: (01/13/2012 08:17:14 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e3d5c000013800009f5d9b801ccd272f478e490

Error: (01/13/2012 08:13:20 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e3d5c000013800009f5d140001ccd272d8d898c0

Error: (01/13/2012 08:13:14 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e3d5c000013800009f5d106001ccd272d1876d80

Error: (01/13/2012 08:13:01 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e3d5c000013800009f5d12b001ccd272c9e8be80

Error: (01/13/2012 05:57:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10328

Error: (01/13/2012 05:57:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10328

Error: (01/13/2012 05:57:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/13/2012 05:57:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9329


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19120)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Community Help (Version: 3.5.23)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.4.5 (Version: 9.4.5)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
BitZipper 2010
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DivX Setup (Version: 2.0.4.2)
doPDF 6.2 printer
Evelyn Wood Notetaking and Study Skills for Great Grades (Version: 1.0.0)
Evelyn Wood Reading Dynamics Speed Drills (Version: 1.0.0)
HP Color LaserJet CP1210 Series
HP Color LaserJet CP1210 Series (Version: 1.0.0)
HP Color LaserJet CP1210 Series Toolbox (Version: 1.0.21)
HP LaserJet Toolbox (Version: 1.0.58)
HP Update (Version: 5.003.001.001)
hppusgCP1215 (Version: 000.000.00006)
HPSSupply (Version: 2.1.1.0000)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Kobo (Version: 2.1.6)
Lexmark Pro800-Pro900 Series
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MarketResearch (Version: 90.0.142.000)
Media Go (Version: 1.3.227)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.02.8507)
neroxml (Version: 1.0.0)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (Version: 9.10.0224)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.5896)
PDF Settings CS5 (Version: 10.0)
Platform (Version: 1.34)
PokerStars
QuickTime (Version: 7.69.80.9)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
RebirthRO (Version: 20101008)
Skype™ 5.5 (Version: 5.5.124)
Sony Ericsson PC Companion 2.02.002 (Version: 2.02.002)
Sony Ericsson Update Engine (Version: 2.11.9.6)
StarCraft II (Version: 1.4.2.20141)
The Sims™ 3 (Version: 1.17.60)
The Sims™ 3 Late Night (Version: 6.0.81)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VIA Platform Device Manager (Version: 1.34)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Warcraft III
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3326.18 MB
Available physical RAM: 1613.79 MB
Total Pagefile: 6887.37 MB
Available Pagefile: 5205.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.81 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:596.17 GB) (Free:451.29 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:596.17 GB) (Free:595.66 GB) NTFS

========================= Users: ========================================

User accounts for \\NICK-PC

Administrator Guest Nick


**** End of log ****

Edited by znick46, 13 January 2012 - 11:20 PM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:02 AM

Posted 13 January 2012 - 11:20 PM

Does it run anyway?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 14 January 2012 - 02:02 PM

Is that the info you needed?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:02 AM

Posted 14 January 2012 - 02:06 PM

Yes.
I still need aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 14 January 2012 - 02:21 PM

How do i get that log ?

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:02 AM

Posted 14 January 2012 - 03:07 PM

Read my reply #2.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 14 January 2012 - 03:26 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-14 12:13:02
-----------------------------
12:13:02.456 OS Version: Windows 6.0.6002 Service Pack 2
12:13:02.456 Number of processors: 2 586 0x170A
12:13:02.456 ComputerName: NICK-PC UserName: Nick
12:13:05.001 Initialize success
12:18:41.451 AVAST engine defs: 12011401
12:25:28.092 The log file has been saved successfully to "C:\Users\Nick\Desktop\aswMBR.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:02 AM

Posted 14 January 2012 - 03:29 PM

That looks suspicious.

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 14 January 2012 - 03:39 PM

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 2 (build 6002)
, 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:02 AM

Posted 14 January 2012 - 03:52 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 znick46

znick46
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 14 January 2012 - 04:54 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-14 13:52:55
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6401AALS-00L3B2 rev.01.03B01
Running: 024bqep8.exe; Driver: C:\Users\Nick\AppData\Local\Temp\kxldqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text csc.sys 91A0D000 10 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text csc.sys 91A0D00B 21 Bytes [45, 08, 8B, 40, 4C, 85, C0, ...]
.text csc.sys 91A0D021 106 Bytes [90, 90, 90, 90, 90, FF, 25, ...]
.text csc.sys 91A0D08C 7 Bytes [70, A4, 91, BB, 00, 70, A4]
.text csc.sys 91A0D094 42 Bytes [3B, C3, 74, 2E, F6, 40, 20, ...]
.text ...
? C:\Windows\system32\drivers\csc.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtProtectVirtualMemory 76EA4BA4 5 Bytes JMP 008F000A
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory 76EA54E4 5 Bytes JMP 0090000A
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!KiUserExceptionDispatcher 76EA5C28 5 Bytes JMP 008E000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB50875$\227789608 0 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\@ 2048 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\bckfg.tmp 860 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\cfg.ini 185 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\keywords 236 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\L 0 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\L\fomtmfeh 351744 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\U 0 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB50875$\227789608\U\80000032.@ 77312 bytes
File C:\Windows\$NtUninstallKB50875$\2674351664 0 bytes

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users