Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after Vista Antivirus 2012...please help


  • Please log in to reply
12 replies to this topic

#1 Sandals30

Sandals30

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 20 January 2012 - 06:38 PM

Had Vista AV 2012 on my Dell Dimension E521 running Vista several days ago and followed instructions to get rid of it. Thought everything was OK, but then my laptop could no longer see the printer connected to this PC. When troubleshooting I found that the Network Sharing center would not allow me to turn on network discovery, file sharing, print sharing, etc. After searching, I also found the Computer Browser service would not start. All of these services are giving me an error of "the specified service does not exist as an installed service." Tried importing the registry value for HKLM/System/CurrentControlSet/Services from another Vista computer that is working, but no go. I tried restoring the computer to several weeks ago, but it failed. Found this thread and realized I still must be having problems from the malware. I have downloaded SecurityCheck.exe, MiniTool Box, TDSSKiller and FSS.exe as I saw requested in another post. if someone can help me, I would appreciate it. I have the logs ready to post. Just let me know if I need anything else.

Thanks-
Sandi

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:18 AM

Posted 20 January 2012 - 09:46 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Sandals30

Sandals30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 20 January 2012 - 10:41 PM

Thanks for helping me! Here is the FSS.txt

Farbar Service Scanner Version: 18-01-2012 01
Ran by Sandi (administrator) on 20-01-2012 at 18:20:22
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-10-20 13:31] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-10-20 13:30] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:18 AM

Posted 20 January 2012 - 11:07 PM

You have several registry keys missing but they don't seem to be connected to your issue (should be fixed anyway).

Let's run some additional checks.


Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Sandals30

Sandals30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 January 2012 - 03:12 PM

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 20
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.0.22.87) Flash Player Out of Date!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgrsx.exe
AVG avgemc.exe
``````````End of Log````````````






MiniToolBox by Farbar Version: 18-01-2012
Ran by Sandi (administrator) on 20-01-2012 at 18:21:44
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Loopback Pseudo-Interface 1" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 4" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sandi-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-18-8B-5F-ED-9B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9c7c:7979:61f7:315f%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 20, 2012 5:52:17 PM
Lease Expires . . . . . . . . . . : Saturday, January 21, 2012 5:52:16 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201332875
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-39-C1-69-00-18-8B-5F-ED-9B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.65.105
74.125.65.103
74.125.65.106
74.125.65.99
74.125.65.104
74.125.65.147

Pinging google.com [74.125.159.105] with 32 bytes of data:Request timed out.Reply from 74.125.159.105: bytes=32 time=48ms TTL=52Ping statistics for 74.125.159.105: Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),Approximate round trip times in milli-seconds: Minimum = 48ms, Maximum = 48ms, Average = 48msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=64ms TTL=56Reply from 209.191.122.70: bytes=32 time=63ms TTL=56Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 63ms, Maximum = 64ms, Average = 63msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
8 ...00 18 8b 5f ed 9b ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
8 276 fe80::/64 On-link
8 276 fe80::9c7c:7979:61f7:315f/128
On-link
1 306 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/20/2012 05:21:10 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .

Error: (01/20/2012 05:13:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -528

Error: (01/20/2012 05:13:22 PM) (Source: ESENT) (User: )
Description: Catalog Database (1696) Catalog Database: Error -1811 occurred while opening logfile C:\Windows\system32\CatRoot2\edb001A4.log.

Error: (01/20/2012 04:58:15 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 1.9.0.3725 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2cc
Start Time: 01ccd7bd77eb2f16
Termination Time: 0

Error: (01/19/2012 02:54:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/19/2012 09:55:06 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.6001.19170 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 161c
Start Time: 01ccd6b3288b5620
Termination Time: 0

Error: (01/18/2012 08:45:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (01/18/2012 08:45:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (01/18/2012 08:45:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/18/2012 04:31:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15600


System errors:
=============
Error: (01/20/2012 05:58:23 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/20/2012 05:55:37 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/20/2012 05:55:09 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/20/2012 05:55:07 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (01/20/2012 05:52:37 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/20/2012 05:52:37 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (01/20/2012 05:52:37 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/20/2012 05:52:34 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (01/20/2012 05:23:47 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/20/2012 05:22:55 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060


Microsoft Office Sessions:
=========================
Error: (10/13/2011 02:35:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1255808 seconds with 4200 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 2.0.1)
3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
AC-130 Operation Devastation (Version: 1.00.0000)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader 9.1 (Version: 9.1.0)
Apple Application Support (Version: 1.3.1)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
AVG Free 9.0
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
AXIS Media Control Embedded
Bonjour (Version: 2.0.2.0)
Brother MFL-Pro Suite (Version: 1.00)
Browser Hijack Recover(BHR) 3.0
Call of Duty
Canon Easy-WebPrint EX
Canon MP Navigator EX 1.0
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (Version: 2.31)
CoffeeCup Free HTML Editor
CoffeeCup HTML Editor
Color Theme Editor (Version: 1.0.0)
Cool MP4 To MPEG Converter 1.0
Coupon Printer for Windows (Version: 5.0.0.0)
DHTML Editing Component (Version: 6.02.0001)
Excel Invoice Manager 2.18.1021 (Version: 2.18.1021)
Facebook Plug-In
Fences
Fences (Version: 0.95)
FileZilla Client 3.3.2.1 (Version: 3.3.2.1)
FlipShare (Version: 4.0.6.31692)
Free YouTube to Mp3 Converter version 3.1
Garmin City Navigator North America NT 2010.40 (Version: 13.40.0.0)
Garmin Communicator Plugin (Version: 2.9.1)
Garmin Training Center 3.4.3 (Version: 3.4.3)
Garmin USB Drivers (Version: 2.3.0.0)
Google Chrome (Version: 16.0.912.75)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
HDView for Internet Explorer (Version: 1.0.20)
IKEA Home Planner (Version: 2.0.1)
IL-2 Sturmovik Demo
Invoice Maker
IrfanView (remove only) (Version: 4.27)
iTunes (Version: 9.2.1.5)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 7 (Version: 1.6.0.70)
Kies mini (Version: 1.00.0000)
Lorex Client 2.2 (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Medal of Honor Pacific Assault™ Demo (Version: 1.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MobileMe Control Panel (Version: 3.1.1.0)
Move Media Player
Mozilla Firefox (3.0.19) (Version: 3.0.19 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Octoshape add-in for Adobe Flash Player
OJOsoft Total Video Converter (Version: 2.6.10.0724)
Pocket RAR documentation
Postal Plus Demo
QuickTime (Version: 7.66.73.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.33.17.8)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
ThemeMaker M (Version: 2.1.1)
Uninstall 1.0.0.1
Unity Web Player (Version: 2.6.1f3_31223)
WillWriter 2010 (Version: 1.00.0000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver
XV6900 User Manual (Version: 1.0)
Xvid 1.1.3 final uninstall (Version: 1.1)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3005.76 MB
Available physical RAM: 1582.89 MB
Total Pagefile: 6248.05 MB
Available Pagefile: 4845.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.04 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.05 GB) (Free:94.97 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.89 GB) NTFS
3 Drive e: (FUSHIGI) (CDROM) (Total:1.92 GB) (Free:0 GB) UDF
8 Drive s: (OS) (Network) (Total:288.05 GB) (Free:94.97 GB) NTFS

========================= Users: ========================================

User accounts for \\SANDI-PC

Administrator Guest Sandi

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini102711-01.dmp

**** End of log ****







lMalwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.20.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Sandi :: SANDI-PC [administrator]

1/20/2012 6:23:54 PM
mbam-log-2012-01-20 (18-23-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173402
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 Sandals30

Sandals30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 January 2012 - 03:30 PM

I tried to run aswMBR, but both times I ran it, I got a blue screen of death. The message said it was the CACHE_MANAGER

#7 Sandals30

Sandals30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 January 2012 - 03:32 PM

(continued from above) it said CACHE_MANAGER was the issue. It gave the following error codes: STOP 0x000000034 (0x00050772, 0xA664DAB0, A664D77C).

Obviously, I can't give you the log from that program. If there is something else I can do to get it to run, let me know.

Sandi

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:18 AM

Posted 21 January 2012 - 04:55 PM

in MiniToolbox you forgot to checkmark:
List last 10 Event Viewer log
Redo.

Then....

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Sandals30

Sandals30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 21 January 2012 - 05:56 PM

I checked every box and ran it again. I thought I had done that the first time. Here is the new Mini-toolbox log. I will download the and run the other stuff later tonight and post it when it is done. Again, thank you for helping me.

Sandi






MiniToolBox by Farbar Version: 18-01-2012
Ran by Sandi (administrator) on 21-01-2012 at 17:52:41
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Loopback Pseudo-Interface 1" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 4" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sandi-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-18-8B-5F-ED-9B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9c7c:7979:61f7:315f%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 21, 2012 3:22:22 PM
Lease Expires . . . . . . . . . . : Sunday, January 22, 2012 3:22:21 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201332875
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-39-C1-69-00-18-8B-5F-ED-9B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.65.99
74.125.65.106
74.125.65.104
74.125.65.103
74.125.65.147
74.125.65.105



Pinging google.com [74.125.65.104] with 32 bytes of data:

Reply from 74.125.65.104: bytes=32 time=68ms TTL=53

Reply from 74.125.65.104: bytes=32 time=63ms TTL=53



Ping statistics for 74.125.65.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 63ms, Maximum = 68ms, Average = 65ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=169ms TTL=56

Reply from 98.137.149.56: bytes=32 time=121ms TTL=56



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 121ms, Maximum = 169ms, Average = 145ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
8 ...00 18 8b 5f ed 9b ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
8 276 fe80::/64 On-link
8 276 fe80::9c7c:7979:61f7:315f/128
On-link
1 306 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/21/2012 00:18:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZMGQNCU6\MAIL.GOOGLE.COM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/21/2012 00:18:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#MAIL.GOOGLE.COM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/21/2012 00:18:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZMGQNCU6\CORE.VIDEOEGG.COM\#COM\VIDEOEGG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/21/2012 00:18:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZMGQNCU6\CORE.VIDEOEGG.COM\#COM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/21/2012 00:18:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZMGQNCU6\CORE.VIDEOEGG.COM\#VE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/21/2012 00:18:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZMGQNCU6\CORE.VIDEOEGG.COM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/21/2012 00:18:54 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CORE.VIDEOEGG.COM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/20/2012 11:56:31 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#MAIL.GOOGLE.COM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/20/2012 11:56:30 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CORE.VIDEOEGG.COM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/20/2012 10:46:47 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\SANDI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (01/21/2012 03:25:28 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (01/21/2012 03:25:14 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (01/21/2012 03:23:23 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (01/21/2012 03:22:47 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/21/2012 03:22:47 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (01/21/2012 03:22:47 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/21/2012 03:22:20 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:19:25 PM on 1/21/2012 was unexpected.

Error: (01/21/2012 03:09:10 PM) (Source: Service Control Manager) (User: )
Description: 30000FlipShare Service

Error: (01/21/2012 10:41:44 AM) (Source: Service Control Manager) (User: )
Description: 30000FlipShare Service

Error: (01/21/2012 03:00:12 AM) (Source: Service Control Manager) (User: )
Description: 30000FlipShare Service


Microsoft Office Sessions:
=========================
Error: (10/13/2011 02:35:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1255808 seconds with 4200 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 2.0.1)
3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
AC-130 Operation Devastation (Version: 1.00.0000)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.1 (Version: 9.1.0)
Apple Application Support (Version: 1.3.1)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
AVG Free 9.0
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
AXIS Media Control Embedded
Bonjour (Version: 2.0.2.0)
Brother MFL-Pro Suite (Version: 1.00)
Browser Hijack Recover(BHR) 3.0
Call of Duty
Canon Easy-WebPrint EX
Canon MP Navigator EX 1.0
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (Version: 2.31)
CoffeeCup Free HTML Editor
CoffeeCup HTML Editor
Color Theme Editor (Version: 1.0.0)
Cool MP4 To MPEG Converter 1.0
Coupon Printer for Windows (Version: 5.0.0.0)
DHTML Editing Component (Version: 6.02.0001)
Excel Invoice Manager 2.18.1021 (Version: 2.18.1021)
Facebook Plug-In
Fences
Fences (Version: 0.95)
FileZilla Client 3.3.2.1 (Version: 3.3.2.1)
FlipShare (Version: 4.0.6.31692)
Free YouTube to Mp3 Converter version 3.1
Garmin City Navigator North America NT 2010.40 (Version: 13.40.0.0)
Garmin Communicator Plugin (Version: 2.9.1)
Garmin Training Center 3.4.3 (Version: 3.4.3)
Garmin USB Drivers (Version: 2.3.0.0)
Google Chrome (Version: 16.0.912.75)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
HDView for Internet Explorer (Version: 1.0.20)
IKEA Home Planner (Version: 2.0.1)
IL-2 Sturmovik Demo
Invoice Maker
IrfanView (remove only) (Version: 4.27)
iTunes (Version: 9.2.1.5)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 7 (Version: 1.6.0.70)
Kies mini (Version: 1.00.0000)
Lorex Client 2.2 (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Medal of Honor Pacific Assault™ Demo (Version: 1.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MobileMe Control Panel (Version: 3.1.1.0)
Move Media Player
Mozilla Firefox (3.0.19) (Version: 3.0.19 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Octoshape add-in for Adobe Flash Player
OJOsoft Total Video Converter (Version: 2.6.10.0724)
Pocket RAR documentation
Postal Plus Demo
QuickTime (Version: 7.66.73.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.33.17.8)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
ThemeMaker M (Version: 2.1.1)
Uninstall 1.0.0.1
Unity Web Player (Version: 2.6.1f3_31223)
WillWriter 2010 (Version: 1.00.0000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver
XV6900 User Manual (Version: 1.0)
Xvid 1.1.3 final uninstall (Version: 1.1)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3005.76 MB
Available physical RAM: 1686.32 MB
Total Pagefile: 6252.04 MB
Available Pagefile: 5023.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.07 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.05 GB) (Free:100.27 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.88 GB) NTFS
3 Drive e: (FUSHIGI) (CDROM) (Total:1.92 GB) (Free:0 GB) UDF
8 Drive s: (OS) (Network) (Total:288.05 GB) (Free:100.27 GB) NTFS

========================= Users: ========================================

User accounts for \\SANDI-PC

Administrator Guest Sandi

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini102711-01.dmp

**** End of log ****

#10 Sandals30

Sandals30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 23 January 2012 - 12:06 AM

I tried running the GMER three times before it would actually run. It kept giving me the blue screen of death until I unchecked Devices. It ran for HOURS and HOURS. Here is the log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-23 00:01:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000049 ST332062 rev.3.AD
Running: t08sv9nf.exe; Driver: C:\Users\Sandi\AppData\Local\Temp\pgloypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EA0B340, 0x28B977, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[284] kernel32.dll!SetUnhandledExceptionFilter 76C3A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!CreateWindowExW 76591305 5 Bytes JMP 6D75DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamW 765B10B0 5 Bytes JMP 6D685505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamW 765B2EF5 5 Bytes JMP 6D855397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamA 765C8152 5 Bytes JMP 6D855334 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamA 765C847D 5 Bytes JMP 6D8553FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectA 765DD4D9 5 Bytes JMP 6D8552C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectW 765DD5D3 5 Bytes JMP 6D85525E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxExA 765DD639 5 Bytes JMP 6D8551FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxExW 765DD65D 5 Bytes JMP 6D85519A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!SetWindowsHookExW 765887AD 5 Bytes JMP 6D759AD1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CallNextHookEx 76588E3B 5 Bytes JMP 6D74D13D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!UnhookWindowsHookEx 765898DB 5 Bytes JMP 6D6C46AE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!CreateWindowExW 76591305 5 Bytes JMP 6D75DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamW 765B10B0 5 Bytes JMP 6D685505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamW 765B2EF5 5 Bytes JMP 6D855397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxParamA 765C8152 5 Bytes JMP 6D855334 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!DialogBoxIndirectParamA 765C847D 5 Bytes JMP 6D8553FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectA 765DD4D9 5 Bytes JMP 6D8552C9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxIndirectW 765DD5D3 5 Bytes JMP 6D85525E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExA 765DD639 5 Bytes JMP 6D8551FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] USER32.dll!MessageBoxExW 765DD65D 5 Bytes JMP 6D85519A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!OleLoadFromStream 76AE1E80 5 Bytes JMP 6D8556FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4020] ole32.dll!CoCreateInstance 76B19F3E 5 Bytes JMP 6D75DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74557817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7455BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7454F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7454E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74588395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7455DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7454FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7454FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7457C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7454D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74546853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7454687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2932] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74552AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB35631$\1115539794 0 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\@ 2048 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\bckfg.tmp 849 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\cfg.ini 199 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\keywords 57 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\L 0 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\L\qnbwvoto 185856 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\U 0 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB35631$\1115539794\U\80000032.@ 77312 bytes
File C:\Windows\$NtUninstallKB35631$\1724049187 0 bytes

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:18 AM

Posted 23 January 2012 - 12:09 AM

You have more serious issues there.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Sandals30

Sandals30
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 23 January 2012 - 12:19 AM

I won't be able to get to any of this until tomorrow afternoon after I get off work.

Would it be easier for me to just reformat? I'm willing to do that. I believe I have everything I need backed up.

Do you think it was the Antivirus malware that screwed up my PC?

I'm sorry to take up so much of your time and I really appreciate your helping me.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:18 AM

Posted 23 January 2012 - 11:27 AM

Would it be easier for me to just reformat?

That would be totally up to you...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users