Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue AntiVirus - AntiVirus PC 2009


  • Please log in to reply
34 replies to this topic

#1 Rewster

Rewster

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 02:07 PM

Well, MBAM did a flash scan while I was gone for a minute and a Rogue AV popped up in the scan. Ever since last night my computer has been freezing completely, requiring a hard shutdown. This has happened five times so far.

I have beefed up my computer security since my last visit here, and I was hoping to not require coming back for help again.

Here is the MBAM log.



Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
home :: HOME-PC [administrator]

Protection: Enabled

1/28/2012 12:51:32 PM
mbam-log-2012-01-28 (12-51-32).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | File System
Objects scanned: 177055
Time elapsed: 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:35 AM

Posted 28 January 2012 - 02:16 PM

Hi Rewster,

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

:step3: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

In your next reply, please include:
  • MiniToolBox log
  • FSS log
  • Malwarebytes log
  • How's your computer running now? Please be as descriptive as possible. Are you doing anything specfic when your computer freezes, or does it seem random?

Edited by jntkwx, 28 January 2012 - 02:19 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 02:32 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by home (administrator) on 28-01-2012 at 13:21:08
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
??1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t




74.208.10.249 gs.apple.com


========================= IP Configuration: ================================

Hamachi Network Interface = Hamachi (Connected)
Linksys AE1000 = Wireless Network Connection 5 (Connected)
Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection 3" nexthop=5.0.0.1
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : home-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 5:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Linksys AE1000 #5
Physical Address. . . . . . . . . : 68-7F-74-F7-6E-0F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1514:46db:d368:aaaf%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 28, 2012 12:10:41 PM
Lease Expires . . . . . . . . . . : Sunday, January 29, 2012 12:10:40 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 409501556
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-5B-94-79-00-22-68-4D-1E-95
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-22-68-4D-1E-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-61-E9-28-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.67.3.204(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Saturday, January 28, 2012 12:10:37 PM
Lease Expires . . . . . . . . . . : Saturday, January 28, 2012 1:24:43 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{179FCE81-4884-43FD-B64C-4DCB369DD36D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com
Addresses: 209.85.229.103
209.85.229.105
209.85.229.104
209.85.229.147
209.85.229.99



Pinging google.com [209.85.229.103] with 32 bytes of data:

Reply from 209.85.229.103: bytes=32 time=144ms TTL=46

Reply from 209.85.229.103: bytes=32 time=144ms TTL=46



Ping statistics for 209.85.229.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 144ms, Maximum = 144ms, Average = 144ms

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=27ms TTL=54

Reply from 209.191.122.70: bytes=32 time=27ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 27ms, Average = 27ms

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
20 ...68 7f 74 f7 6e 0f ...... Linksys AE1000 #5
10 ...00 22 68 4d 1e 95 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
13 ...7a 79 61 e9 28 fa ...... Hamachi Network Interface
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{179FCE81-4884-43FD-B64C-4DCB369DD36D}
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.67.3.204 9256
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.70 30
5.0.0.0 255.0.0.0 On-link 5.67.3.204 9256
5.67.3.204 255.255.255.255 On-link 5.67.3.204 9256
5.255.255.255 255.255.255.255 On-link 5.67.3.204 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.70 286
192.168.1.70 255.255.255.255 On-link 192.168.1.70 286
192.168.1.255 255.255.255.255 On-link 192.168.1.70 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.67.3.204 9256
224.0.0.0 240.0.0.0 On-link 192.168.1.70 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.67.3.204 9256
255.255.255.255 255.255.255.255 On-link 192.168.1.70 286
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
20 286 fe80::/64 On-link
20 286 fe80::1514:46db:d368:aaaf/128
On-link
1 306 ff00::/8 On-link
20 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2012 00:45:32 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (01/28/2012 00:12:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2012 00:12:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2012 00:12:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2012 00:12:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2012 00:12:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2012 00:12:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2012 00:12:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/28/2012 00:11:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2012 00:11:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (01/28/2012 00:13:19 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1058

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Center Extender ServiceFunction Discovery Provider Host%%1058

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1058

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: USB RNDIS Adapter%%1058

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: Anchorfree HSS Adapter%%1058

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (01/28/2012 00:11:04 PM) (Source: Service Control Manager) (User: )
Description: Comodo EasyVPN Miniport Driver%%2

Error: (01/28/2012 00:10:36 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:08:12 PM on 1/28/2012 was unexpected.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.0.0)
AC Tool
AC3Filter 1.62b (Version: 1.62b)
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Advanced SystemCare 5 (Version: 5.1.0)
Agere Systems PCI-SV92PP Soft Modem
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AMD Fuel (Version: 2011.1109.2212.39826)
AMD VISION Engine Control Center (Version: 2011.1109.2212.39826)
Amnesia: The Dark Descent
Android SDK Tools (Version: 1.14)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Any Video Converter 3.3.2
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
ATI Catalyst Registration (Version: 3.00.0000)
AviSynth 2.5
Axife Mouse Recorder DEMO 5.01
Bigasoft iPod Video Converter 3.5.7.4300
BigFix (Version: 2.2.0.04)
Bing Bar Platform (Version: 5.0.1423.0)
Bonjour (Version: 3.0.0.10)
Call of Duty: Modern Warfare 2 - Multiplayer
CamStudio Lossless Codec v1.4
Camtasia Studio 7 (Version: 7.1.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826)
Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826)
ccc-utility64 (Version: 2011.1109.2212.39826)
CCC Help English (Version: 2011.1109.2211.39826)
CCleaner (Version: 3.12)
Comodo Dragon (Version: 15.0)
COMODO GeekBuddy (Version: 3.3.217083.59)
COMODO Internet Security (Version: 5.9.25057.2197)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink MediaShow (Version: 4.1.2019)
CyberLink Power2Go (Version: 6.0.2115)
D3DX10 (Version: 15.4.2368.0902)
Debut Video Capture Software
Device Doctor v2.1 (Version: 2.1)
DivX Setup (Version: 2.5.0.11)
Dwarfs!?
ESET Online Scanner v3
eToolKit
Explorer Suite III
Fable - The Lost Chapters
Fable III
Fraps (remove only)
Game Booster 3 (Version: 3.2)
Gateway Games (Version: 1.0.0.52)
Gateway Recovery Management (Version: 3.1.3003)
Google Chrome (Version: 17.0.963.44)
Google Update Helper (Version: 1.3.21.79)
Hacker Evolution
Hacker Evolution - Untold
HTC Driver Installer (Version: 3.0.0.007)
HyperCam 2 (Version: 2.25.01)
HyperCam 3 (Version: 3.3.1111.16)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 (64-bit) (Version: 7.0.0)
Java™ SE Development Kit 6 Update 14 (Version: 1.6.0.140)
Just Great Software EditPad Lite 7.0.7 (Version: 7.0.7)
KB0817 Keyboard Driver (Version: 1.30.0000)
Killing Floor
League of Legends (Version: 1.3)
LSI PCI-SV92PP Soft Modem (Version: 2.2.98)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Marvell Miniport Driver (Version: 10.63.5.3)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Games for Windows - LIVE (Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.687.0)
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Move Media Player
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nexus Mod Manager (Version: 0.13.1)
NVIDIA PhysX (Version: 9.10.0224)
OpenAL
Orcs Must Die!
Plants vs. Zombies: Game of the Year
Project64 1.6 (Version: 1.6)
Quake 4
Quicken 2009 (Version: 18.1.5.4)
QuickTime (Version: 7.69.80.9)
Quobi
Realtek High Definition Audio Driver (Version: 6.0.1.5628)
Realtek USB 2.0 Card Reader (Version: )
Revo Uninstaller 1.89 (Version: 1.89)
Roll
RuneScape Launcher 1.2 (Version: 1.2.0)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Segoe UI (Version: 15.4.2271.0615)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.5 (Version: 5.5.124)
Smart Copy 3.1.1.1 (Version: 3.1.1.1)
Smart Defrag 2 (Version: 2.2)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1136)
SwiftKit
swMSM (Version: 12.0.0.1)
Synergy (Version: 1.4.5)
Terraria
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Video2Webcam (Version: 3.2.9.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
World of Warcraft (Version: 4.3.0.15050)
Xvid Video Codec (Version: 1.3.1)
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader 3.5

========================= Devices: ================================

Name: ADS Instant HDTV PCI
Description: ADS Instant HDTV PCI
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ADS Technologies
Service: Ph3xIB64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3838.27 MB
Available physical RAM: 2407.33 MB
Total Pagefile: 7905.07 MB
Available Pagefile: 5348.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.4 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:348.16 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator Guest home
iphone Mcx1

========================= Minidump Files ==================================

No minidump file found

**** End of log ****






The freeze happens when I am moving a window on the screen very rarely. I will begin to drag the window, then all object on the screen except my mouse will freeze. I cannot put my mouse over the Taskbar, so I can tell from that the mouse is still trying to move the window, but I cannot do anything to fix it except for a hard shutdown.

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:35 AM

Posted 28 January 2012 - 02:38 PM

Rewster,

That's an odd description. It may be due to malware, or it might not be.

Please follow my previous instructions to run FSS and the Malwarebytes instructions. :)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 03:02 PM

Sorry, forgot to post the FFS log and didn't see the part about running MBAM. It is a weird problem, haven't run into it before last night, and then MBAM ran a scan while I was gone and detected this Rogue AV.

I will restart the computer after posting this to remove what MBAM found.

Farbar Service Scanner Version: 18-01-2012 01
Ran by home (administrator) on 28-01-2012 at 13:24:08
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 20:49] - [2008-01-20 20:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\SysWOW64\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-11-13 09:31] - [2011-09-20 15:06] - 1423744 ____A (Microsoft Corporation) 73BED5067ED53A9DF05FA8EAB42578D0

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 15:05] - [2011-03-02 10:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-10-21 11:09] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-10-21 11:08] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 20:47] - [2008-01-20 20:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-10-21 11:09] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-10-21 11:08] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-10-21 11:08] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2009-11-04 07:26] - [2009-08-06 20:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2009-10-21 11:09] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-10-21 11:09] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2009-10-21 11:08] - [2009-04-11 01:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-10-21 11:09] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****



Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
home :: HOME-PC [administrator]

Protection: Enabled

1/28/2012 1:43:26 PM
mbam-log-2012-01-28 (13-43-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 219019
Time elapsed: 12 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.
c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)

Edited by Rewster, 28 January 2012 - 03:03 PM.


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:35 AM

Posted 28 January 2012 - 03:29 PM

Rewster,


Please download SystemLook from HERE
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    tcpip.sys
    antivirus*
    avpc*
    
    :folderfind
    antivirus*
    avpc*
    
    :dir
    %UserProfile% /n*.exe
    %UserProfile%\My Documents /n*.exe
    C:\Windows /n*.exe /t7
    C:\Windows\system32 /n*.exe /t7
    
    :reg 
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 03:40 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 14:29 on 28/01/2012 by home
Administrator - Elevation successful

========== filefind ==========

Searching for "tcpip.sys"
C:\Windows\System32\drivers\tcpip.sys --a---- 1423744 bytes [15:31 13/11/2011] [21:06 20/09/2011] 73BED5067ED53A9DF05FA8EAB42578D0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys --a---- 1421368 bytes [02:51 21/01/2008] [02:51 21/01/2008] 7A1183FBB802F5ABAD7FA18BC67E0858
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys --a---- 1421368 bytes [20:52 03/11/2008] [08:55 26/04/2008] 8E041924441FF8755E5B4F135C8C3767
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys --a---- 1418840 bytes [13:16 09/09/2009] [18:05 14/08/2009] 3BCD46BE9988B09D3510A0EF54F0D65B
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_0ef8061a1ef61e99\tcpip.sys --a---- 1418840 bytes [22:02 09/02/2010] [20:59 08/12/2009] 8C94F5E4F9DE14A495BAA86F643CF31D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_0f2e179c1ecd900b\tcpip.sys --a---- 1420688 bytes [06:49 14/04/2010] [15:01 18/02/2010] 30C4ABC8075DEA44D7E775D434AF1753
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_0ede67001f09ee46\tcpip.sys --a---- 1420176 bytes [05:38 11/08/2010] [16:40 16/06/2010] 7D86275FB640011B372FD566C0EAFA8D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_0f8c6d1f380baafd\tcpip.sys --a---- 1421368 bytes [20:52 03/11/2008] [08:47 26/04/2008] F10A60005FB50698E33A1940C6EBB010
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys --a---- 1413208 bytes [13:16 09/09/2009] [16:42 14/08/2009] 74B776CA1B328095FE23A3306B1613A3
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_0f81a4cb3813bb8a\tcpip.sys --a---- 1411656 bytes [22:02 09/02/2010] [21:13 08/12/2009] D1A6D398865E0686533E13DD2558D64B
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys --a---- 1414032 bytes [06:49 14/04/2010] [15:04 18/02/2010] 4680D08A2E8A2509CD9B751D7AF59606
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys --a---- 1414024 bytes [02:35 09/02/2011] [17:13 05/04/2010] 8E7CD6BA2F09B46CE72D308F166C0B12
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys --a---- 1414544 bytes [05:39 11/08/2010] [23:28 16/06/2010] D43D5336BE9DD93E02EE124297295713
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_112826e21be57d78\tcpip.sys --a---- 1426408 bytes [17:09 21/10/2009] [07:15 11/04/2009] 99D07AD0EF2C535610F6573C29BC045E
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_10c2d66e1c321395\tcpip.sys --a---- 1425992 bytes [13:16 09/09/2009] [16:39 14/08/2009] A7BFF59C2F610F62E6C292074FF36A1E
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_10e247ce1c1aa392\tcpip.sys --a---- 1425480 bytes [22:02 09/02/2010] [20:22 08/12/2009] E52F99B1160A1A1DE83223379D2C1828
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys --a---- 1427336 bytes [06:49 14/04/2010] [14:28 18/02/2010] B4B7B375FDD672AF79B0CBE9B9A48B47
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_10d97a5c1c20ef58\tcpip.sys --a---- 1426816 bytes [05:39 11/08/2010] [17:11 16/06/2010] 973658A2EA9C06B2976884B9046DFC6C
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_10d0aed01c273845\tcpip.sys --a---- 1427344 bytes [03:33 11/08/2011] [20:14 17/06/2011] 4DAD14118FBCF7C609F2A4CE21FBCC5F
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_1121619c1be9f088\tcpip.sys --a---- 1426304 bytes [15:31 13/11/2011] [21:06 20/09/2011] 2CC45D932BD193CD4117321D469AD6B2
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_11acc42135079bb6\tcpip.sys --a---- 1424952 bytes [13:16 09/09/2009] [16:32 14/08/2009] D45D67A18C9FD4CC637BC9D4585C0646
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_1159459f3545c743\tcpip.sys --a---- 1423944 bytes [22:02 09/02/2010] [20:04 08/12/2009] EE84432AD7DCADE2931528C319C55097
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_118286a1352721f8\tcpip.sys --a---- 1423752 bytes [06:49 14/04/2010] [14:22 18/02/2010] 4AD4600DF1F09EE7462152C061B683C8
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_11681899353a0dd5\tcpip.sys --a---- 1423752 bytes [02:35 09/02/2011] [08:35 06/04/2010] 150C1A66A7094F84560519261A309BC6
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_119c298735134c99\tcpip.sys --a---- 1424264 bytes [05:39 11/08/2010] [17:14 16/06/2010] 0011810B5211FDACD784DE585262ECFE
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_116decc535366aa6\tcpip.sys --a---- 1424272 bytes [03:33 11/08/2011] [20:14 17/06/2011] 19A7321E3A5F1DDB215D2815DCC8F8E4
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys --a---- 1423744 bytes [15:31 13/11/2011] [21:06 20/09/2011] 73BED5067ED53A9DF05FA8EAB42578D0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_bbc5fabc4a894d2a\tcpip.sys --a---- 1200640 bytes [13:16 09/09/2009] [14:44 14/08/2009] 34B30202AECCB530FDDC6C6CCFA2FB46
C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_bb7549d64ac6920e\tcpip.sys --a---- 1199616 bytes [22:02 09/02/2010] [18:22 08/12/2009] 2F822AF5E70467F827F5B4010A7FD57F
C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_bba931004aa006ed\tcpip.sys --a---- 1200640 bytes [06:49 14/04/2010] [12:25 18/02/2010] 396CF3FD8D2A4FDF55570C01894DB9DF
C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_bc4f6fa963a72036\tcpip.sys --a---- 1196032 bytes [13:16 09/09/2009] [22:55 15/08/2009] D4E30E6BADFF21865C3A075457CF9C00
C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_bc00bf5763e297c8\tcpip.sys --a---- 1196032 bytes [22:02 09/02/2010] [18:21 08/12/2009] BB6FB43B431CCAD6FC367648C87205C0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_bc37d12363b92291\tcpip.sys --a---- 1198080 bytes [06:49 14/04/2010] [12:27 18/02/2010] 7B0B928E318CADC23C87226BE0A1097D

Searching for "antivirus*"
No files found.

Searching for "avpc*"
No files found.

========== folderfind ==========

Searching for "antivirus*"
No folders found.

Searching for "avpc*"
No folders found.

========== dir ==========

C:\Users\home - Parameters: "/n*.exe"

---Files---
None found.

---Folders---
.shsh d------ [17:21 19/12/2011]
.ssrb3 d------ [02:28 06/10/2011]
AppData d--h--- [16:51 31/05/2009]
Application Data d--hs-- [16:51 31/05/2009]
Contacts dr----- [16:53 31/05/2009]
Cookies d--hs-- [16:51 31/05/2009]
Desktop dr----- [16:51 31/05/2009]
Documents dr----- [16:51 31/05/2009]
Downloads dr----- [16:51 31/05/2009]
Dropbox dr----- [23:10 31/10/2011]
Favorites dr----- [16:51 31/05/2009]
Links dr----- [16:51 31/05/2009]
Local Settings d--hs-- [16:51 31/05/2009]
Music dr----- [16:51 31/05/2009]
My Documents d--hs-- [16:51 31/05/2009]
NetHood d--hs-- [16:51 31/05/2009]
Pictures dr----- [16:51 31/05/2009]
PrintHood d--hs-- [16:51 31/05/2009]
Recent d--hs-- [16:51 31/05/2009]
Saved Games dr----- [16:51 31/05/2009]
Searches dr----- [16:54 31/05/2009]
SendTo d--hs-- [16:51 31/05/2009]
Start Menu d--hs-- [16:51 31/05/2009]
Templates d--hs-- [16:51 31/05/2009]
Videos dr----- [16:51 31/05/2009]

C:\Users\home\My Documents - Parameters: "/n*.exe"

---Files---
None found.

---Folders---
None found.

C:\Windows - Parameters: "/n*.exe /t7"

---Files---
_MSRSTRT.EXE --a---- 2560 bytes [01:24 27/01/2012] [01:24 27/01/2012]

---Folders---
.file_store_32 d------ [17:03 26/03/2011]
.jagex_cache_32 d------ [18:45 14/08/2010]
.mpr_file_store_32 d------ [01:10 30/07/2009]
.soulsplit d------ [20:05 03/12/2011]
AppPatch d------ [13:33 02/11/2006]
assembly dr--s-- [13:33 02/11/2006]
Boot d------ [13:33 02/11/2006]
Branding d------ [13:33 02/11/2006]
Cursors d------ [13:33 02/11/2006]
Debug d------ [20:26 03/11/2008]
DigitalLocker d------ [15:07 02/11/2006]
Downloaded Program Files d---s-- [13:33 02/11/2006]
ehome d------ [15:07 02/11/2006]
en d------ [23:47 18/07/2011]
en-US d------ [15:15 02/11/2006]
Fonts dr--s-- [13:33 02/11/2006]
Globalization d------ [13:33 02/11/2006]
Help d------ [13:33 02/11/2006]
IME d------ [13:33 02/11/2006]
inf d------ [13:33 02/11/2006]
Installer d--hs-- [20:26 03/11/2008]
L2Schemas d------ [13:33 02/11/2006]
LiveKernelReports d------ [13:33 02/11/2006]
Logs d------ [13:33 02/11/2006]
Media dr--s-- [13:33 02/11/2006]
Microsoft.NET d------ [13:33 02/11/2006]
Minidump d------ [22:12 25/06/2011]
ModemLogs d------ [13:33 02/11/2006]
MSAgent d------ [13:33 02/11/2006]
MSAgent64 d------ [13:33 02/11/2006]
msdownld.tmp d--h--- [03:12 27/02/2011]
nap d------ [13:33 02/11/2006]
Offline Web Pages dr----- [13:33 02/11/2006]
Panther d------ [01:49 12/07/2007]
PCHEALTH d------ [21:23 03/11/2008]
Performance d------ [15:07 02/11/2006]
PLA d------ [13:33 02/11/2006]
PolicyDefinitions d------ [13:33 02/11/2006]
Prefetch d------ [20:22 03/11/2008]
Provisioning d------ [13:33 02/11/2006]
pss d------ [03:53 25/06/2011]
registration d------ [13:33 02/11/2006]
rescache d------ [13:33 02/11/2006]
Resources d------ [13:33 02/11/2006]
SchCache d------ [13:33 02/11/2006]
schemas d------ [13:33 02/11/2006]
security d------ [13:33 02/11/2006]
ServiceProfiles d------ [15:22 02/11/2006]
servicing d------ [13:33 02/11/2006]
Setup d------ [15:22 02/11/2006]
ShellNew d------ [15:07 02/11/2006]
SoftwareDistribution d------ [07:24 25/03/2009]
Speech d------ [13:33 02/11/2006]
Sun d------ [16:42 18/07/2009]
system d------ [13:33 02/11/2006]
System32 d------ [01:51 12/07/2007]
SysWOW64 d------ [13:34 02/11/2006]
tapi d------ [13:34 02/11/2006]
Tasks d------ [13:34 02/11/2006]
Temp d------ [13:34 02/11/2006]
tracing d------ [13:34 02/11/2006]
twain_32 d------ [15:07 02/11/2006]
Web d------ [13:34 02/11/2006]
WindowsMobile d------ [15:15 02/11/2006]
winsxs d------ [13:34 02/11/2006]

C:\Windows\system32 - Parameters: "/n*.exe /t7"

---Files---
RegistryDefragBootTime.exe --a---- 23896 bytes [01:18 21/01/2012] [23:02 30/12/2011]

---Folders---
0409 d------ [15:15 02/11/2006]
AdvancedInstallers d------ [13:33 02/11/2006]
ar-SA d------ [13:33 02/11/2006]
bg-BG d------ [13:33 02/11/2006]
Boot d------ [13:33 02/11/2006]
Branding d------ [15:15 02/11/2006]
ca-ES d------ [15:30 21/08/2010]
catroot d------ [13:33 02/11/2006]
catroot2 d------ [13:33 02/11/2006]
CodeIntegrity d------ [13:33 02/11/2006]
com d------ [13:33 02/11/2006]
config d------ [13:33 02/11/2006]
cs-CZ d------ [13:33 02/11/2006]
da-DK d------ [13:33 02/11/2006]
de-DE d------ [13:33 02/11/2006]
drivers d------ [13:33 02/11/2006]
DriverStore d------ [13:33 02/11/2006]
DRVSTORE d----c- [04:29 02/02/2010]
el-GR d------ [13:34 02/11/2006]
en d------ [15:15 02/11/2006]
en-US d------ [13:34 02/11/2006]
es-ES d------ [13:34 02/11/2006]
et-EE d------ [13:34 02/11/2006]
eu-ES d------ [15:30 21/08/2010]
EventProviders d------ [15:03 21/08/2010]
fi-FI d------ [13:34 02/11/2006]
fr-FR d------ [13:34 02/11/2006]
GroupPolicy d--h--- [13:34 02/11/2006]
GroupPolicyUsers d------ [13:34 02/11/2006]
he-IL d------ [13:34 02/11/2006]
hr-HR d------ [13:34 02/11/2006]
hu-HU d------ [13:34 02/11/2006]
ias d------ [13:34 02/11/2006]
icsxml d------ [13:34 02/11/2006]
IME d------ [13:34 02/11/2006]
inetsrv d------ [13:34 02/11/2006]
it-IT d------ [13:34 02/11/2006]
ja-JP d------ [13:34 02/11/2006]
ko-KR d------ [13:34 02/11/2006]
licensing d------ [13:34 02/11/2006]
LogFiles d------ [13:34 02/11/2006]
lt-LT d------ [13:34 02/11/2006]
lv-LV d------ [13:34 02/11/2006]
manifeststore d------ [13:34 02/11/2006]
Microsoft d---s-- [15:21 02/11/2006]
migration d------ [13:34 02/11/2006]
migwiz d------ [13:34 02/11/2006]
Msdtc d------ [13:34 02/11/2006]
MUI d------ [13:34 02/11/2006]
nb-NO d------ [13:34 02/11/2006]
NDF d------ [13:34 02/11/2006]
networklist d------ [13:34 02/11/2006]
nl-NL d------ [13:34 02/11/2006]
OEM d------ [01:51 12/07/2007]
oobe d------ [13:34 02/11/2006]
pl-PL d------ [13:34 02/11/2006]
Printing_Admin_Scripts d------ [15:15 02/11/2006]
pt-BR d------ [13:34 02/11/2006]
pt-PT d------ [13:34 02/11/2006]
ras d------ [13:34 02/11/2006]
RemInst d------ [13:34 02/11/2006]
restore d------ [15:07 02/11/2006]
ro-RO d------ [13:34 02/11/2006]
ru-RU d------ [13:34 02/11/2006]
setup d------ [13:34 02/11/2006]
sk-SK d------ [13:34 02/11/2006]
sl-SI d------ [13:34 02/11/2006]
slmgr d------ [15:15 02/11/2006]
SLUI d------ [13:34 02/11/2006]
SMI d------ [13:34 02/11/2006]
Speech d------ [13:34 02/11/2006]
spool d------ [13:34 02/11/2006]
sr-Latn-CS d------ [13:34 02/11/2006]
sv-SE d------ [13:34 02/11/2006]
sysprep d------ [13:34 02/11/2006]
Tasks d------ [13:34 02/11/2006]
th-TH d------ [13:34 02/11/2006]
tr-TR d------ [13:34 02/11/2006]
uk-UA d------ [13:34 02/11/2006]
vi-VN d------ [15:30 21/08/2010]
wbem d------ [13:34 02/11/2006]
WCN d------ [15:15 02/11/2006]
WDI d------ [13:34 02/11/2006]
wfp d------ [13:34 02/11/2006]
WindowsPowerShell d------ [22:14 30/08/2010]
winevt d------ [13:34 02/11/2006]
winrm d------ [15:15 02/11/2006]
zh-CN d------ [13:34 02/11/2006]
zh-HK d------ [13:34 02/11/2006]
zh-TW d------ [13:34 02/11/2006]

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=""C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h"


-= EOF =-

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:35 AM

Posted 28 January 2012 - 03:50 PM

Rewster,

:step1: Use the System File Checker tool (SFC.exe) to determine which file is causing the issue, and then replace the file. To do this, follow these steps:
  • Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
    sfc /scannow
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

If it says that files cannot be repaired, please let me know.

:step2: Let's upload a file for a second opinion on what it actually is.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Virustotal: http://www.virustotal.com/

When the Virustotal page has finished loading, click the Choose File button and navigate to the following file and click Send File.

C:\Windows\_MSRSTRT.EXE

If prompted to reanalyze a file, please do so.

Please post back the website addresses (URLs) of the Virustotal result in your next post.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 03:54 PM

Running the SFC right now. My computer froze up once again, and had to hard shutdown after waiting for it to fix itself. All of these have happened while youtube was open and videos were running, forgot to add that part into my previous post. But, this time I wasn't moving a window like the other times.




https://www.virustotal.com/file/166e8fe44186f356e162ceac313100d0992b70d3a6a029906c2242afc8691c85/analysis/1327784186/

Edited by Rewster, 28 January 2012 - 03:58 PM.


#10 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 04:18 PM

The Verification process got to 64%, until it got a line saying "Windows Resource protection could not perform the requested operation."

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:35 AM

Posted 28 January 2012 - 05:53 PM

Open a elevated command prompt (like you did previously).

In the elevated command prompt, type findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt and press Enter.

Close the elevated command prompt.

Please attach the sfcdetails.txt file that was just placed on your desktop to your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 06:02 PM

2012-01-28 14:52:06, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:06, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:09, Info CSI 00000009 [SR] Verify complete
2012-01-28 14:52:10, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:10, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:12, Info CSI 0000000d [SR] Verify complete
2012-01-28 14:52:12, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:12, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:15, Info CSI 00000011 [SR] Verify complete
2012-01-28 14:52:15, Info CSI 00000012 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:15, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:18, Info CSI 00000015 [SR] Verify complete
2012-01-28 14:52:19, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:19, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:21, Info CSI 00000019 [SR] Verify complete
2012-01-28 14:52:22, Info CSI 0000001a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:22, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:24, Info CSI 0000001d [SR] Verify complete
2012-01-28 14:52:25, Info CSI 0000001e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:25, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:27, Info CSI 00000021 [SR] Verify complete
2012-01-28 14:52:27, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:27, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:29, Info CSI 00000025 [SR] Verify complete
2012-01-28 14:52:30, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:30, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:32, Info CSI 00000029 [SR] Verify complete
2012-01-28 14:52:32, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:32, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:35, Info CSI 0000002d [SR] Verify complete
2012-01-28 14:52:35, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:35, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:37, Info CSI 00000031 [SR] Verify complete
2012-01-28 14:52:38, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:38, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:40, Info CSI 00000035 [SR] Verify complete
2012-01-28 14:52:40, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:40, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:42, Info CSI 00000039 [SR] Verify complete
2012-01-28 14:52:42, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:42, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:44, Info CSI 0000003d [SR] Verify complete
2012-01-28 14:52:45, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:45, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:47, Info CSI 00000041 [SR] Verify complete
2012-01-28 14:52:47, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:47, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:49, Info CSI 00000045 [SR] Verify complete
2012-01-28 14:52:49, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:49, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:51, Info CSI 00000049 [SR] Verify complete
2012-01-28 14:52:52, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:52, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:53, Info CSI 0000004d [SR] Verify complete
2012-01-28 14:52:54, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:54, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:56, Info CSI 00000051 [SR] Verify complete
2012-01-28 14:52:56, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:56, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-01-28 14:52:58, Info CSI 00000055 [SR] Verify complete
2012-01-28 14:52:58, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:52:58, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:00, Info CSI 00000059 [SR] Verify complete
2012-01-28 14:53:01, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:01, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:05, Info CSI 0000005d [SR] Verify complete
2012-01-28 14:53:06, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:06, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:08, Info CSI 00000061 [SR] Verify complete
2012-01-28 14:53:08, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:08, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:11, Info CSI 00000065 [SR] Verify complete
2012-01-28 14:53:12, Info CSI 00000066 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:12, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:14, Info CSI 00000069 [SR] Verify complete
2012-01-28 14:53:14, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:14, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:17, Info CSI 0000006d [SR] Verify complete
2012-01-28 14:53:18, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:18, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:20, Info CSI 00000071 [SR] Verify complete
2012-01-28 14:53:20, Info CSI 00000072 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:20, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:23, Info CSI 00000075 [SR] Verify complete
2012-01-28 14:53:23, Info CSI 00000076 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:23, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:26, Info CSI 00000079 [SR] Verify complete
2012-01-28 14:53:27, Info CSI 0000007a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:27, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:29, Info CSI 0000007d [SR] Verify complete
2012-01-28 14:53:29, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:29, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:31, Info CSI 00000081 [SR] Verify complete
2012-01-28 14:53:31, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:31, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:33, Info CSI 00000085 [SR] Verify complete
2012-01-28 14:53:33, Info CSI 00000086 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:33, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:37, Info CSI 00000089 [SR] Verify complete
2012-01-28 14:53:37, Info CSI 0000008a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:37, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:43, Info CSI 0000008d [SR] Verify complete
2012-01-28 14:53:44, Info CSI 0000008e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:44, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2012-01-28 14:53:48, Info CSI 00000093 [SR] Verify complete
2012-01-28 14:53:48, Info CSI 00000094 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:53:48, Info CSI 00000095 [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:01, Info CSI 00000098 [SR] Verify complete
2012-01-28 14:54:02, Info CSI 00000099 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:02, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:07, Info CSI 0000009e [SR] Verify complete
2012-01-28 14:54:07, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:07, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:13, Info CSI 000000a2 [SR] Verify complete
2012-01-28 14:54:13, Info CSI 000000a3 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:13, Info CSI 000000a4 [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:24, Info CSI 000000c6 [SR] Verify complete
2012-01-28 14:54:24, Info CSI 000000c7 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:24, Info CSI 000000c8 [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:34, Info CSI 000000cd [SR] Verify complete
2012-01-28 14:54:34, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:34, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:41, Info CSI 000000d1 [SR] Verify complete
2012-01-28 14:54:41, Info CSI 000000d2 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:41, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:47, Info CSI 000000d5 [SR] Verify complete
2012-01-28 14:54:47, Info CSI 000000d6 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:47, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2012-01-28 14:54:56, Info CSI 000000d9 [SR] Verify complete
2012-01-28 14:54:56, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:54:56, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2012-01-28 14:55:05, Info CSI 000000df [SR] Verify complete
2012-01-28 14:55:06, Info CSI 000000e0 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:55:06, Info CSI 000000e1 [SR] Beginning Verify and Repair transaction
2012-01-28 14:55:16, Info CSI 000000f7 [SR] Verify complete
2012-01-28 14:55:16, Info CSI 000000f8 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:55:16, Info CSI 000000f9 [SR] Beginning Verify and Repair transaction
2012-01-28 14:55:40, Info CSI 000000fb [SR] Verify complete
2012-01-28 14:55:40, Info CSI 000000fc [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:55:40, Info CSI 000000fd [SR] Beginning Verify and Repair transaction
2012-01-28 14:55:53, Info CSI 000000ff [SR] Verify complete
2012-01-28 14:55:54, Info CSI 00000100 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:55:54, Info CSI 00000101 [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:01, Info CSI 00000103 [SR] Verify complete
2012-01-28 14:56:01, Info CSI 00000104 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:01, Info CSI 00000105 [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:09, Info CSI 00000107 [SR] Verify complete
2012-01-28 14:56:09, Info CSI 00000108 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:09, Info CSI 00000109 [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:17, Info CSI 0000010c [SR] Verify complete
2012-01-28 14:56:18, Info CSI 0000010d [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:18, Info CSI 0000010e [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:33, Info CSI 00000120 [SR] Verify complete
2012-01-28 14:56:34, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:34, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:35, Info CSI 00000124 [SR] Verify complete
2012-01-28 14:56:35, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:35, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:39, Info CSI 00000128 [SR] Verify complete
2012-01-28 14:56:40, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:40, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:44, Info CSI 0000012c [SR] Verify complete
2012-01-28 14:56:45, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:45, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2012-01-28 14:56:55, Info CSI 00000131 [SR] Verify complete
2012-01-28 14:56:55, Info CSI 00000132 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:56:55, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2012-01-28 14:57:04, Info CSI 00000135 [SR] Verify complete
2012-01-28 14:57:04, Info CSI 00000136 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:57:04, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2012-01-28 14:57:07, Info CSI 00000139 [SR] Verify complete
2012-01-28 14:57:08, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:57:08, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2012-01-28 14:57:20, Info CSI 0000013d [SR] Verify complete
2012-01-28 14:57:20, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:57:20, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2012-01-28 14:57:27, Info CSI 00000141 [SR] Verify complete
2012-01-28 14:57:27, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:57:27, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2012-01-28 14:57:40, Info CSI 00000146 [SR] Verify complete
2012-01-28 14:57:40, Info CSI 00000147 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:57:40, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2012-01-28 14:57:54, Info CSI 0000015f [SR] Verify complete
2012-01-28 14:57:54, Info CSI 00000160 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:57:54, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2012-01-28 14:58:05, Info CSI 00000163 [SR] Verify complete
2012-01-28 14:58:05, Info CSI 00000164 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:58:05, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2012-01-28 14:58:31, Info CSI 00000167 [SR] Verify complete
2012-01-28 14:58:32, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:58:32, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2012-01-28 14:58:48, Info CSI 0000016b [SR] Verify complete
2012-01-28 14:58:48, Info CSI 0000016c [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:58:48, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2012-01-28 14:59:00, Info CSI 0000016f [SR] Verify complete
2012-01-28 14:59:00, Info CSI 00000170 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:59:00, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2012-01-28 14:59:07, Info CSI 00000173 [SR] Verify complete
2012-01-28 14:59:07, Info CSI 00000174 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:59:07, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2012-01-28 14:59:12, Info CSI 00000177 [SR] Verify complete
2012-01-28 14:59:13, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:59:13, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2012-01-28 14:59:24, Info CSI 0000017d [SR] Verify complete
2012-01-28 14:59:25, Info CSI 0000017e [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 14:59:25, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2012-01-28 14:59:59, Info CSI 00000181 [SR] Verify complete
2012-01-28 15:00:00, Info CSI 00000182 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:00:00, Info CSI 00000183 [SR] Beginning Verify and Repair transaction
2012-01-28 15:00:10, Info CSI 00000185 [SR] Verify complete
2012-01-28 15:00:10, Info CSI 00000186 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:00:10, Info CSI 00000187 [SR] Beginning Verify and Repair transaction
2012-01-28 15:00:21, Info CSI 00000189 [SR] Verify complete
2012-01-28 15:00:22, Info CSI 0000018a [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:00:22, Info CSI 0000018b [SR] Beginning Verify and Repair transaction
2012-01-28 15:00:28, Info CSI 0000018d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-01-28 15:00:34, Info CSI 0000018f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-01-28 15:00:34, Info CSI 00000190 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2012-01-28 15:00:36, Info CSI 00000192 [SR] Verify complete
2012-01-28 15:00:37, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:00:37, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2012-01-28 15:00:45, Info CSI 00000196 [SR] Verify complete
2012-01-28 15:00:45, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:00:45, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2012-01-28 15:00:57, Info CSI 0000019a [SR] Verify complete
2012-01-28 15:00:58, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:00:58, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2012-01-28 15:01:14, Info CSI 0000019f [SR] Verify complete
2012-01-28 15:01:14, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:01:14, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2012-01-28 15:01:21, Info CSI 000001a3 [SR] Verify complete
2012-01-28 15:01:21, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:01:21, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2012-01-28 15:01:30, Info CSI 000001a8 [SR] Verify complete
2012-01-28 15:01:31, Info CSI 000001a9 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:01:31, Info CSI 000001aa [SR] Beginning Verify and Repair transaction
2012-01-28 15:01:39, Info CSI 000001ac [SR] Verify complete
2012-01-28 15:01:40, Info CSI 000001ad [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:01:40, Info CSI 000001ae [SR] Beginning Verify and Repair transaction
2012-01-28 15:01:51, Info CSI 000001b4 [SR] Verify complete
2012-01-28 15:01:51, Info CSI 000001b5 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:01:51, Info CSI 000001b6 [SR] Beginning Verify and Repair transaction
2012-01-28 15:02:02, Info CSI 000001b8 [SR] Verify complete
2012-01-28 15:02:02, Info CSI 000001b9 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:02:02, Info CSI 000001ba [SR] Beginning Verify and Repair transaction
2012-01-28 15:02:16, Info CSI 000001bc [SR] Verify complete
2012-01-28 15:02:17, Info CSI 000001bd [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:02:17, Info CSI 000001be [SR] Beginning Verify and Repair transaction
2012-01-28 15:02:19, Info CSI 000001c0 [SR] Verify complete
2012-01-28 15:02:20, Info CSI 000001c1 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:02:20, Info CSI 000001c2 [SR] Beginning Verify and Repair transaction
2012-01-28 15:02:27, Info CSI 000001c4 [SR] Verify complete
2012-01-28 15:02:28, Info CSI 000001c5 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:02:28, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2012-01-28 15:02:38, Info CSI 000001c8 [SR] Verify complete
2012-01-28 15:02:39, Info CSI 000001c9 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:02:39, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2012-01-28 15:02:52, Info CSI 000001cc [SR] Verify complete
2012-01-28 15:02:52, Info CSI 000001cd [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:02:52, Info CSI 000001ce [SR] Beginning Verify and Repair transaction
2012-01-28 15:02:59, Info CSI 000001d0 [SR] Verify complete
2012-01-28 15:03:00, Info CSI 000001d1 [SR] Verifying 100 (0x0000000000000064) components
2012-01-28 15:03:00, Info CSI 000001d2 [SR] Beginning Verify and Repair transaction

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:35 AM

Posted 28 January 2012 - 10:24 PM

Rewster,

Unfortunately, that really didn't help in troubleshooting, as the only error apparent can safely be ignored. I don't think we're dealing with malware here, even though Malwarebytes found 2 items.

Were you watching a Youtube video in Chrome, Firefox or Internet Explorer?

Also, try running a disk check and see if your symptoms continue:

  • Open an elevated command prompt (as before).
  • Type in: chkdsk /r and press the enter key
  • When prompted to run the chkdsk at startup, type Y and press the enter key.
  • Reboot your computer and allow the check disk to run. It may take some time. Please be patient.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 28 January 2012 - 11:30 PM

I was using Chrome. I thought chrome might have been the issue, so I decided to try and use Firefox. Computer froze seconds after opening Firefox.

----WAIT. I think I might know what is causing this. I used a tool within Advanced SystemCare PRO by Iobit called "Internet Booster", which was supposed to optimize the browsers for performance by changing startup settings and such for the browser(s). I think i did this last night, an hour or two before the crashes and freezes started.

Do you think I should uninstall and reinstall the browsers to get rid of the changes made by Advanced SystemCare PRO?

Edited by Rewster, 28 January 2012 - 11:36 PM.


#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:35 AM

Posted 28 January 2012 - 11:44 PM

You could try that. Or you might be able to change the settings back inside Advance Systemcare Pro.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users