Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Winrscmde problem

  • Please log in to reply
1 reply to this topic

#1 johnny_2007


  • Members
  • 1 posts
  • Local time:04:22 AM

Posted 26 March 2012 - 03:25 PM

Hey narenxp,

I too have "Winrscmde has stoppped working". I'm running a 64 bit version of Vista Home Premium.

I followed the first part of your advice above by running aswMBR and here is my log. Not sure whether to click Fix MBR or not, before taking your further steps (MBAM, ESET, mini toolbox) so would appreciate your advice before doing anything.


aswMBR version Copyright© 2011 AVAST Software
Run date: 2012-03-26 20:41:12
20:41:12.676 OS Version: Windows x64 6.0.6002 Service Pack 2
20:41:12.676 Number of processors: 2 586 0xF06
20:41:12.677 ComputerName: JOHNNY-PC UserName: Johnny
20:41:14.789 Initialize success
20:42:03.705 AVAST engine defs: 12032601
20:43:06.357 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:43:06.358 Disk 0 Vendor: WDC_WD5000AAKS-00TMA0 12.01C01 Size: 476940MB BusType: 3
20:43:06.391 Disk 0 MBR read successfully
20:43:06.393 Disk 0 MBR scan
20:43:06.399 Disk 0 Windows VISTA default MBR code
20:43:06.414 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120000 MB offset 2048
20:43:06.457 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 45597 MB offset 245762048
20:43:06.470 Disk 0 Partition - 00 0F Extended LBA 34402 MB offset 339146752
20:43:06.487 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 276938 MB offset 409602048
20:43:06.538 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 34401 MB offset 339148800
20:43:06.595 Disk 0 scanning C:\Windows\system32\drivers
20:43:32.353 Service scanning
20:44:26.889 Modules scanning
20:44:27.231 Disk 0 trace - called modules:
20:44:27.259 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
20:44:27.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005a0b790]
20:44:27.268 3 CLASSPNP.SYS[fffffa6000dc9c33] -> nt!IofCallDriver -> [0xfffffa800489b720]
20:44:27.273 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800489d060]
20:44:29.010 AVAST engine scan C:\Windows
20:44:38.613 AVAST engine scan C:\Windows\system32
20:49:57.523 AVAST engine scan C:\Windows\system32\drivers
20:50:18.312 AVAST engine scan C:\Users\Johnny
20:50:45.565 File: C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:52:08.741 File: C:\Users\Johnny\AppData\Local\Wuala\Program0\lib.379\jcbfs3.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:52:09.512 File: C:\Users\Johnny\AppData\Local\Wuala\Program0\lib.379\orangevolt-4n-1.1.2.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:52:10.124 File: C:\Users\Johnny\AppData\Local\Wuala\Program0\lib.379\swt-gdip-win32-3738.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:52:10.818 File: C:\Users\Johnny\AppData\Local\Wuala\Program0\lib.379\swt-win32-3738.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:52:22.551 File: C:\Users\Johnny\AppData\LocalLow\Sun\Java\jre1.6.0_24\lzma.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:54:28.443 File: C:\Users\Johnny\AppData\Roaming\NCH Software\Components\mac\mac.exe **INFECTED** Win32:Ramnit-AC [Drp]
20:54:37.134 File: C:\Users\Johnny\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:54:37.788 File: C:\Users\Johnny\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:54:38.456 File: C:\Users\Johnny\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:54:39.121 File: C:\Users\Johnny\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll **INFECTED** Win32:Ramnit-AC [Drp]
20:58:52.563 AVAST engine scan C:\ProgramData
21:03:24.119 File: C:\ProgramData\Microsoft\Windows\DRM\E598.tmp **INFECTED** Win32:Malware-gen
21:03:24.219 File: C:\ProgramData\Microsoft\Windows\DRM\E5B8.tmp **INFECTED** Win32:Malware-gen
21:03:24.283 File: C:\ProgramData\Microsoft\Windows\DRM\FA1D.tmp **INFECTED** Win32:Malware-gen
21:03:24.324 File: C:\ProgramData\Microsoft\Windows\DRM\FA2D.tmp **INFECTED** Win32:Malware-gen
21:03:56.786 Scan finished successfully
21:15:27.890 Disk 0 MBR has been saved successfully to "C:\Users\Johnny\Documents\MBR.dat"
21:15:27.901 The log file has been saved successfully to "C:\Users\Johnny\Documents\aswMBR.txt"

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,537 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 26 March 2012 - 06:40 PM

Hi johnnny ,I split you topic here. Yes run the Fix anf then run (MBAM, ESET, mini toolbox) . Let me know how it is after.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

NOTE: In some instances if no malware is found there will be no log produced.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users