Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus


  • Please log in to reply
23 replies to this topic

#1 Bearmike100

Bearmike100

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 31 May 2012 - 11:42 PM

I have all symptoms of Redirect Virus: when clicking on search results in Google, it starts page Redirect or Ad-Service and gives a list of 5 websites that have nothing to do with the search. Also browsing became too slow. Run Kaspersky TDSSKiller, but it did not detect any virus. Recreated a HOSTS file - no effect.
Pls help

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:29 PM

Posted 01 June 2012 - 01:21 AM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#3 Bearmike100

Bearmike100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 03 June 2012 - 11:25 AM

wHEN TRYING TO DOWNLOAD THE SCAN APP, IT 'S ASKING FOR A PASSWORD. DID NOT START INSTALL WITHOUT A VALID PSWD

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:29 PM

Posted 03 June 2012 - 12:50 PM

wHEN TRYING TO DOWNLOAD THE SCAN APP, IT 'S ASKING FOR A PASSWORD. DID NOT START INSTALL WITHOUT A VALID PSWD

???

which one?

#5 myanna

myanna

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 03 June 2012 - 01:17 PM

NarenXP,

I had a similar redirect virus. I used the AVG Rescue CD http://www.avg.com/us-en/avg-rescue-cd to remove it.

Im not an expert just a reader here, but I am wondering if this might help Bearmike100?

#6 Bearmike100

Bearmike100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 06 June 2012 - 10:39 PM

When trying to download ESET , it's asking for a pswd

#7 Bearmike100

Bearmike100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 06 June 2012 - 10:50 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-06 23:44:17
-----------------------------
23:44:17.888 OS Version: Windows x64 6.1.7601 Service Pack 1
23:44:17.888 Number of processors: 2 586 0x603
23:44:17.890 ComputerName: MM-VAIO UserName: MM
23:44:17.909 Initialze error C0000034 - driver not loaded
23:46:00.217 AVAST engine defs: 12060602
23:46:54.054 Service scanning
23:46:55.188 Modules scanning
23:46:55.188 Disk 0 trace - called modules:
23:46:55.198
23:46:55.228 AVAST engine scan C:\Windows
23:46:55.249 AVAST engine scan C:\Windows\system32
23:46:55.293 AVAST engine scan C:\Windows\system32\drivers
23:46:55.305 AVAST engine scan C:\Users\MM
23:46:55.315 AVAST engine scan C:\ProgramData
23:46:55.319 Scan finished successfully
23:47:09.819 The log file has been saved successfully to "C:\Users\MM\Documents\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:29 PM

Posted 07 June 2012 - 12:43 AM

Run TDSSkiller,re run aswmbr too

Try to ESET scanner in safemode with networking

#9 Bearmike100

Bearmike100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 08 June 2012 - 12:20 AM

TDSSkiller found nothing. ESET found trojan a variant win32/krypik.AFRA in C:\users\mm\appdata\local\temp\0.9827981798219395.
Below is log from ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 22:30:29
-----------------------------
22:30:29.583 OS Version: Windows x64 6.1.7601 Service Pack 1
22:30:29.583 Number of processors: 2 586 0x603
22:30:29.586 ComputerName: MM-VAIO UserName: MM
22:30:33.455 Initialize success
22:30:44.033 AVAST engine defs: 12060602
22:30:51.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
22:30:51.211 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
22:30:51.231 Disk 0 MBR read successfully
22:30:51.237 Disk 0 MBR scan
22:30:51.251 Disk 0 Windows 7 default MBR code
22:30:51.256 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9627 MB offset 2048
22:30:51.277 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 19720192
22:30:51.300 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295515 MB offset 19924992
22:30:51.362 Disk 0 scanning C:\Windows\system32\drivers
22:31:20.639 Service scanning
22:32:18.360 Modules scanning
22:32:18.381 Disk 0 trace - called modules:
22:32:18.414 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
22:32:18.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032355e0]
22:32:18.445 3 CLASSPNP.SYS[fffff8800215743f] -> nt!IofCallDriver -> [0xfffffa80021db690]
22:32:18.458 5 amd_xata.sys[fffff88000e2b7a8] -> nt!IofCallDriver -> [0xfffffa80031bd270]
22:32:18.467 7 ACPI.sys[fffff88000f037a1] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa80030a3750]
22:32:20.218 AVAST engine scan C:\
23:19:39.259 Disk 0 MBR has been saved successfully to "C:\Users\MM\Documents\MBR.dat"
23:19:39.278 The log file has been saved successfully to "C:\Users\MM\Documents\aswMBR_1.txt"
23:30:28.000 File: C:\Users\MM\AppData\Local\Temp\nsv4849.tmp\iemmfh.dll **INFECTED** Win32:Tracur-HZ [Trj]
00:23:17.001 Disk 0 MBR has been saved successfully to "C:\Users\MM\Documents\MBR.dat"
00:23:17.190 The log file has been saved successfully to "C:\Users\MM\Documents\aswMBR.txt"


Thks

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:29 PM

Posted 08 June 2012 - 03:32 AM

Mini toolbox log?

#11 Bearmike100

Bearmike100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 09 June 2012 - 11:08 AM

MiniToolBox by Farbar Version: 09-06-2012
Ran by MM (administrator) on 09-06-2012 at 11:59:07
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MM-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 7E-DD-08-FF-B6-2D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 78-84-3C-2D-B5-3C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 78-DD-08-FF-B6-2D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f92a:ad38:5c4:a224%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 09, 2012 11:50:10 AM
Lease Expires . . . . . . . . . . : Sunday, June 10, 2012 11:57:47 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 192470280
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-4A-DD-4C-78-84-3C-2D-B5-3C
DNS Servers . . . . . . . . . . . : 192.168.1.1
71.250.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{80A6AB50-46A0-45B2-BA47-4466BE6A6229}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1018:13c5:b7a7:32ce(Preferred)
Link-local IPv6 Address . . . . . : fe80::1018:13c5:b7a7:32ce%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable ISATAP Interface {3872EF11-3096-4E07-8DF1-E7F51D2E7FE3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{76290962-DEDC-4774-94F3-D301EE8914D4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:802::100e
173.194.43.32
173.194.43.39
173.194.43.33
173.194.43.35
173.194.43.36
173.194.43.46
173.194.43.34
173.194.43.37
173.194.43.41
173.194.43.38
173.194.43.40


Pinging google.com [74.125.226.201] with 32 bytes of data:
Reply from 74.125.226.201: bytes=32 time=9ms TTL=251
Reply from 74.125.226.201: bytes=32 time=8ms TTL=251

Ping statistics for 74.125.226.201:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 9ms, Average = 8ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=67ms TTL=49
Reply from 98.139.183.24: bytes=32 time=62ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 67ms, Average = 64ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...7e dd 08 ff b6 2d ......Microsoft Virtual WiFi Miniport Adapter
11...78 84 3c 2d b5 3c ......Realtek PCIe GBE Family Controller
10...78 dd 08 ff b6 2d ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:1018:13c5:b7a7:32ce/128
On-link
10 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::1018:13c5:b7a7:32ce/128
On-link
10 281 fe80::f92a:ad38:5c4:a224/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/09/2012 11:53:44 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/09/2012 07:13:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27207589

Error: (06/09/2012 07:13:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27207589

Error: (06/09/2012 07:13:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2012 10:22:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21107

Error: (06/08/2012 10:22:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21107

Error: (06/08/2012 10:22:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2012 07:17:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/08/2012 07:10:37 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/07/2012 10:28:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/09/2012 11:49:57 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:57:49 AM on ?6/?9/?2012 was unexpected.

Error: (06/08/2012 07:07:10 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:02:15 AM on ?6/?8/?2012 was unexpected.

Error: (06/07/2012 07:57:28 AM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (06/07/2012 07:36:19 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:54:43 AM on ?6/?7/?2012 was unexpected.

Error: (06/06/2012 04:03:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:03:20 AM on ?6/?6/?2012 was unexpected.

Error: (06/05/2012 07:59:25 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \...\DR1.

Error: (06/05/2012 07:46:17 AM) (Source: DCOM) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (06/03/2012 06:42:23 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{37026458-AE80-4DB9-B16D-424E3595298C} because another computer on the network has the same name. The server could not start.

Error: (06/03/2012 04:57:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/02/2012 07:21:23 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


Microsoft Office Sessions:
=========================
Error: (06/09/2012 11:53:44 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/09/2012 07:13:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27207589

Error: (06/09/2012 07:13:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27207589

Error: (06/09/2012 07:13:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2012 10:22:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21107

Error: (06/08/2012 10:22:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21107

Error: (06/08/2012 10:22:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2012 07:17:54 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/08/2012 07:10:37 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/07/2012 10:28:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\MM\Downloads\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Alps Pointing-device for VAIO
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon Kindle
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft WebCam Companion 3 (Version: 3.0.21.368)
ATI Catalyst Install Manager (Version: 3.0.765.0)
ATX to Drake Conversion 11.2.1 (Version: 11.2.1)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
C4700 (Version: 140.0.690.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0607.127.669)
Catalyst Control Center Graphics Full Existing (Version: 2010.0607.127.669)
Catalyst Control Center Graphics Full New (Version: 2010.0607.127.669)
Catalyst Control Center Graphics Light (Version: 2010.0607.127.669)
Catalyst Control Center Graphics Previews Common (Version: 2010.0607.127.669)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0607.127.669)
Catalyst Control Center InstallProxy (Version: 2010.0607.127.669)
Catalyst Control Center Localization All (Version: 2010.0607.127.669)
ccc-core-static (Version: 2010.0607.127.669)
ccc-utility64 (Version: 2010.0607.127.669)
CCC Help Chinese Standard (Version: 2010.0607.0126.669)
CCC Help Chinese Traditional (Version: 2010.0607.0126.669)
CCC Help Czech (Version: 2010.0607.0126.669)
CCC Help Danish (Version: 2010.0607.0126.669)
CCC Help Dutch (Version: 2010.0607.0126.669)
CCC Help English (Version: 2010.0607.0126.669)
CCC Help Finnish (Version: 2010.0607.0126.669)
CCC Help French (Version: 2010.0607.0126.669)
CCC Help German (Version: 2010.0607.0126.669)
CCC Help Greek (Version: 2010.0607.0126.669)
CCC Help Hungarian (Version: 2010.0607.0126.669)
CCC Help Italian (Version: 2010.0607.0126.669)
CCC Help Japanese (Version: 2010.0607.0126.669)
CCC Help Korean (Version: 2010.0607.0126.669)
CCC Help Norwegian (Version: 2010.0607.0126.669)
CCC Help Polish (Version: 2010.0607.0126.669)
CCC Help Portuguese (Version: 2010.0607.0126.669)
CCC Help Russian (Version: 2010.0607.0126.669)
CCC Help Spanish (Version: 2010.0607.0126.669)
CCC Help Swedish (Version: 2010.0607.0126.669)
CCC Help Thai (Version: 2010.0607.0126.669)
CCC Help Turkish (Version: 2010.0607.0126.669)
Click to Disc MergeModules x64 (Version: 1.0.14230)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
Epson Event Manager (Version: 2.40.0001)
EPSON NX420 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.5.00)
EpsonNet Setup 3.2 (Version: 3.2a)
eReg (Version: 1.20.138.34)
Evernote (Version: 3.5.2.1525)
GameXN GO
Google Chrome (Version: 19.0.1084.52)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GPBaseService2 (Version: 140.0.211.000)
H&R Block Business 2010 (Remove Only)
H&R Block Business 2011 (Remove Only)
H&R Block New Jersey 2010 (Version: 1.10.3001)
H&R Block New Jersey 2011 (Version: 1.11.3401)
H&R Block New York 2010 (Version: 1.10.4901)
H&R Block New York 2011 (Version: 1.11.4401)
H&R Block Premium + Efile + State 2010 (Version: 10.06.6402)
H&R Block Premium + Efile + State 2011 (Version: 11.07.7102)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
ImageMixer for Sony DVD Handycam
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
Kaspersky Internet Security 2012 (Version: 12.0.0.374)
Logitech SetPoint 6.32 (Version: 6.32.20)
MarketResearch (Version: 140.0.212.000)
Media Gallery (Version: 1.2.0.15040)
Media Gallery MergeModules x64 (Version: 1.0.14250)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSI_SPF_x64 (Version: 1.0.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Oasis2Service (Version: 1.0.1)
OOBE (Version: 3.10.0630)
Origin (Version: 8.4.1.208)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.1.02.03310)
PMB VAIO Edition Guide (Version: 1.1.00.14080)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.1.00.15080)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (Version: 1.1.00.15040)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.1.00.15080)
PokerStars.net
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickBooks Pro 2008 (Version: 18.0.4010.606)
QuickTransfer (Version: 140.0.98.000)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6034)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30116)
Scan (Version: 140.0.80.000)
Seagate Manager Installer (Version: 2.02.0109)
Setting Utility Series (Version: 5.2.0.15250)
Shop for HP Supplies (Version: 14.0)
Skype™ 4.2 (Version: 4.2.146)
SmartWebPrinting (Version: 140.0.186.000)
SmartWi Connection Utility (Version: 4.11.4.20100722.2739)
SolutionCenter (Version: 140.0.213.000)
Sony Home Network Library (Version: 2.1.0.14240)
Status (Version: 140.0.212.000)
SupportSoft Assisted Service (Version: 15)
swMSM (Version: 12.0.0.1)
The Sims™ 3 (Version: 1.0.631)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VAIO Care (Version: 6.2.2.07150)
VAIO Content Monitoring Settings (Version: 2.5.0.13220)
VAIO Control Center (Version: 4.2.0.15020)
VAIO Data Restore Tool (Version: 1.3.0.13150)
VAIO DVD Menu Data (Version: 2.1.00.13210)
VAIO Entertainment Platform (Version: 3.7.0.16080)
VAIO Event Service (Version: 5.2.0.15020)
VAIO Gate (Version: 2.4.0.06210)
VAIO Gate Default (Version: 2.2.0.07020)
VAIO Hardware Diagnostics (Version: 3.9.1)
VAIO Help and Support (Version: 12.00.0622)
VAIO Manual (Version: 1.0.0.03290)
VAIO Media plus (Version: 2.1.0.15040)
VAIO Media plus Opening Movie (Version: 2.1.0.14080)
VAIO Messenger (Version: 2.0.424.0)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240)
VAIO Movie Story Template Data (Version: 2.1.00.14040)
VAIO Original Function Settings (Version: 2.1.0.13120)
VAIO Power Management (Version: 5.1.0.15250)
VAIO Sample Contents (Version: 1.2.0.16080)
VAIO Survey (Version: 6.00.1028)
VAIO Transfer Support (Version: 1.1.2.06030)
VAIO Update (Version: 5.1.1.06090)
VAIO Wallpaper Contents (Version: 2.1.0.14090)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 8.0.0.35)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VMp MergeModule x64 (Version: 1.0.0)
WebReg (Version: 140.0.212.017)
WIDCOMM Bluetooth Software (Version: 6.2.1.500)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (Version: 09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 2810.9 MB
Available physical RAM: 1224.62 MB
Total Pagefile: 5619.99 MB
Available Pagefile: 3381.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3982.44 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:288.59 GB) (Free:227.46 GB) NTFS

========================= Users: ========================================

User accounts for \\MM-VAIO

Administrator boinc_master


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:29 PM

Posted 09 June 2012 - 01:53 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Do you still have redirects?

#13 Bearmike100

Bearmike100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 13 June 2012 - 12:18 AM

Malware scan came clean . Still have a virus. Also, when starting windows, receive an error that can not find module C:\users\MM\Appdata\Local - the folder where ESET found and removed 2 trojans.

Thks

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MM :: MM-VAIO [administrator]

6/12/2012 11:36:35 PM
mbam-log-2012-06-12 (23-36-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 459797
Time elapsed: 1 hour(s), 36 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:29 PM

Posted 13 June 2012 - 12:23 AM

Manually browse to this location

C:\Users\MM\AppData\Local\Temp\nsv4849.tmp\iemmfh.dll

Delete the dll file.

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

upload the log file to

www.filedropper.com

Post the link here

good luck

#15 Bearmike100

Bearmike100
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 13 June 2012 - 08:43 PM

uploaded file to filedropper. Can not get a link. Do I have to create an accout there?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users