Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware or Virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 EdgarM

EdgarM

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 June 2012 - 12:16 AM

Hi, I'm new here. I read through many of the posts on here, but as per the experts warnings, most of the advice given were given specifically to the poster's system. Well anyways, I had started having problems about two days ago. I installed Bitdefender because I had been only been depending on malwarebytes. So after installing it did a scan and then asked to reboot. I let it reboot but when windows started again, it had a black screen after the welcome screen and it took a while for it to load the desktop. Which it had never done before. I only noticed my computer was infected after I started Chrome and started searching stuff on google and I started getting redirects to antivirus sites or ad sites; also my firewall and system restore were disabled. I immidiately uninstalled bitdefender cause I thought it was culprit for the infection because it started right after I installed it. I then proceeded to do a scan with malwarebytes, it came out with a couple of infected objects but malwarebytes froze during the scan whenever it reached the "scanning additional items on your system" part. It freezes in quick and full scan, I tried using the malwarebyte's Chameloen tool and doing fresh installs, but it didn't work either. Then I downloaded SuperAntiSpyware and did a scan, it found some things and was able to quarantine/remove them, but the problem persisted. I tried Eset, Rkill, Kaspersky Rescue Disk 10, Emsisoft Emergency Kit, but to no avail, they all found various infected files; none were able to solve the problem though. Finally I decided to download avast to perform a boot scan. That finally seemed to fix things, there doesn't seem to be anymore redirects and I can access my firewall again, but now Im getting warnings from avast every 5 to 20 minutes and programs freeze that never used to. These are the block warnings I get: Win32:DNSChanger-VJ[Trj] and Win32:Malware-gen. I'm not sure if these are false positives or real threats, Malwarebytes detects something, but still freezes during scan. I have Windows 7 Home Premium 64-Bit Service Pack 1.
I'm sorry it's so long, I really appreciate any help, Thanks! Edgar

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 11 June 2012 - 11:00 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 June 2012 - 11:19 AM

Thanks for replying! Here's the logs:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 32
Java™ 6 Update 3
Out of date Java installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

Farbar Service Scanner Version: 09-06-2012
Ran by Antonio (administrator) on 11-06-2012 at 11:18:52
Running from "C:\Users\Antonio\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2012-06-08 17:50] - [2012-06-02 17:19] - 2428952 ____A (Microsoft Corporation) D9EF901DCA379CFE914E9FA13B73B4C4

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 June 2012 - 11:30 AM

When running MiniToolbarBox it gave me an error message during the scan: nslookup.exe - Ordinal Not Found \ The ordinal 1108 could be located in the dynamic link library WSOCK32.dll.


MiniToolBox by Farbar Version: 09-06-2012
Ran by Antonio (administrator) on 11-06-2012 at 11:21:37
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros 802.11 a/b/g/n Dualband Wireless Network Module = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ruben-pc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-26-82-17-22-75
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Physical Address. . . . . . . . . : 00-26-82-17-22-75
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd56:bb9a:b4f1:1c4f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, June 10, 2012 10:05:40 PM
Lease Expires . . . . . . . . . . : Tuesday, June 12, 2012 10:05:40 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 301999746
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-2D-26-20-00-25-B3-0A-0E-44
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-25-B3-0A-0E-44
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c75:3ebe:9c88:b1e9(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c75:3ebe:9c88:b1e9%21(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging google.com [74.125.225.128] with 32 bytes of data:
Reply from 74.125.225.128: bytes=32 time=62ms TTL=53
Reply from 74.125.225.128: bytes=32 time=82ms TTL=53

Ping statistics for 74.125.225.128:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 82ms, Average = 72ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=186ms TTL=46
Reply from 98.139.183.24: bytes=32 time=110ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 110ms, Maximum = 186ms, Average = 148ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...06 26 82 17 22 75 ......Microsoft Virtual WiFi Miniport Adapter
11...00 26 82 17 22 75 ......Atheros 802.11 a/b/g/n Dualband Wireless Network Module
10...00 25 b3 0a 0e 44 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 281
192.168.1.65 255.255.255.255 On-link 192.168.1.65 281
192.168.1.255 255.255.255.255 On-link 192.168.1.65 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
21 58 ::/0 On-link
1 306 ::1/128 On-link
21 58 2001::/32 On-link
21 306 2001:0:4137:9e76:3c75:3ebe:9c88:b1e9/128
On-link
11 281 fe80::/64 On-link
21 306 fe80::/64 On-link
21 306 fe80::3c75:3ebe:9c88:b1e9/128
On-link
11 281 fe80::dd56:bb9a:b4f1:1c4f/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
21 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/11/2012 02:29:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/11/2012 02:28:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/10/2012 11:32:37 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fb4

Start Time: 01cd47893e3081d4

Termination Time: 60000

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 3eaa6530-b37e-11e1-8c14-0025b30a0e44

Error: (06/10/2012 07:00:02 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/10/2012 06:27:52 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.60.0.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c48

Start Time: 01cd475d2815241e

Termination Time: 60000

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: b09a23ba-b353-11e1-aae5-0025b30a0e44

Error: (06/10/2012 06:26:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/10/2012 05:02:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/10/2012 00:58:50 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe -Embedding; Description = Removed Crusader Kings; Error = 0x8007043c).

Error: (06/10/2012 00:55:56 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Users\Antonio\AppData\Local\Temp\_isAB5F.exe -l0x0009 -removeonly -clone_of"C:\Program Files (x86)\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\" -your_launchersetup.exe -tempdisk1folder"C:\Users\Antonio\AppData\Local\Temp\{80CC4956-4BC4-41E5-95DE-7977F4D1567F}\"; Description = Removed Caesar IV; Error = 0x8007043c).

Error: (06/10/2012 10:56:26 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - Activate Norton Online Backup; Error = 0x8007043c).


System errors:
=============
Error: (06/11/2012 11:03:44 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/10/2012 10:20:38 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HOME-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F394725B-9FEF-4826-B731-7884F6210245}.
The master browser is stopping or an election is being forced.

Error: (06/10/2012 10:08:46 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (06/10/2012 10:08:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (06/10/2012 10:08:27 PM) (Source: Service Control Manager) (User: )
Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/10/2012 10:07:37 PM) (Source: Service Control Manager) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:
%%3

Error: (06/10/2012 10:07:00 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service failed to start due to the following error:
%%1053

Error: (06/10/2012 10:07:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DPS service.

Error: (06/10/2012 07:30:50 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/10/2012 07:28:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HOME-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F394725B-9FEF-4826-B731-7884F6210245}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (06/11/2012 02:29:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/11/2012 02:28:33 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/10/2012 11:32:37 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.80fb401cd47893e3081d460000C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe3eaa6530-b37e-11e1-8c14-0025b30a0e44

Error: (06/10/2012 07:00:02 PM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (06/10/2012 06:27:52 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.80c4801cd475d2815241e60000C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeb09a23ba-b353-11e1-aae5-0025b30a0e44

Error: (06/10/2012 06:26:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Antonio\Downloads\esetsmartinstaller_enu.exe

Error: (06/10/2012 05:02:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Antonio\Downloads\esetsmartinstaller_enu.exe

Error: (06/10/2012 00:58:50 PM) (Source: System Restore)(User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe -EmbeddingRemoved Crusader Kings0x8007043c

Error: (06/10/2012 00:55:56 PM) (Source: System Restore)(User: )
Description: C:\Users\Antonio\AppData\Local\Temp\_isAB5F.exe -l0x0009 -removeonly -clone_of"C:\Program Files (x86)\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\" -your_launchersetup.exe -tempdisk1folder"C:\Users\Antonio\AppData\Local\Temp\{80CC4956-4BC4-41E5-95DE-7977F4D1567F}\"Removed Caesar IV0x8007043c

Error: (06/10/2012 10:56:26 AM) (Source: System Restore)(User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - Activate Norton Online Backup0x8007043c


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
4660_4680_Help (Version: 1.00.0000)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Acrobat.com (Version: 2.3.0)
Acrobat.com (Version: 2.3.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.228)
Adobe Media Player (Version: 1.8)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe SVG Viewer 3.0 (Version: 3.0)
Advertising Center (Version: 0.0.0.1)
AIO_CDA_ProductContext (Version: 130.0.365.000)
AIO_CDA_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.365.000)
AMD USB Filter Driver (Version: 1.0.11.86)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
ATT-PRT22
avast! Internet Security (Version: 7.0.1426.0)
AVIcodec (remove only)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
C6100 (Version: 130.0.365.000)
c6100_Help (Version: 82.0.256.000)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Card Data Recovery (Version: )
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full Existing (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full New (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Light (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Common (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0310.1824.32984)
Catalyst Control Center HydraVision Full (Version: 2010.0310.1824.32984)
Catalyst Control Center InstallProxy (Version: 2010.0310.1824.32984)
Catalyst Control Center Localization All (Version: 2010.0310.1824.32984)
ccc-core-static (Version: 2010.0310.1824.32984)
ccc-utility64 (Version: 2010.0310.1824.32984)
CCC Help Chinese Standard (Version: 2010.0310.1823.32984)
CCC Help Chinese Traditional (Version: 2010.0310.1823.32984)
CCC Help Czech (Version: 2010.0310.1823.32984)
CCC Help Danish (Version: 2010.0310.1823.32984)
CCC Help Dutch (Version: 2010.0310.1823.32984)
CCC Help English (Version: 2010.0310.1823.32984)
CCC Help Finnish (Version: 2010.0310.1823.32984)
CCC Help French (Version: 2010.0310.1823.32984)
CCC Help German (Version: 2010.0310.1823.32984)
CCC Help Greek (Version: 2010.0310.1823.32984)
CCC Help Hungarian (Version: 2010.0310.1823.32984)
CCC Help Italian (Version: 2010.0310.1823.32984)
CCC Help Japanese (Version: 2010.0310.1823.32984)
CCC Help Korean (Version: 2010.0310.1823.32984)
CCC Help Norwegian (Version: 2010.0310.1823.32984)
CCC Help Polish (Version: 2010.0310.1823.32984)
CCC Help Portuguese (Version: 2010.0310.1823.32984)
CCC Help Russian (Version: 2010.0310.1823.32984)
CCC Help Spanish (Version: 2010.0310.1823.32984)
CCC Help Swedish (Version: 2010.0310.1823.32984)
CCC Help Thai (Version: 2010.0310.1823.32984)
CCC Help Turkish (Version: 2010.0310.1823.32984)
Cheat Engine 6.1
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 130.0.428.000)
CoreAVC Professional Edition (remove only)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0)
CorelDRAW Graphics Suite X5 - Common (Version: 15.0)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0)
CorelDRAW Graphics Suite X5 - EN (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0)
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - WT (Version: 15.0)
CorelDRAW Graphics Suite X5 (Version: 15.0)
CorelDRAW Graphics Suite X5 Activation (Version: 15.0.0.486)
CrazyTalk v6.0 PRO (Version: 6.0.0611.1)
Crusader Kings II
Crusader Kings II version 1.05f (Version: 1.05f)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
CyberLink DVD Suite Deluxe (Version: 6.0.3101)
CyberLink YouCam 5 (Version: 5.0.1129)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.213.000)
Digidesign Audio Drivers 8.0 (Version: 8.0)
Digidesign Pro Tools LE 8.0 (Version: 8.0)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000)
DocMgr (Version: 140.0.65.000)
DocProc (Version: 140.0.100.000)
DolbyFiles (Version: 2.0)
Download Updater (AOL LLC)
Driver Detective (Version: 8.0.1)
ESET Online Scanner v3
F4400 (Version: 130.0.448.000)
Fax (Version: 140.0.213.000)
Free DigiRack Plug-Ins 8.0 (Version: 8.0)
Gemini Wars (Version: )
Google Chrome (Version: 19.0.1084.56)
Google Update Helper (Version: 1.3.21.111)
GPBaseService2 (Version: 140.0.212.000)
Guitar Pro 5.2
Guitar Pro 6
Haali Media Splitter
Hardware Diagnostic Tools (Version: 6.0.5434.08)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
Hex Workshop v6.6 (Version: 6.6.1.5158)
hkSFV (remove only) (Version: 1.0)
HP Advisor (Version: 3.2.8946.3086)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Easy Backup (Version: 1.0.8.0)
HP Games (Version: 1.0.0.71)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP MediaSmart Demo (Version: 1.00.0000)
HP MediaSmart DVD (Version: 3.0.3123)
HP MediaSmart Movie Themes (Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (Version: 3.0.3205)
HP MediaSmart SmartMenu (Version: 3.0.28.2)
HP Odometer (Version: 2.10.0000)
HP OfficeJet J4600 All-In-One Series (Version: 14.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Print Projects 1.0 (Version: 1.0)
HP Remote Solution (Version: 1.1.9.0)
HP Setup (Version: 1.2.3220.3079)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.006.003)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
hpWLPGInstaller (Version: 130.0.303.000)
HydraVision (Version: 4.2.162.0)
i Screen Recorder 8.0.0.2167
iCare Data Recovery 4.5.3
iCloud (Version: 1.1.0.40)
ImagXpress (Version: 7.0.74.0)
ImgBurn (Version: 2.5.6.0)
Indeo® Software
inFlow Inventory
inSSIDer (Version: 2.1.1)
Interlok driver setup x64 (Version: 5.8.5)
iPhone Backup Extractor (Version: 3.3.7.0)
iTunes (Version: 10.6.1.7)
J4680 (Version: 140.0.000.000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 32 (Version: 6.0.320)
King Arthur II
LabelPrint (Version: 2.5.1901)
LightScribe System Software (Version: 1.18.5.1)
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (Version: 1)
MacDrive 8 (Version: 8.0.5.31)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
ManyCam 2.6.65 (remove only) (Version: 2.6.65)
MarketResearch (Version: 140.0.214.000)
Media Player Classic - Home Cinema 1.6.0.4014 x64 (Version: 1.6.0.4014)
Media Player Codec Pack 3.9.0
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 8.0 (Version: 8.0.225.0)
Microsoft Live Search Toolbar (Version: 3.0.560.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (INFLOWSQL) (Version: 9.4.5000.00)
Microsoft SQL Server Management Objects Collection (Version: 9.00.1399.06)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005)
Mount&Blade Warband
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NavNet (Version: 4.0)
NCH Toolbox
Nero ControlCenter (Version: 9.0.0.1)
Nero Installer (Version: 4.4.9.0)
neroxml (Version: 1.0.0)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
Nexus Mod Manager (Version: 0.17.1)
NVIDIA PhysX (Version: 9.11.1107)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Ogg Codecs 0.81.15562 (Version: 0.81.15562)
PCSX2 - Playstation 2 Emulator
PDF Settings CS5 (Version: 10.0)
PictureMover (Version: 3.3.1.19)
Pinnacle Game Profiler (Version: 6.3.3)
Portfolio Browser (Version: 6.01.0000)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
ProductContext (Version: 140.0.000.000)
QuickTime (Version: 7.72.80.56)
RAIDXpert (Version: 2.4.1540.26)
Rapport (Version: 3.5.1108.77)
Rapport (Version: 3.5.1201.76)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Resident Evil: Operation Raccoon City (Version: 1.0.0.0)
Revo Uninstaller Pro 2.5.7 (Version: 2.5.7)
Rome - Total War (Version: 1.5)
Rosetta Stone Version 3 (Version: 3.4.5.0)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Scan (Version: 140.0.80.000)
SDFormatter (Version: 3.0.0)
SES Driver (Version: 1.0.0)
Shop for HP Supplies (Version: 14.0)
SimCity 4 Deluxe
Skype™ 4.0 (Version: 4.0.224)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.214.000)
Spotify (Version: 0.8.3.222.g317ab79d)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (Version: 1.00.0000)
Status (Version: 140.0.256.000)
Stronghold 3
SUPERAntiSpyware (Version: 5.0.1150)
System Requirements Lab
System Requirements Lab (Version: 4.1.14.0)
System Requirements Lab (Version: 4.5.1.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
TabIt version 2.01 (Version: 2.01)
The Elder Scrolls V Skyrim (Version: 1.01)
The Sims Medieval (Version: 1.1.10)
The Sims™ 3 (Version: 1.26.89)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 Pets (Version: 10.0.96)
The Walking Dead © 3 version 1 (Version: 1)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.213.000)
TSLRCM 1.7
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: 2.6.1f3_31223)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Manager (Version: 4.60)
uTorrentControl2 Toolbar (Version: 6.8.9.0)
VLC media player 1.0.3 (Version: 1.0.3)
vReveal 3
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WebReg (Version: 140.0.213.017)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (Version: 01/19/2011 1.0.0009.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Password Unlocker Enterprise 5.0.0.0
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
YouTube Downloader 3.5
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 7415.89 MB
Available physical RAM: 4684.57 MB
Total Pagefile: 14829.97 MB
Available Pagefile: 12149.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.39 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:919.07 GB) (Free:150.62 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.34 GB) (Free:2.2 GB) NTFS

========================= Users: ========================================

User accounts for \\RUBEN-PC

Administrator Antonio B12844EA6FAF4479B310
Guest


**** End of log ****

#5 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 June 2012 - 01:34 PM

The program freezes and crashes during the scan after "AVAST engine scan C:\Users\Antonio". So I saved a log before it crashes. Also I wasn't able to come up with a Malwarebytes log because it still freezes during scan.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 12:42:10
-----------------------------
12:42:10.847 OS Version: Windows x64 6.1.7601 Service Pack 1
12:42:10.847 Number of processors: 4 586 0x402
12:42:10.847 ComputerName: RUBEN-PC UserName: Antonio
12:42:12.719 Initialize success
12:42:12.797 AVAST engine defs: 12061100
12:42:15.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000078
12:42:15.465 Disk 0 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 8
12:42:15.559 Disk 0 MBR read successfully
12:42:15.574 Disk 0 MBR scan
12:42:15.574 Disk 0 unknown MBR code
12:42:15.590 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:42:15.605 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941132 MB offset 206848
12:42:15.668 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12635 MB offset 1927645184
12:42:15.777 Disk 0 scanning C:\Windows\system32\drivers
12:42:40.877 Service scanning
12:42:55.245 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:42:59.368 Modules scanning
12:42:59.375 Disk 0 trace - called modules:
12:42:59.403 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
12:42:59.408 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007573060]
12:42:59.412 3 CLASSPNP.SYS[fffff88001bcb43f] -> nt!IofCallDriver -> \Device\00000078[0xfffffa800708d9c0]
12:43:00.948 AVAST engine scan C:\Windows
12:43:42.245 AVAST engine scan C:\Windows\system32
12:45:06.173 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:45:08.279 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:45:47.560 Disk 0 MBR has been saved successfully to "C:\Users\Antonio\Desktop\MBR.dat"
12:45:47.560 The log file has been saved successfully to "C:\Users\Antonio\Desktop\aswMBR.txt"
12:46:03.353 AVAST engine scan C:\Windows\system32\drivers
12:46:15.350 AVAST engine scan C:\Users\Antonio
12:47:30.085 Disk 0 MBR has been saved successfully to "C:\Users\Antonio\Desktop\MBR.dat"
12:47:30.085 The log file has been saved successfully to "C:\Users\Antonio\Desktop\aswMBR.txt"
12:47:50.847 Disk 0 MBR has been saved successfully to "C:\Users\Antonio\Desktop\MBR.dat"
12:47:50.847 The log file has been saved successfully to "C:\Users\Antonio\Desktop\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 11 June 2012 - 01:36 PM

You're infected with ZeroAccess rootkit.
That will require elevated help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 EdgarM

EdgarM
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 June 2012 - 02:58 PM

I have completed the steps in the guide and also started a new topic.
Thank you so much for help! I really appreciate it!!!!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:06 PM

Posted 11 June 2012 - 09:25 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users