Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Assistance with probable viruses


  • Please log in to reply
11 replies to this topic

#1 erduggan

erduggan

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 04 August 2012 - 05:15 PM

My daughter, who is heading back to college in a few weeks, managed to get her machine infected. I have been able to delete some of the infections with Malwarebytes and with NOD32, but I am concerned that there may be residual issues. Windows Update seems to be locked. She is running Win 7 Home Premium ver 6.1 (Build 7601: SP 1)on a Dell Inspiron 1564 with 3 GB.

Main issues seem to be erratic behavior of basic programs. For a long while she could not download files in Firefox (and, I believe, other browsers) or run installations of software, but I may have fixed that.

Because of personal work issues I am only going to have access to her machine on weekends, I anticipate.

Thanks!

Edward

Edited by erduggan, 04 August 2012 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,075 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:42 AM

Posted 05 August 2012 - 11:52 AM

Hi,

Please download Farbar Service Scanner
Checkmark all the boxes and click Scan, copy the generated report to your reply.

Also download MiniToolBox
Check the box for List last 10 Event Viewer log and click Go, copy the generated log to you reply.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 erduggan

erduggan
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 05 August 2012 - 12:51 PM

Farbar Service Scanner Version: 04-08-2012 01
Ran by Suki (administrator) on 05-08-2012 at 13:49:18
Running from "C:\Users\Suki\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Demand
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 erduggan

erduggan
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 05 August 2012 - 12:54 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Suki (administrator) on 05-08-2012 at 13:53:02
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/05/2012 01:31:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 01:31:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 00:12:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 00:12:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service) (User: )
Description: 512: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service) (User: )
Description: 240: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service) (User: )
Description: 516: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service) (User: )
Description: 236: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (08/05/2012 00:27:30 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 11:45:59 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 11:42:18 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 09:27:15 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 09:18:56 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer PHIL-MANSFIELDS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FEC7561B-815D-487B-B1B6-A7D423D2A116}.
The master browser is stopping or an election is being forced.

Error: (08/05/2012 09:13:22 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 09:13:00 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:11:09 AM on ?8/?5/?2012 was unexpected.

Error: (08/05/2012 09:10:33 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/05/2012 09:10:33 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/04/2012 11:33:50 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (08/05/2012 01:31:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 01:31:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 00:12:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 00:12:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service)(User: )
Description: 512: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service)(User: )
Description: 240: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service)(User: )
Description: 516: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/05/2012 08:56:36 AM) (Source: Bonjour Service)(User: )
Description: 236: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


**** End of log ****

Many thanks,


Edward

#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,075 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:42 AM

Posted 05 August 2012 - 01:13 PM

Hi,

You should do a Check Disk, open the Command Line as Administrator and write:
chkdsk /f /x c:
Answer Yes to do the check next boot and then restart the computer.


After running the check disk post a new log generated with MiniToolBox with those options checked:
- List last 10 Event Viewer log
- List Installed Programs

Edited by Rui Paz, 05 August 2012 - 01:15 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 erduggan

erduggan
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 05 August 2012 - 01:42 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Suki (administrator) on 05-08-2012 at 14:40:23
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/05/2012 02:36:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 02:36:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 02:24:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 724828

Error: (08/05/2012 02:24:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 724828

Error: (08/05/2012 02:24:07 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/05/2012 01:31:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 01:31:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2012 00:12:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/05/2012 02:30:54 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 00:27:30 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 11:45:59 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 11:42:18 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 09:27:15 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 09:18:56 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer PHIL-MANSFIELDS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FEC7561B-815D-487B-B1B6-A7D423D2A116}.
The master browser is stopping or an election is being forced.

Error: (08/05/2012 09:13:22 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (08/05/2012 09:13:00 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:11:09 AM on ?8/?5/?2012 was unexpected.

Error: (08/05/2012 09:10:33 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/05/2012 09:10:33 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (08/05/2012 02:36:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 02:36:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 02:24:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 724828

Error: (08/05/2012 02:24:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 724828

Error: (08/05/2012 02:24:07 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/05/2012 01:31:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 01:31:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 01:14:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (08/05/2012 00:12:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe


=========================== Installed Programs ============================

Accidental Damage Services Agreement (Version: 2.0.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.3)
Adobe AIR (Version: 2.6.0.19140)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Creative Suite 5.5 Design Premium (Version: 5.5)
Adobe Download Assistant (Version: 1.0.1)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Illustrator CS5 (Version: 15.0)
Adobe Illustrator CS5.1 (Version: 15.1)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Advanced Audio FX Engine (Version: 1.12.05)
Akamai NetSession Interface
Apple Application Support (Version: 1.3.1)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
Applian Director (Version: 2.0)
ATI Catalyst Control Center (Version: 2.010.0122.0857)
Banctec Service Agreement (Version: 2.0.0)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 2.0.2.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full Existing (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full New (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Light (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Common (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0122.858.16002)
Catalyst Control Center InstallProxy (Version: 2010.0122.858.16002)
Catalyst Control Center Localization All (Version: 2010.0122.858.16002)
ccc-core-static (Version: 2010.0122.858.16002)
ccc-utility64 (Version: 2010.0122.858.16002)
CCC Help Chinese Standard (Version: 2010.0122.0857.16002)
CCC Help Chinese Traditional (Version: 2010.0122.0857.16002)
CCC Help Danish (Version: 2010.0122.0857.16002)
CCC Help Dutch (Version: 2010.0122.0857.16002)
CCC Help English (Version: 2010.0122.0857.16002)
CCC Help Finnish (Version: 2010.0122.0857.16002)
CCC Help French (Version: 2010.0122.0857.16002)
CCC Help German (Version: 2010.0122.0857.16002)
CCC Help Italian (Version: 2010.0122.0857.16002)
CCC Help Japanese (Version: 2010.0122.0857.16002)
CCC Help Korean (Version: 2010.0122.0857.16002)
CCC Help Norwegian (Version: 2010.0122.0857.16002)
CCC Help Portuguese (Version: 2010.0122.0857.16002)
CCC Help Russian (Version: 2010.0122.0857.16002)
CCC Help Spanish (Version: 2010.0122.0857.16002)
CCC Help Swedish (Version: 2010.0122.0857.16002)
CCleaner (Version: 3.21)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
COMODO GeekBuddy (Version: 3.3.217083.59)
COMODO Internet Security (Version: 5.8.15089.2124)
Complete Care Business Service Agreement (Version: 2.0.0)
Consumer In-Home Service Agreement (Version: 2.0.0)
CopyTrans Suite Remove Only (Version: 2.05)
Corel Graphics - Windows Shell Extension (Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3)
CorelDRAW Graphics Suite X5 - Common (Version: 15.3)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3)
CorelDRAW Graphics Suite X5 - EN (Version: 15.3)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.3)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.3)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3)
CorelDRAW Graphics Suite X5 - WT (Version: 15.3)
CorelDRAW Graphics Suite X5 (Version: 15.3)
CorelDRAW® Graphics Suite X5 (Version: 15.2.0.686)
Cozi (Version: 1.0.4323.24051)
Dell DataSafe Local Backup - Support Software (Version: 2.34)
Dell DataSafe Local Backup (Version: 9.4.45)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.1102.101.101)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
DivX Setup (Version: 2.2.1.2)
Electric Sheep 2.7b27 (Version: 2.7b27)
ESET NOD32 Antivirus (Version: 5.2.9.1)
GIMP 2.6.10 (Version: 2.6.10)
Google Chrome (Version: 21.0.1180.60)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
GoToAssist 8.0.0.514
HitmanPro 3.6 (Version: 3.6.1.163)
inSSIDer 2.0 (Version: 2.0.7)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002)
iTunes (Version: 9.2.1.5)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 33 (Version: 6.0.330)
Junk Mail filter update (Version: 14.0.8089.726)
Last.fm 1.5.4.27091
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Security Scan Plus (Version: 3.0.207.4)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 14.0.1 (x86 en-GB) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
ooVoo (Version: 2.8.0039)
OpenOffice.org 3.2 (Version: 3.2.9502)
PDF Settings CS5 (Version: 10.0)
PowerDVD DX (Version: 8.3.6029)
Premium Service Agreement (Version: 2.0.0)
QualxServ Service Agreement (Version: 2.0.0)
Quickset64 (Version: 9.6.18)
QuickTime (Version: 7.67.75.0)
Replay Music (Version: 3.97B)
Rhapsody
Roxio Burn (Version: 1.01)
Skins (Version: 2010.0122.858.16002)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.0 (Version: 5.0.156)
Spotify (Version: 0.5.2)
Spotify (Version: 0.8.2.610.g090a06f8)
SUPERAntiSpyware (Version: 5.0.1150)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
WildTangent Games (Version: 1.0.0.71)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WordBiz version 1.8 (Version: 1.8)

**** End of log ****

#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,075 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:42 AM

Posted 05 August 2012 - 01:56 PM

Hi,

Can you check if Windows Update isn't working?

It seams you have removed Real Networks Real Player and it left a service behind MCSTRM go to:
Start -> Run -> services.msc
From the list of services locate MCSTRM right click to access its properties and then change the Startup type to Disabled.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 erduggan

erduggan
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 05 August 2012 - 02:23 PM

As of late last night I had been able to get Windows Update working. It had clearly not operated in a while, as it had to download over forty updates. It is still operating--checked in Control Panel just now.

I checked the services list--could not find MCSTRM on a quick go-through, but she uses Rhapsody and I believe that uses the service also (speaking from personal experience with the program). Not totally sure what name the service would be listed under--I checked "Real" etc...

#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,075 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:42 AM

Posted 06 August 2012 - 09:53 AM

As of late last night I had been able to get Windows Update working. It had clearly not operated in a while, as it had to download over forty updates. It is still operating--checked in Control Panel just now.

I checked the services list--could not find MCSTRM on a quick go-through, but she uses Rhapsody and I believe that uses the service also (speaking from personal experience with the program). Not totally sure what name the service would be listed under--I checked "Real" etc...


On the event viewer Service Control is complaining about this service fail to start because the file is missing, on the services list it probably have other name, you can disable it from the command line running as administrator, using this command:
sc config MCSTRM start= disabled

Did you notice other problems?

Edited by Rui Paz, 06 August 2012 - 09:53 AM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#10 erduggan

erduggan
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 August 2012 - 10:46 AM

Many thanks. Yes, I do still have problems. I ran MalwareBytes again this morning (the system sat unused all week), and it located a Trojan. This was with Nod32 on the system, and online scans from ESET and FSecure showing no problems. I ran TDSSKiller (which I had used last weekend) and deleted two files after quarantining. So it does seem that there is a persistent issue.

#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,075 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:42 AM

Posted 12 August 2012 - 11:28 AM

Hi,

It seems you case need to be analyzed using tools not allowed on this section of the forum...

Its probably better to create a new post on the Virus, Trojan, Spyware, and Malware Removal Logs forum.
First follow the directions from the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, on your new post you should include a reference to this topic.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 erduggan

erduggan
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 August 2012 - 03:04 PM

Many thanks. At this point it will have to wait until I am home again next weekend.

Edward




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users