Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Syshost.exe Removal Help - HELP!


  • This topic is locked This topic is locked
5 replies to this topic

#1 ishme4nowz

ishme4nowz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 08 August 2012 - 01:44 AM

I have an HP Pavillion DV6-3000t with Windows 7. Ever since I got this malware, syshost.exe, I've been having trouble running Windows Update, trying to install antivirus software (it caused an error in the installation and uninstalled the security toolbar), and even had my internet browsers closed randomly, but the first problem caused by the malware was a pop-up asking to allow Command Process to run and having it pop-up again and again even though I don't allow it. I eventually clicked allow out of frustration and it ended up rebooting my computer.

I followed the directions to this Bleeping Computer article on how to identify and remove malware but I still can't remove syshost.exe!! I found the location of the file but everytime I try to delete it, it says I need administrative permission even though I have an administrative account. I don't seem to have authority to delete this file no matter how many times I press "Try Again" over and over again. How do I delete this??


EDIT:
I just tried to open Task Manager but I get an error message that reads:

The program can't start because pcwum.dll is missing from your computer. Try reinstalling the program to fix this problem.

Good thing I downloaded Process Explorer, but still....How do I get Task Manager (taskmgr.exe) back??

Edited by ishme4nowz, 08 August 2012 - 06:52 AM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:23 AM

Posted 08 August 2012 - 01:06 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 09 August 2012 - 02:57 AM

+ Security Check Log

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome plugins...
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


-------------------------------------------------------------------------------------

+ Farbar Service Scanner Log

Farbar Service Scanner Version: 06-08-2012
Ran by Annis (administrator) on 08-08-2012 at 15:28:12
Running from "C:\Users\Annis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1TNTH2D"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys
[2009-07-13 16:21] - [2009-07-13 16:21] - 0024576 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\nsiproxy.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-01-11 16:54] - [2011-04-24 19:44] - 0499712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys
[2009-07-13 16:21] - [2009-07-13 16:21] - 0099840 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\Drivers\tcpip.sys
[2012-01-11 16:54] - [2011-09-29 09:24] - 1897328 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys
[2009-07-13 17:08] - [2009-07-13 17:08] - 0077312 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Windows\System32\drivers\mpsdrv.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\SDRSVC.dll
[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


---------------------------------------------------------------------------------

+ MiniToolBox Log

MiniToolBox by Farbar Version: 23-07-2012
Ran by Annis (administrator) on 08-08-2012 at 20:04:06
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Disconnected)
Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Annis-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-26-C7-39-85-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 00-26-C7-39-85-D0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a906:d8d8:1cd:d0f7%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.78(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 07, 2012 11:13:39 PM
Lease Expires . . . . . . . . . . : Thursday, August 09, 2012 4:55:45 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 268445383
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-9E-37-26-C8-0A-A9-89-CA-E2
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c56:1308:9c9c:d99c(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c56:1308:9c9c:d99c%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2001:4860:4001:803::1005
74.125.224.40
74.125.224.41
74.125.224.46
74.125.224.32
74.125.224.33
74.125.224.34
74.125.224.35
74.125.224.36
74.125.224.37
74.125.224.38
74.125.224.39


Pinging google.com [74.125.224.103] with 32 bytes of data:
Reply from 74.125.224.103: bytes=32 time=27ms TTL=52
Reply from 74.125.224.103: bytes=32 time=26ms TTL=52

Ping statistics for 74.125.224.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=235ms TTL=44
Reply from 98.139.183.24: bytes=32 time=184ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 184ms, Maximum = 235ms, Average = 209ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 26 c7 39 85 d1 ......Microsoft Virtual WiFi Miniport Adapter
14...00 26 c7 39 85 d0 ......Intel® WiFi Link 1000 BGN
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.78 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.78 281
192.168.1.78 255.255.255.255 On-link 192.168.1.78 281
192.168.1.255 255.255.255.255 On-link 192.168.1.78 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.78 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.78 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:9d38:953c:3c56:1308:9c9c:d99c/128
On-link
14 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::3c56:1308:9c9c:d99c/128
On-link
14 281 fe80::a906:d8d8:1cd:d0f7/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/08/2012 03:21:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd026
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211da1
Exception code: 0xc06d007f
Fault offset: 0x000000000000a88d
Faulting process id: 0x1888
Faulting application start time: 0xwmpnscfg.exe0
Faulting application path: wmpnscfg.exe1
Faulting module path: wmpnscfg.exe2
Report Id: wmpnscfg.exe3

Error: (08/08/2012 03:21:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd026
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211da1
Exception code: 0xc06d007f
Fault offset: 0x000000000000a88d
Faulting process id: 0xe34
Faulting application start time: 0xwmpnscfg.exe0
Faulting application path: wmpnscfg.exe1
Faulting module path: wmpnscfg.exe2
Report Id: wmpnscfg.exe3

Error: (08/08/2012 03:21:21 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume (C:) was not defragmented because an error was encountered: Access is denied. (0x80070005)

Error: (08/08/2012 02:41:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd026
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211da1
Exception code: 0xc06d007f
Fault offset: 0x000000000000a88d
Faulting process id: 0x30dc
Faulting application start time: 0xwmpnscfg.exe0
Faulting application path: wmpnscfg.exe1
Faulting module path: wmpnscfg.exe2
Report Id: wmpnscfg.exe3

Error: (08/08/2012 02:41:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd026
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211da1
Exception code: 0xc06d007f
Fault offset: 0x000000000000a88d
Faulting process id: 0x1a00
Faulting application start time: 0xwmpnscfg.exe0
Faulting application path: wmpnscfg.exe1
Faulting module path: wmpnscfg.exe2
Report Id: wmpnscfg.exe3

Error: (08/08/2012 01:07:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16912, time stamp: 0x4eb4a5ea
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000374
Fault offset: 0x000ce903
Faulting process id: 0x1364
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/08/2012 00:46:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnscfg.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd026
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211da1
Exception code: 0xc06d007f
Fault offset: 0x000000000000a88d
Faulting process id: 0x2e48
Faulting application start time: 0xwmpnscfg.exe0
Faulting application path: wmpnscfg.exe1
Faulting module path: wmpnscfg.exe2
Report Id: wmpnscfg.exe3

Error: (08/08/2012 00:46:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28248521

Error: (08/08/2012 00:46:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28248521

Error: (08/08/2012 00:46:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/07/2012 11:15:48 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%31

Error: (08/07/2012 11:15:48 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%31

Error: (08/07/2012 11:14:34 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070057

Error: (08/07/2012 11:14:34 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070505

Error: (08/07/2012 11:14:34 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070057

Error: (08/07/2012 11:14:34 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070505

Error: (08/07/2012 11:14:33 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070505

Error: (08/07/2012 11:14:31 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with the following error:
%%5

Error: (08/07/2012 11:13:47 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (08/07/2012 11:13:43 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/08/2012 03:21:37 PM) (Source: Application Error)(User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.168504e211da1c06d007f000000000000a88d188801cd75b42c83775bC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dll6aff4103-e1a7-11e1-a15a-70f3952df519

Error: (08/08/2012 03:21:37 PM) (Source: Application Error)(User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.168504e211da1c06d007f000000000000a88de3401cd75b42c66e6d7C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dll6aff19f3-e1a7-11e1-a15a-70f3952df519

Error: (08/08/2012 03:21:21 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (C:)Access is denied. (0x80070005)

Error: (08/08/2012 02:41:47 PM) (Source: Application Error)(User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.168504e211da1c06d007f000000000000a88d30dc01cd75ae9bbd08e1C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllda0dd2b5-e1a1-11e1-a15a-70f3952df519

Error: (08/08/2012 02:41:47 PM) (Source: Application Error)(User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.168504e211da1c06d007f000000000000a88d1a0001cd75ae9b94917dC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllda0df9c5-e1a1-11e1-a15a-70f3952df519

Error: (08/08/2012 01:07:24 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.169124eb4a5eantdll.dll6.1.7600.169154ec49d10c0000374000ce903136401cd752e684978c1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllaa84de07-e194-11e1-a15a-70f3952df519

Error: (08/08/2012 00:46:45 PM) (Source: Application Error)(User: )
Description: wmpnscfg.exe12.0.7600.163854a5bd026KERNELBASE.dll6.1.7600.168504e211da1c06d007f000000000000a88d2e4801cd759e8a2cc78eC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\KERNELBASE.dllc88716e2-e191-11e1-a15a-70f3952df519

Error: (08/08/2012 00:46:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28248521

Error: (08/08/2012 00:46:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28248521

Error: (08/08/2012 00:46:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

µTorrent (Version: 3.1.2)
Acrobat.com (Version: 1.6.65)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Media Player (Version: 1.8)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Adobe Shockwave Player (Version: 11.5.1.601)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Airport Mania (Version: 2.2.0.82)
Akamai NetSession Interface
Ancient Hearts (Version: 2.2.0.82)
Android SDK Tools (Version: 1.14)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.790.0)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bing Bar (Version: 7.1.364.0)
Blasterball 3 (Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Bookworm Adventures (Version: 2.2.0.82)
Bounce Symphony (Version: 2.2.0.82)
Broadcom 2070 Bluetooth 2.1 + EDR (Version: 6.2.1.1100)
Build-a-lot (Version: 2.2.0.87)
Build-a-lot 2 (Version: 2.2.0.82)
BumpTop (Version: 2.0.5532)
Canon MF4320-4350
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0909.1412.23625)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0909.1412.23625)
Catalyst Control Center InstallProxy (Version: 2010.0122.858.16002)
Catalyst Control Center InstallProxy (Version: 2010.0909.1412.23625)
Catalyst Control Center Localization All (Version: 2010.0909.1412.23625)
ccc-core-static (Version: 2010.0909.1412.23625)
ccc-utility64 (Version: 2010.0909.1412.23625)
CCC Help Chinese Standard (Version: 2010.0909.1411.23625)
CCC Help Chinese Traditional (Version: 2010.0909.1411.23625)
CCC Help Czech (Version: 2010.0909.1411.23625)
CCC Help Danish (Version: 2010.0909.1411.23625)
CCC Help Dutch (Version: 2010.0909.1411.23625)
CCC Help English (Version: 2010.0909.1411.23625)
CCC Help Finnish (Version: 2010.0909.1411.23625)
CCC Help French (Version: 2010.0909.1411.23625)
CCC Help German (Version: 2010.0909.1411.23625)
CCC Help Greek (Version: 2010.0909.1411.23625)
CCC Help Hungarian (Version: 2010.0909.1411.23625)
CCC Help Italian (Version: 2010.0909.1411.23625)
CCC Help Japanese (Version: 2010.0909.1411.23625)
CCC Help Korean (Version: 2010.0909.1411.23625)
CCC Help Norwegian (Version: 2010.0909.1411.23625)
CCC Help Polish (Version: 2010.0909.1411.23625)
CCC Help Portuguese (Version: 2010.0909.1411.23625)
CCC Help Russian (Version: 2010.0909.1411.23625)
CCC Help Spanish (Version: 2010.0909.1411.23625)
CCC Help Swedish (Version: 2010.0909.1411.23625)
CCC Help Thai (Version: 2010.0909.1411.23625)
CCC Help Turkish (Version: 2010.0909.1411.23625)
CCleaner (Version: 3.21)
CEP (Color Enable Package) v.9.2 (beta) (Version: 9.2 (beta))
Chuzzle Deluxe (Version: 2.2.0.82)
CinemaNow Media Manager (Version: 1.9.1.102)
Corel Paint it! touch - IPM (Version: 1.1)
Coupon Printer for Windows (Version: 5.0.0.1)
CyberLink DVD Suite (Version: 7.0.2527)
Definition update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DigiFish Dolphin (Version: 1.10.000)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DivX Setup (Version: 2.6.1.5)
Dora's Carnival Adventure (Version: 2.2.0.82)
Dora's World Adventure (Version: 2.2.0.82)
DVD Menu Pack for HP TouchSmart Video (Version: 3.2.3715)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.82)
For The Morning Sun
Google Chrome (Version: 21.0.1180.60)
HP 3D DriveGuard (Version: 4.0.3.1)
HP Advisor (Version: 3.4.10144.3282)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Game Console
HP Games (Version: 1.0.0.80)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP MediaSmart DVD (Version: 4.0.3727)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.2.0)
HP Photo Creations (Version: 1.0.0.2261)
HP Quick Launch (Version: 1.0.18)
HP QuickWeb Installer (Version: 1.2.9.1)
HP Setup (Version: 1.2.3988.3281)
HP SimplePass Identity Protection (Version: 5.20.233)
HP Software Framework (Version: 3.5.16.1)
HP Support Assistant (Version: 4.3.1.2)
HP Tone Control (Version: 2.0.2)
HP TouchSmart (Version: 3.0.35.0)
HP TouchSmart Browser (Version: 3.0.0008)
HP TouchSmart Calendar (Version: 3.1.3574.19334)
HP TouchSmart Canvas (Version: 1.1.3657.30905)
HP TouchSmart Clock (Version: 3.0.3572.25998)
HP TouchSmart Internet TV (Version: 3.2.2513)
HP TouchSmart Music (Version: 3.2.3722)
HP TouchSmart Notes (Version: 3.2.3635.21983)
HP TouchSmart Paint it! by Corel - Content (Version: 1.0)
HP TouchSmart Paint it! by Corel - Core (Version: 1.0)
HP TouchSmart Paint it! by Corel - ICA (Version: 1.0)
HP TouchSmart Paint it! by Corel - Langauge (Version: 1.0)
HP TouchSmart Paint it! by Corel (Version: 1.5.0.96)
HP TouchSmart Photo (Version: 3.2.3722)
HP TouchSmart RSS (Version: 3.0.0006)
HP TouchSmart Tutorials (Version: 3.1.0.1)
HP TouchSmart Twitter (Version: 2.0.3649.35150)
HP TouchSmart Video (Version: 3.2.3722)
HP TouchSmart Weather (Version: 3.0.0.1)
HP TouchSmart Webcam (Version: 3.2.2511)
HP Update (Version: 5.003.001.001)
HP User Guides 0176 (Version: 1.01.0000)
HP Wireless Assistant (Version: 4.0.3.2)
HPAsset component for HP Active Support Library (Version: 3.0.0.7)
Hulu Desktop (Version: 0.9.11)
IDT Audio (Version: 1.0.6265.0)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 3 (64-bit) (Version: 7.0.30)
Java™ SE Development Kit 7 Update 3 (64-bit) (Version: 1.7.0.30)
Jewel Quest 3 (Version: 2.2.0.82)
Jewel Quest Solitaire 2 (Version: 2.2.0.82)
JoJo's Fashion Show (Version: 2.2.0.82)
Junk Mail filter update (Version: 14.0.8089.726)
LabelPrint (Version: 2.5.2515)
Life Quest&reg;
Lucky Rabbit Reflex! Demo Version 1.13 (Version: 1.13)
Lunascape6 (All Users) (Version: 6.7.1.25446)
Mah Jong Medley (Version: 2.2.0.82)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Touch Pack for Windows 7 (Version: 1.0.40517.00)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Movie Theme Pack for HP TouchSmart Video (Version: 3.2.3715)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
ooVoo (Version: 3.0.7040)
Opera 11.61 (Version: 11.61.1250)
PDF Settings CS5 (Version: 10.0)
Penguins! (Version: 2.2.0.82)
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
Power2Go (Version: 6.1.3715)
PowerDirector (Version: 8.0.2514)
PX Profile Update (Version: 1.00.1.)
PxMergeModule (Version: 1.00.0000)
RE: Alistair++ 1 (Version: 1)
Real Lives 2004 (Version: 2005.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.5)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Manager (Version: 5.5.2512)
Roxio CinemaNow 2.0 (Version: 1.0.254)
Security Task Manager 1.8d (Version: 1.8d)
Sims2Pack Clean Installer
Skip-Bo - Castaway Caper (Version: 2.2.0.82)
Skype Click to Call (Version: 5.8.8855)
Skype™ 5.5 (Version: 5.5.124)
Slingo Deluxe (Version: 2.2.0.82)
Spirited Heart Demo
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.6.64)
TextTwist 2 (Version: 2.2.0.82)
The Sims 2
Tradewinds Legends (Version: 2.2.0.82)
Update for Microsoft Excel 2010 (KB2553439) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 64-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Validity Sensors DDK (Version: 4.1.129.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Virtual Earth 3D (Beta) (Version: 4.0.903.16005)
Virtual U (Version: 2.1)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Westward 3 (remove only)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
Yrefresher 1.00
Zuma's Revenge (Version: 2.2.0.82)

========================= Devices: ================================

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Validity Sensor
Description: Validity Sensor (VFS301)
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: Validity Sensors, Inc.
Service: WinUSB
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 16317.86 MB
Available physical RAM: 12080.94 MB
Total Pagefile: 32633.86 MB
Available Pagefile: 24365.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.14 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:274.4 GB) (Free:107.94 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:23.4 GB) (Free:3.42 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\ANNIS-PC

Administrator Annis Annis Backup
Guest


**** End of log ****


--------------------------------------------------------------------------------

+ MalwareBytes Log (I have tried to remove the malware found by rebooting but I keep getting an error and when I run another scan, it's still there)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Annis :: ANNIS-PC [administrator]

8/8/2012 8:04:32 PM
mbam-log-2012-08-08 (20-04-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220565
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\windows\syshost.exe (Trojan.Downloader) -> Delete on reboot.
c:\users\annis\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\users\guest\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.

(end)

---------------------------------------------------------------------------------------------

+ aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 21:22:56
-----------------------------
21:22:56.691 OS Version: Windows x64 6.1.7600
21:22:56.691 Number of processors: 8 586 0x1E05
21:22:56.691 ComputerName: ANNIS-PC UserName: Annis
21:22:56.722 Initialze error C0000001 - driver not loaded
21:24:14.034 AVAST engine defs: 12080801
00:44:29.822 Service scanning
00:44:30.477 Modules scanning
00:44:30.477 Disk 0 trace - called modules:
00:44:30.477
00:44:30.508 AVAST engine scan C:\Windows
00:44:30.555 AVAST engine scan C:\Windows\system32
00:44:30.633 AVAST engine scan C:\Windows\system32\drivers
00:44:30.664 AVAST engine scan C:\Users\Annis
00:44:30.664 AVAST engine scan C:\ProgramData
00:44:30.680 Scan finished successfully
00:44:51.007 The log file has been saved successfully to "C:\Users\Annis\Desktop\aswMBR.txt"

Edited by ishme4nowz, 09 August 2012 - 03:15 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:23 AM

Posted 09 August 2012 - 10:11 AM

According to FSS log we have number of system files infected.
That will call for advanced help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 11 August 2012 - 11:44 PM

Thank you! I've just posted a new post according to your directions.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:23 AM

Posted 12 August 2012 - 03:08 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic464858.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users