Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random browser opening for adverts, random name .exe's in Task Manager


  • This topic is locked This topic is locked
11 replies to this topic

#1 Riddickis1337

Riddickis1337

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 03 September 2012 - 06:34 PM

EDIT: I use Windows 7 Ultimate 64bit

So, starting about 2 hours ago I had random web pages opening in my browser, full and entirely new windows. All linking to commercial services. It all seemed to start when I updated GameRanger to the latest version.

I also found a randomly named .exe file in my Task Manager which I found to be residing in my /Temp folder, I used Spybot Search and Destroy's file removal utility to forcefully delete it, the malware was badly written as I had a VB.Net error when it initially started giving me the popups.

The only name I could fine was TROJ_GEN.RC1H1I3 which was reported by VirusTotal after I uploaded the randomly named exe file.

I have done a Flash Scan on MBAM and that found a load of .0access malware files, which I did a restart to remove. They seem to be continuously returning however so I now have a full scan running on both my hardrives through MBAM. 2 infected objects so far.

I have also run TDSSKiller with the TDLFS system option enabled, it scanned about 500 files and found 0 issues.

Finally, I currently have a GMER scan running, which has found nothing malicious thus far.

Edited by Riddickis1337, 03 September 2012 - 06:38 PM.


BC AdBot (Login to Remove)

 


#2 Riddickis1337

Riddickis1337
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 03 September 2012 - 07:41 PM

Also, I just realised I forgot to mention that MBAM also found a file called cdati.dll - here is a RunDLL error I get whenever my PC now starts:
Posted Image

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 AM

Posted 03 September 2012 - 08:09 PM

Welcome,Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.


Please run tgese also...
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Riddickis1337

Riddickis1337
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 04 September 2012 - 06:53 AM

So, while using the Autoruns tool, I came across another entry, set to run a program called 'duega.exe' Inside my AppData/Roaming then /tufyy.
Here is a VirusTotal scan

I also found an entry to use RunDll.exe to launch a file called 'mprmp.dll' Simply inside my /AppData/Roaming folder.
Here is a VirusTotal scan

I also found an entry to run a file called 'x5pv.exe', again inside my /AppData/Roaming folder. I could not use VirusTotal to scan it, as the file is about 200MB big - it furthermore is launched by a batch file called uomp.bat - it claims to provide USB functionality for PC Mice in it's description.
EDIT 2: I have deleted both the .bat and the .exe files, they were nothing I installed and were obviously not anything productive nor installed automatically as the file descriptions were polish.

EDIT: I am going to run the tools you suggested, and post the results next:

Edited by Riddickis1337, 04 September 2012 - 07:18 AM.


#5 Riddickis1337

Riddickis1337
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 04 September 2012 - 07:15 AM

Here is the output from MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by dale (administrator) on 04-09-2012 at 12:56:37
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.ftp", "193.200.158.136"
"network.proxy.ftp_port", 808
"network.proxy.http", "193.200.158.136"
"network.proxy.http_port", 808
"network.proxy.socks", "193.200.158.136"
"network.proxy.socks_port", 1080
"network.proxy.ssl", "193.200.158.136"
"network.proxy.ssl_port", 808
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection 2 (Connected)
Hamachi Network Interface = Hamachi (Connected)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dale-QC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-A2-35-CD-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : BC-AE-C5-54-C7-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cdbc:1a3f:e42b:3bbd%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.74(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 04 September 2012 12:21:05
Lease Expires . . . . . . . . . . : 05 September 2012 12:21:06
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 297578181
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-18-8F-FE-00-1E-90-92-86-40
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-56-3F-2F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::556:3f2f(Preferred)
Link-local IPv6 Address . . . . . : fe80::f9cf:6ecd:afe2:8512%23(Preferred)
IPv4 Address. . . . . . . . . . . : 5.86.63.47(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 04 September 2012 12:21:05
Lease Expires . . . . . . . . . . : 04 September 2013 12:23:13
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 511342911
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-18-8F-FE-00-1E-90-92-86-40
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A235CDB4-5C64-4B66-8E7B-B706021BF905}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:805::1003
173.194.34.160
173.194.34.164
173.194.34.163
173.194.34.167
173.194.34.162
173.194.34.165
173.194.34.166
173.194.34.174
173.194.34.168
173.194.34.169
173.194.34.161


Pinging google.com [173.194.34.163] with 32 bytes of data:
Reply from 173.194.34.163: bytes=32 time=13ms TTL=52
Reply from 173.194.34.163: bytes=32 time=12ms TTL=52

Ping statistics for 173.194.34.163:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Request timed out.
Reply from 72.30.38.140: bytes=32 time=674ms TTL=44

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 674ms, Maximum = 674ms, Average = 674ms
Server: BThomehub.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...00 ff a2 35 cd b4 ......TAP-Win32 Adapter V9 (Tunngle)
12...bc ae c5 54 c7 dd ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
23...7a 79 05 56 3f 2f ......Hamachi Network Interface
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.86.63.47 9256
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.74 20
5.0.0.0 255.0.0.0 On-link 5.86.63.47 9256
5.86.63.47 255.255.255.255 On-link 5.86.63.47 9256
5.255.255.255 255.255.255.255 On-link 5.86.63.47 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.74 276
192.168.1.74 255.255.255.255 On-link 192.168.1.74 276
192.168.1.255 255.255.255.255 On-link 192.168.1.74 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.74 276
224.0.0.0 240.0.0.0 On-link 5.86.63.47 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.74 276
255.255.255.255 255.255.255.255 On-link 5.86.63.47 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
23 276 2620:9b::/96 On-link
23 276 2620:9b::556:3f2f/128 On-link
12 276 fe80::/64 On-link
23 276 fe80::/64 On-link
12 276 fe80::cdbc:1a3f:e42b:3bbd/128
On-link
23 276 fe80::f9cf:6ecd:afe2:8512/128
On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
23 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/04/2012 00:37:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.17859, time stamp: 0x4fd2dfec
Exception code: 0xc0000005
Fault offset: 0x000000000009a719
Faulting process id: 0x8ac
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/04/2012 00:37:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0288000a
Faulting process id: 0xe2c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/04/2012 00:36:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x024b000a
Faulting process id: 0x1208
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/04/2012 00:29:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02a1000a
Faulting process id: 0xbc0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/04/2012 00:29:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0201000a
Faulting process id: 0x1324
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/04/2012 00:29:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0480000a
Faulting process id: 0x1198
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/04/2012 00:27:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01e7000a
Faulting process id: 0x1070
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/04/2012 01:35:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x010bae60
Faulting process id: 0x754
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/04/2012 01:34:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x010bae60
Faulting process id: 0x16d8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/04/2012 01:33:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x00e0ae60
Faulting process id: 0x14c4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (09/04/2012 00:37:31 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/04/2012 00:37:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/04/2012 00:27:38 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/04/2012 00:27:38 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/04/2012 00:21:43 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.1 service failed to start due to the following error:
%%2

Error: (09/04/2012 00:21:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the x5pv service to connect.

Error: (09/04/2012 00:21:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/04/2012 00:21:11 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (09/04/2012 00:21:11 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (09/04/2012 00:21:11 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (09/04/2012 00:37:17 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.178594fd2dfecc0000005000000000009a7198ac01cd8a9036dc80a5C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dlle10be498-f684-11e1-903c-bcaec554c7dd

Error: (09/04/2012 00:37:00 PM) (Source: Application Error)(User: )
Description: firefox.exe14.0.1.45775000b729unknown0.0.0.000000000c00000050288000ae2c01cd8a9198410ea2C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownd68b23f9-f684-11e1-903c-bcaec554c7dd

Error: (09/04/2012 00:36:55 PM) (Source: Application Error)(User: )
Description: firefox.exe14.0.1.45775000b729unknown0.0.0.000000000c0000005024b000a120801cd8a9193280d06C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownd3ef87c2-f684-11e1-903c-bcaec554c7dd

Error: (09/04/2012 00:29:24 PM) (Source: Application Error)(User: )
Description: firefox.exe14.0.1.45775000b729unknown0.0.0.000000000c000000502a1000abc001cd8a9087ffc5b9C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownc68b78e7-f683-11e1-903c-bcaec554c7dd

Error: (09/04/2012 00:29:18 PM) (Source: Application Error)(User: )
Description: firefox.exe14.0.1.45775000b729unknown0.0.0.000000000c00000050201000a132401cd8a90853b4429C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownc3794b64-f683-11e1-903c-bcaec554c7dd

Error: (09/04/2012 00:29:13 PM) (Source: Application Error)(User: )
Description: firefox.exe14.0.1.45775000b729unknown0.0.0.000000000c00000050480000a119801cd8a9080d9392bC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownc06d8699-f683-11e1-903c-bcaec554c7dd

Error: (09/04/2012 00:27:52 PM) (Source: Application Error)(User: )
Description: firefox.exe14.0.1.45775000b729unknown0.0.0.000000000c000000501e7000a107001cd8a904b94bb50C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown8fcf97cc-f683-11e1-903c-bcaec554c7dd

Error: (09/04/2012 01:35:00 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc10080000032.@_unloaded0.0.0.04fe23011c0000005010bae6075401cd8a351e133379C:\Windows\SysWOW64\svchost.exe80000032.@5bc8ced4-f628-11e1-93b8-bcaec554c7dd

Error: (09/04/2012 01:34:00 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc10080000032.@_unloaded0.0.0.04fe23011c0000005010bae6016d801cd8a34fa29413aC:\Windows\SysWOW64\svchost.exe80000032.@37d8c1fe-f628-11e1-93b8-bcaec554c7dd

Error: (09/04/2012 01:33:00 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc10080000032.@_unloaded0.0.0.04fe23011c000000500e0ae6014c401cd8a34d64171e3C:\Windows\SysWOW64\svchost.exe80000032.@13f167d9-f628-11e1-93b8-bcaec554c7dd


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe After Effects CS5.5 (Version: 10.5)
Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.4.980)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Dreamweaver CS5.5 (Version: 11.5)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe Encore CS4 (Version: 4)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 10 Plugin (Version: 10.3.183.20)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Fonts All (Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Dolby (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe OnLocation CS4 (Version: 4)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Premiere Pro CS4 (Version: 4)
Adobe Premiere Pro CS4 Functional Content (Version: 4)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Adobe SING CS4 (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Story (Version: 1.0.571)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe Widget Browser (Version: 2.0.230)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
Age of Empires III (Version: 1.00.0000)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0611.1251.21046)
AMD Media Foundation Decoders (Version: 1.0.70611.1329)
AMD Steady Video Plug-In (Version: 2.04.0000)
AMD VISION Engine Control Center (Version: 2012.0611.1251.21046)
APB Reloaded (Version: 1.4.1.587574)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.4331.36041)
ARMA 2
ARMA 2: Operation Arrowhead
ASUSUpdate (Version: 7.18.03)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.14)
Atheros Ethernet Utility (Version: 1.1.0.7)
Audacity 1.3.13 (Unicode)
BatchTextReplacer2 (remove only)
BattlEye for OA Uninstall
BattlEye Uninstall
BitTorrent (Version: 7.2.1)
Bonjour (Version: 3.0.0.10)
BrickForce 1.4.40 (Version: 1.4.40)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Call of Duty® 4 - Modern Warfare™ (Version: 1.7)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (Version: 1.6)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7)
Camtasia Studio 7 (Version: 7.1.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0611.1251.21046)
Catalyst Control Center InstallProxy (Version: 2012.0611.1251.21046)
Catalyst Control Center Localization All (Version: 2012.0611.1251.21046)
ccc-utility64 (Version: 2012.0611.1251.21046)
CCC Help Chinese Standard (Version: 2012.0611.1250.21046)
CCC Help Chinese Traditional (Version: 2012.0611.1250.21046)
CCC Help Czech (Version: 2012.0611.1250.21046)
CCC Help Danish (Version: 2012.0611.1250.21046)
CCC Help Dutch (Version: 2012.0611.1250.21046)
CCC Help English (Version: 2012.0611.1250.21046)
CCC Help Finnish (Version: 2012.0611.1250.21046)
CCC Help French (Version: 2012.0611.1250.21046)
CCC Help German (Version: 2012.0611.1250.21046)
CCC Help Greek (Version: 2012.0611.1250.21046)
CCC Help Hungarian (Version: 2012.0611.1250.21046)
CCC Help Italian (Version: 2012.0611.1250.21046)
CCC Help Japanese (Version: 2012.0611.1250.21046)
CCC Help Korean (Version: 2012.0611.1250.21046)
CCC Help Norwegian (Version: 2012.0611.1250.21046)
CCC Help Polish (Version: 2012.0611.1250.21046)
CCC Help Portuguese (Version: 2012.0611.1250.21046)
CCC Help Russian (Version: 2012.0611.1250.21046)
CCC Help Spanish (Version: 2012.0611.1250.21046)
CCC Help Swedish (Version: 2012.0611.1250.21046)
CCC Help Thai (Version: 2012.0611.1250.21046)
CCC Help Turkish (Version: 2012.0611.1250.21046)
Command & Conquer™ Red Alert™ 3 (Version: 1.0.1.0)
Connect (Version: 1.0.0.1)
Convert AVI to MP4
Counter-Strike: Global Offensive Beta
Coupon Printer for Windows (Version: 5.0.0.0)
CPUID CPU-Z 1.59
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.41.3.0173)
DAP Plug-in for 64 Bit IE (Version: 9706.0.31)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Device Doctor v2.1 (Version: 2.1)
Dropbox (Version: 1.4.9)
End of Nations Beta (Version: 1.0.0.0)
EPU-4 Engine (Version: 1.02.01)
ESET Online Scanner v3
FileZilla Client 3.5.3 (Version: 3.5.3)
Firebird 2.5.0.26074 (x64) (Version: 2.5.0.26074)
Fraps (remove only)
Free Screen Recorder v2.9 (Version: 2.9)
GameRanger
GamersFirst LIVE!
Global Agenda
Google Talk Plugin (Version: 3.5.1.8982)
GTA San Andreas (Version: 1.00.00001)
Half-Life 2: Deathmatch
Hitman: Blood Money
Hitman: Sniper Challenge
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Photo Creations (Version: 1.0.0.7702)
HP Update (Version: 5.002.006.003)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
ijji - Gunz
Installer (Version: 1.0.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 33 (64-bit) (Version: 6.0.330)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Kayako WinApp
Killing Floor
kuler (Version: 2.0)
L.A. Noire (Version: 1.00.0000)
League of Legends (Version: 1.3)
Logitech G35 (Version: 1.1.178)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LogMeIn Hamachi (Version: 2.1.0.215)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mani Admin Plugin Clients.txt Creator V.2.1
ManyCam 3.0.80 (remove only) (Version: 3.0.80)
Media Go (Version: 2.0.317)
Men of War: Assault Squad (Remove Only) (Version: 2.05.12)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Lync 2010 (Version: 4.0.7577.4103)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0)
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual Basic 2008 Express Edition - ENU (Version: 9.0.21022)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
mIRC (Version: 7.22)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mozilla Thunderbird (5.0) (Version: 5.0 (en-GB))
MP3 Skype Recorder (Version: 2.1.1)
MSI to redistribute MS VS2005 CRT libraries (Version: 8.0.50727.42)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
MTA:SA v1.3 (Version: v1.3)
Mumble 1.2.3 (Version: 1.2.3)
Notepad++ (Version: 5.9.2)
NVIDIA PhysX (Version: 9.10.0129)
NVIDIA PhysX (Version: 9.10.0513)
ooVoo (Version: 3.0.7008)
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.6.0.8)
PDF Settings CS4 (Version: 9.0)
PFPortChecker 1.0.39 (Version: 1.0.39)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
phpDesigner 8 version 8.0.0
Pixel Bender Toolkit (Version: 1.0)
Platform (Version: 1.34)
PlayStation®Network Downloader (Version: 2.07.00849)
PlayStation®Store (Version: 4.5.15.13232)
PunkBuster Services (Version: 0.993)
puush (Version: 1.0.0.0)
QuickTime (Version: 7.72.80.56)
REACTOR (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6343)
Rise of Nations (Version: 1.0)
Rockstar Games Social Club (Version: 1.0.0.0)
S.W.A.T. 4
Saitek Cyborg Keyboard Volume 6.2.1.3 (Version: 6.2.1.3)
Saitek SD6 Programming Software 6.2.1.3 (Version: 6.2.1.3)
SAM Broadcaster v4 (Version: v4)
Samsung Kies (Version: 2.1.0.11112_41)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
SIW version 2010.07.14 (Version: 2010.07.14)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.8 (Version: 5.8.158)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
Sw4t Colorizer
SWAT 4 - The Stetchkov Syndicate (Version: 1.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 4.5.1.0)
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.8.1)
TeamViewer 6 (Version: 6.0.11117)
TeamViewer 7 (Version: 7.0.12313)
The Secret World (Version: 1.0.0)
Tom Clancy's Splinter Cell Conviction (Version: 1.04.000)
TortoiseSVN 1.7.1.22161 (64 bit) (Version: 1.7.22161)
Tunngle beta
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Universal AntiCheat 3 v1.060
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update 1.96.6.0 for "Men of War: Assault Squad" (Version: 1.96.6.0)
Update 2.0.11.0 for "Men of War: Assault Squad" (Version: 2.0.11.0)
Update 2.05.12 for "Men of War: Assault Squad" (Version: 2.05.12)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC Runtimes MSI (Version: 9.0.21022)
Vegas Pro 10.0 (Version: 10.0.469)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VIA Platform Device Manager (Version: 1.34)
Virtual Audio Cable 4.10
VLC media player 1.1.11 (Version: 1.1.11)
VNC Free Edition 4.1.3 (Version: 4.1.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinMerge 2.12.4 (Version: 2.12.4)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Xfire (remove only)
Zero-K (Version: 2.61.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 8190.18 MB
Available physical RAM: 6254.66 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 14271.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.82 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:86.77 GB) NTFS
9 Drive z: (1TB Storage) (Fixed) (Total:931.51 GB) (Free:775.83 GB) NTFS

========================= Users: ========================================

User accounts for \\DALE-QC

Administrator Beckki4Dale dale
Guest Mcx1-DALE-QC


**** End of log ****



#6 Riddickis1337

Riddickis1337
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 04 September 2012 - 07:28 AM

Here is the output of aswMBR.exe:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 13:01:27
-----------------------------
13:01:27.284 OS Version: Windows x64 6.1.7601 Service Pack 1
13:01:27.284 Number of processors: 4 586 0x503
13:01:27.285 ComputerName: DALE-QC UserName: dale
13:01:28.648 Initialize success
13:02:55.918 AVAST engine defs: 12090400
13:03:41.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:03:41.899 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAF Size: 238475MB BusType: 3
13:03:41.905 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
13:03:41.910 Disk 1 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
13:03:41.920 Disk 0 MBR read successfully
13:03:41.924 Disk 0 MBR scan
13:03:41.929 Disk 0 Windows 7 default MBR code
13:03:41.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:03:41.949 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
13:03:41.978 Disk 0 scanning C:\Windows\system32\drivers
13:03:55.315 Service scanning
13:04:27.901 Modules scanning
13:04:27.909 Disk 0 trace - called modules:
13:04:28.272 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:04:28.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a8e790]
13:04:28.300 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800790b9b0]
13:04:28.314 5 ACPI.sys[fffff88000ea67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079cc060]
13:04:29.725 AVAST engine scan C:\Windows
13:04:33.045 AVAST engine scan C:\Windows\system32
13:06:44.056 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:06:47.252 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:08:22.501 AVAST engine scan C:\Windows\system32\drivers
13:08:36.658 AVAST engine scan C:\Users\dale
13:23:48.240 AVAST engine scan C:\ProgramData
13:26:25.327 Scan finished successfully
13:26:35.533 Disk 0 MBR has been saved successfully to "C:\Users\dale\Desktop\MBR.dat"
13:26:35.537 The log file has been saved successfully to "C:\Users\dale\Desktop\aswMBR.txt"


I spotted that Win32:Sirefef-PL has infected a couple files.

#7 Riddickis1337

Riddickis1337
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 04 September 2012 - 07:38 AM

and furthermore, finally the results of MBAM:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dale :: DALE-QC [administrator]

Protection: Enabled

04/09/2012 13:31:12
mbam-log-2012-09-04 (13-31-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278007
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\dale\AppData\Roaming\Tufyy\duega.exe (Spyware.Zbot.DGen) -> Quarantined and deleted successfully.

(end)



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 AM

Posted 04 September 2012 - 10:01 AM

Hello,yes those found in autoruns are infections..

Let me say this first...
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

To clean..Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Riddickis1337

Riddickis1337
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 04 September 2012 - 10:20 AM

I have got LOADS of stuff on my PC, and I really don't have the time nor resources to back it all up right now. I am therefore going to go ahead with steps 6-9 and hope for the best with the outcome.

Thankyou for your assistance boopme.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 AM

Posted 04 September 2012 - 10:58 AM

Yes that is what you need to do.. Post in the other forum axplained in the Prep Guide.. call it too many infections.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Riddickis1337

Riddickis1337
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Worcestershire
  • Local time:05:15 AM

Posted 04 September 2012 - 11:10 AM

This topic can be locked/archived or whatever now, new topic has been posted HERE.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:15 AM

Posted 04 September 2012 - 11:48 AM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users