Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unrequested system restores


  • Please log in to reply
4 replies to this topic

#1 Ziza

Ziza

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 12 September 2012 - 10:25 PM

A few times over the last month or two, I've returned to my computer to find a message saying 'system successfully restored to [date]' when I have not initiated the restore.

It last happened a couple hours ago. The Event Viewer says:

The process C:\Windows\system32\svchost.exe ([name]) has initiated the restart of computer [name] on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)
Reason Code: 0x80020002
Shutdown Type: restart
Comment:

Not sure if it's related, but not long before that, updates were installed and the machine automatically restarted.

The log is attached.

Thanks

Attached Files


Edited by hamluis, 13 September 2012 - 07:50 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:59 AM

Posted 12 September 2012 - 11:36 PM

Hello -
Download Both Malwarebytes Anti-Malware Free and SuperantiSpyware Free Update both programs and run a Quick Scan only -

You could list the Make and Model of computer and post a snapshot with Speccy as this may give us a bit more to look at -
Publish a Snapshot using Speccy <<Follow These Directions

Next Please download MiniToolBox, Save it to your desktop and run it.

Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
List Restore Points


Click Go and post the result (Result.txt). Please copy / paste the result.txt exactly as it appears -
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

Thank You -




#3 Ziza

Ziza
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 13 September 2012 - 01:57 AM

Speccy: http://speccy.piriform.com/results/4oKDYjs4n8nKsnGJqNq32d4

SAS found:
Browser Hijacker.Deskbar
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
and removed them successfully (ie it didn't find them when I rescanned).

MBAM found 3 alleged trojans but was unable to remove them (tried 3 times, incl restarts):
C:\ProgramData\GBox\GBox1.exe (Trojan.Dropper) -> Delete on reboot.
C:\ProgramData\OptimizerPro1\OptimizerPro11.exe (Trojan.Dropper) -> Delete on reboot.
C:\ProgramData\WxDFast\WxDFast1.exe (Trojan.Dropper) -> Delete on reboot.

I used File Assassin to remove GBox1.exe (still can't delete the folder as it says it's in use), but it wouldn't delete the other two.

Should I go ahead with the other steps or wait till we get rid of these?

Edited by Ziza, 13 September 2012 - 01:57 AM.


#4 Ziza

Ziza
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 13 September 2012 - 11:14 AM

Deleted them in Safe Mode, so MBAM and SAS are now showing clean.

MiniToolBox by Farbar Version: 23-07-2012
Ran by d2 (administrator) on 13-09-2012 at 23:06:33
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 www.adobeereg.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 wip.adobe.com
127.0.0.1 wip1.aobe.com
127.0.0.1 wip2.adobe.com
127.0.0.1 wip3.adobe.com

There are 23 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 130 = Wireless Network Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="ethernet_35" address=192.168.56.1 mask=255.255.255.0
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : KT-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 130
Physical Address. . . . . . . . . : DC-A9-71-AC-D3-E3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1db2:a0e7:d595:73d0%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 13, 2012 10:42:01 PM
Lease Expires . . . . . . . . . . : Thursday, September 13, 2012 11:42:00 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 383560049
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-08-4A-0F-E8-03-9A-02-06-A5
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E8-03-9A-02-06-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-E0-53
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6862:96f0:b48b:ac7b%23(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 570949671
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-08-4A-0F-E8-03-9A-02-06-A5
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{06C3E7BE-6276-4996-AC7C-F6E5595517D9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DD53EDEC-7374-4390-A26B-987444791217}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3221DC18-6D8E-4DD9-950C-16345FF1B959}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: mygateway1.ar7
Address: 192.168.1.1

Name: google.com
Address: 74.125.135.113


Pinging google.com [74.125.135.113] with 32 bytes of data:
Reply from 74.125.135.113: bytes=32 time=76ms TTL=47
Reply from 74.125.135.113: bytes=32 time=76ms TTL=47

Ping statistics for 74.125.135.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 76ms, Maximum = 76ms, Average = 76ms
Server: mygateway1.ar7
Address: 192.168.1.1

Name: yahoo.com
Address: 98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=1011ms TTL=42
Reply from 98.139.183.24: bytes=32 time=943ms TTL=43

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 943ms, Maximum = 1011ms, Average = 977ms
Server: mygateway1.ar7
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average = 3ms
===========================================================================
Interface List
15...dc a9 71 ac d3 e3 ......Intel® Centrino® Wireless-N 130
14...e8 03 9a 02 06 a5 ......Realtek PCIe GBE Family Controller
23...08 00 27 00 e0 53 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 281
192.168.1.6 255.255.255.255 On-link 192.168.1.6 281
192.168.1.255 255.255.255.255 On-link 192.168.1.6 281
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
23 276 fe80::/64 On-link
15 281 fe80::/64 On-link
15 281 fe80::1db2:a0e7:d595:73d0/128
On-link
23 276 fe80::6862:96f0:b48b:ac7b/128
On-link
1 306 ff00::/8 On-link
23 276 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2012 10:45:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 15.0.1.4631, time stamp: 0x5047f9c5
Faulting module name: sprote~1.dll, version: 0.0.0.0, time stamp: 0x50212e17
Exception code: 0xc0000005
Fault offset: 0x000658cf
Faulting process id: 0x107c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/13/2012 10:45:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 15.0.1.4631, time stamp: 0x5047f9c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ec7171
Faulting process id: 0x107c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/13/2012 10:09:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 15.0.1.4631, time stamp: 0x5047f9c5
Faulting module name: sprote~1.dll, version: 0.0.0.0, time stamp: 0x50212e17
Exception code: 0xc0000005
Fault offset: 0x000658cf
Faulting process id: 0xec0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/13/2012 10:09:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 15.0.1.4631, time stamp: 0x5047f9c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x21c2476d
Faulting process id: 0xec0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/13/2012 10:08:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.89, time stamp: 0x503ebf10
Faulting module name: sprote~1.dll, version: 0.0.0.0, time stamp: 0x50212e17
Exception code: 0xc0000005
Fault offset: 0x000658cf
Faulting process id: 0xe80
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (09/13/2012 10:08:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.89, time stamp: 0x503ebf10
Faulting module name: sprote~1.dll, version: 0.0.0.0, time stamp: 0x50212e17
Exception code: 0xc0000005
Fault offset: 0x000658cf
Faulting process id: 0x454
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (09/13/2012 10:08:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.89, time stamp: 0x503ebf10
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x28f17674
Faulting process id: 0x454
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (09/13/2012 10:08:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.89, time stamp: 0x503ebf10
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x28f17674
Faulting process id: 0xe80
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (09/13/2012 10:07:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2012 09:55:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/13/2012 10:41:48 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address 00-18-DE-A5-E8-E7. Network operations on this system may
be disrupted as a result.

Error: (09/13/2012 10:13:57 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (09/13/2012 09:58:39 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/13/2012 09:54:49 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/13/2012 09:54:49 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/13/2012 09:54:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 21

Error: (09/13/2012 09:54:41 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/13/2012 09:54:34 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/13/2012 09:54:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx
aswSP
aswTdi
discache
SASDIFSV
SASKUTIL
spldr
VBoxDrv
VBoxUSBMon
Wanarpv6

Error: (09/13/2012 01:39:27 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (09/13/2012 10:45:49 PM) (Source: Application Error)(User: )
Description: firefox.exe15.0.1.46315047f9c5sprote~1.dll0.0.0.050212e17c0000005000658cf107c01cd91c6d5e227bbC:\Program Files (x86)\Mozilla Firefox\firefox.exec:\progra~2\sprote~1\sprote~1.dll16ad3605-fdba-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:45:46 PM) (Source: Application Error)(User: )
Description: firefox.exe15.0.1.46315047f9c5unknown0.0.0.000000000c000000525ec7171107c01cd91c6d5e227bbC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown14b3a2ee-fdba-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:09:55 PM) (Source: Application Error)(User: )
Description: firefox.exe15.0.1.46315047f9c5sprote~1.dll0.0.0.050212e17c0000005000658cfec001cd91c1c776d24eC:\Program Files (x86)\Mozilla Firefox\firefox.exec:\progra~2\sprote~1\sprote~1.dll12c03bbf-fdb5-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:09:38 PM) (Source: Application Error)(User: )
Description: firefox.exe15.0.1.46315047f9c5unknown0.0.0.000000000c000000521c2476dec001cd91c1c776d24eC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown088370b1-fdb5-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:08:22 PM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.89503ebf10sprote~1.dll0.0.0.050212e17c0000005000658cfe8001cd91c194efdcbdC:\Users\d\AppData\Local\Google\Chrome\Application\chrome.exec:\progra~2\sprote~1\sprote~1.dlldb742442-fdb4-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:08:22 PM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.89503ebf10sprote~1.dll0.0.0.050212e17c0000005000658cf45401cd91c1937a24b2C:\Program Files (x86)\Google\Chrome\Application\chrome.exec:\progra~2\sprote~1\sprote~1.dlldb6f6181-fdb4-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:08:18 PM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.89503ebf10unknown0.0.0.000000000c000000528f1767445401cd91c1937a24b2C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknownd92f547f-fdb4-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:08:13 PM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.89503ebf10unknown0.0.0.000000000c000000528f17674e8001cd91c194efdcbdC:\Users\d\AppData\Local\Google\Chrome\Application\chrome.exeunknownd64645c9-fdb4-11e1-9745-e8039a0206a5

Error: (09/13/2012 10:07:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2012 09:55:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.4)
Adobe AIR (Version: 3.2.0.2070)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Client Installation Program (Version: 9.0)
Audacity 2.0
avast! Free Antivirus (Version: 7.0.1466.0)
Bonjour (Version: 3.0.0.10)
Camtasia Studio 8 (Version: 8.0.0.878)
CCleaner (Version: 3.17)
Cyberduck 4.2.1 (9350) (Version: 4.2.1 (9350))
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eReg (Version: 1.20.138.34)
FileASSASSIN (Version: 1.06)
Foxit Reader 5.1 (Version: 5.1.4.104)
Free Easy Burner V 5.1 (Version: 5.1.0.0)
Free YouTube Downloader 3.5.126
GadgetBox (Version: 1.0)
GBox Updater
Google Chrome (Version: 21.0.1180.89)
Google Update Helper (Version: 1.3.21.111)
HL-2130 (Version: 1.0.6.0)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2266)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 15.0.0.0059)
Intel® Rapid Storage Technology (Version: 10.1.5.1001)
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
iTunes (Version: 10.6.1.7)
KeyScrambler (Version: 2.9.1.0)
Logitech Flow Scroll 4.0 (Version: 4.00.33)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 267.54 (Version: 267.54)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update Components (Version: 1.0.21)
Opera 12.01 (Version: 12.01.1532)
Oracle VM VirtualBox 4.1.20 (Version: 4.1.20)
Orbit Downloader
Paint.NET v3.5.10 (Version: 3.60.0)
PDF Settings CS5 (Version: 10.0)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6378)
Recuva (Version: 1.42)
Revo Uninstaller 1.94 (Version: 1.94)
Scribus 1.4.1 (Version: 1.4.1)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.10 (Version: 5.10.116)
Smart Defrag 2 (Version: 2.5)
sprotector 1.62
SRWare Iron version SRWare Iron 21.0.1200.0 (Version: SRWare Iron 21.0.1200.0)
SugarSync Manager (Version: 1.9.71.94365)
SUPERAntiSpyware (Version: 5.5.1016)
TeamViewer 7 (Version: 7.0.12979)
TrueCrypt (Version: 7.1a)
UMPlayer 0.98 [P4] (Version: 0.98)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar (Version: 6.8.9.0)
VLC media player 2.0.2 (Version: 2.0.2)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8105.55 MB
Available physical RAM: 5958.36 MB
Total Pagefile: 16209.29 MB
Available Pagefile: 13633.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.64 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:97.65 GB) (Free:33.61 GB) NTFS
2 Drive d: () (Fixed) (Total:415.95 GB) (Free:149.57 GB) NTFS
3 Drive e: () (Fixed) (Total:417.9 GB) (Free:52.95 GB) NTFS

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

08-09-2012 03:53:33 Revo Uninstaller's restore point - Google Drive
08-09-2012 03:54:02 Removed Google Drive
08-09-2012 03:55:49 Revo Uninstaller's restore point - Google Drive
11-09-2012 06:24:38 Windows Update
13-09-2012 01:29:14 Windows Update
13-09-2012 05:22:20 Revo Uninstaller's restore point - OptimizerPro1 Updater
13-09-2012 05:58:58 Revo Uninstaller's restore point - Active Desktop Calendar 7.96
13-09-2012 13:42:35 Revo Uninstaller's restore point - FreeRIP 3.80

**** End of log ****

#5 Ziza

Ziza
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 13 September 2012 - 11:20 AM

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



Note: since the unplanned restore, Chrome and FF haven't worked, even if I uninstall them and download the latest version. Iron and Opera do work. I never use IE, which is why it's out of date.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users