Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • Please log in to reply
12 replies to this topic

#1 AbadiX

AbadiX

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 20 September 2012 - 10:38 AM

Hello everyone,

3 or 4 days ago I downloaded a file (A Setup File) and my antivirus notified me that the file was infected with a Downloader Trojan I believe. Then it deleted the file automatically. I then redownloaded the file and paused my antivirus and run the program. An error happen while installing the program so I had to stop the process and it didn't complete the process. Now, I'm wondering.. Is my laptop infected with that Trojan? What should I do to make sure? I appreciate your time reading my post and I would highly appreciate helping me!

Thank you

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 AM

Posted 20 September 2012 - 11:48 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 AbadiX

AbadiX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 20 September 2012 - 02:51 PM

Thank you so much Broni...

Here is the result after after running SecurityCheck.exe

===================================================================
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Microsoft VM for Java
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
===================================================================

This is the result I got after scanning the system with FSS.exe

===================================================================
Farbar Service Scanner Version: 19-09-2012
Ran by AbadiX (administrator) on 20-09-2012 at 22:04:32
Running from "C:\Users\AbadiX\Desktop"
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
===================================================================

This is the result after running MiniToolBox.exe

===================================================================
MiniToolBox by Farbar Version: 23-07-2012
Ran by AbadiX (administrator) on 20-09-2012 at 22:09:50
Microsoft Windows 7 Home Basic Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 130 = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet8" address=192.168.183.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.44.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AbadiX-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : B8-03-05-04-C8-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 130
Physical Address. . . . . . . . . : B8-03-05-04-C8-15
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5101:ca90:6e59:3df7%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.134(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 20, 2012 6:14:02 PM
Lease Expires . . . . . . . . . . : Friday, September 21, 2012 6:14:02 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 397935365
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-28-51-A1-E8-11-32-68-80-05
DNS Servers . . . . . . . . . . . : 84.235.6.55
84.235.57.230
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E8-03-9A-34-7F-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : B8-03-05-04-C8-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DE3187F4-909B-4CC5-B87C-CDB3FEAA467C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:c9f:1a28:3f57:fe79(Preferred)
Link-local IPv6 Address . . . . . : fe80::c9f:1a28:3f57:fe79%18(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{847E2B51-C300-47F2-9EFC-781AD40FBF34}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{57EC652F-0455-4987-9C85-2A42349F74D9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B7C30B74-6A17-4F8E-B8D9-2360D6022BCC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ry-lb1.saudi.net.sa
Address: 84.235.6.55

Name: google.com
Addresses: 2a00:1450:4006:801::1006
173.194.39.36
173.194.39.35
173.194.39.32
173.194.39.33
173.194.39.46
173.194.39.34
173.194.39.37
173.194.39.40
173.194.39.39
173.194.39.38
173.194.39.41


Pinging google.com [173.194.35.110] with 32 bytes of data:
Reply from 173.194.35.110: bytes=32 time=103ms TTL=53
Reply from 173.194.35.110: bytes=32 time=213ms TTL=53

Ping statistics for 173.194.35.110:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 213ms, Average = 158ms
Server: ry-lb1.saudi.net.sa
Address: 84.235.6.55

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1194ms TTL=52
Reply from 72.30.38.140: bytes=32 time=1187ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1187ms, Maximum = 1194ms, Average = 1190ms
Server: ry-lb1.saudi.net.sa
Address: 84.235.6.55

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
26...b8 03 05 04 c8 16 ......Microsoft Virtual WiFi Miniport Adapter
16...b8 03 05 04 c8 15 ......Intel® Centrino® Wireless-N 130
13...e8 03 9a 34 7f 24 ......Realtek PCIe GBE Family Controller
11...b8 03 05 04 c8 19 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.134 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.134 281
192.168.1.134 255.255.255.255 On-link 192.168.1.134 281
192.168.1.255 255.255.255.255 On-link 192.168.1.134 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.134 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.134 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:9d38:6ab8:c9f:1a28:3f57:fe79/128
On-link
16 281 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::c9f:1a28:3f57:fe79/128
On-link
16 281 fe80::5101:ca90:6e59:3df7/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
16 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 %windir%\SysWOW64\vsocklib.dll [File Not found] ()
Catalog9 13 %windir%\SysWOW64\vsocklib.dll [File Not found] ()
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 %windir%\System32\vsocklib.dll [File Not found] ()
x64-Catalog9 13 %windir%\System32\vsocklib.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/20/2012 06:13:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Faulting module name: SWMAgent.exe, version: 1.1.16.14, time stamp: 0x4e71639d
Exception code: 0xc0000005
Fault offset: 0x0001fbe8
Faulting process id: 0x1278
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report Id: SWMAgent.exe3

Error: (09/20/2012 06:11:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11278

Error: (09/20/2012 06:11:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11278

Error: (09/20/2012 06:11:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2012 06:11:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10186

Error: (09/20/2012 06:11:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10186

Error: (09/20/2012 06:11:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2012 06:11:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9188

Error: (09/20/2012 06:11:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9188

Error: (09/20/2012 06:11:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/18/2012 09:17:45 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:43 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:40 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:37 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:35 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:32 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:30 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:27 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:24 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (09/18/2012 09:17:22 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Microsoft Office Sessions:
=========================
Error: (09/20/2012 06:13:58 PM) (Source: Application Error)(User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8127801cd974286fa13b3C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.execcaa5797-0335-11e2-bb96-b8030504c819

Error: (09/20/2012 06:11:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11278

Error: (09/20/2012 06:11:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11278

Error: (09/20/2012 06:11:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2012 06:11:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10186

Error: (09/20/2012 06:11:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10186

Error: (09/20/2012 06:11:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2012 06:11:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9188

Error: (09/20/2012 06:11:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9188

Error: (09/20/2012 06:11:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

?? ??? (Version: 16.4.3503.0728)
??? (Version: 16.4.3503.0728)
???? (Version: 16.4.3503.0728)
?????? ??????? (Version: 16.4.3503.0728)
??????? ??????????? (Version: 16.4.3503.0728)
???????? ?????????? Windows Live (Version: 16.4.3503.0728)
?????????? (????????????? ??????) (Version: 16.4.3503.0728)
?????????? (Version: 16.4.3503.0728)
بريد Windows Live (Version: 16.4.3503.0728)
µTorrent (Version: 3.2.0)
„Windows Live Essentials“ (Version: 16.4.3503.0728)
„Windows Live Mail“ (Version: 16.4.3503.0728)
„Windows Live Messenger“ (Version: 16.4.3503.0728)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Agatha Christie - Death on the Nile (Version: 2.2.0.82)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.0.610.0)
Bonjour (Version: 3.0.0.10)
Build-a-lot (Version: 2.2.0.82)
Chuzzle Deluxe (Version: 2.2.0.82)
CyberLink Media Suite (Version: 8.0.2227)
CyberLink Media+ Player10 (Version: 10.0.1110.00)
CyberLink MediaShow (Version: 5.0.1130a)
CyberLink Power2Go (Version: 6.1.3802)
CyberLink PowerDirector (Version: 8.0.3306)
CyberLink YouCam (Version: 3.1.4417)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
Driver Genius Professional Edition (Version: 11.0)
Easy File Share (Version: 1.1.1699)
Easy Migration (Version: 1.0)
Easy Settings (Version: 1.1)
Easy Software Manager (Version: 1.1.16.14)
Easy Support Center 1.0 (Version: 1.1.36)
ETDWare PS/2-X64 10.0.7.3_WHQL (Version: 10.0.7.3)
Farm Frenzy (Version: 2.2.0.82)
Fot?t?r (Version: 16.4.3503.0728)
Foto-galerija (Version: 16.4.3503.0728)
Foto?raf Galerisi (Version: 16.4.3503.0728)
Fotoatt?lu galerija (Version: 16.4.3503.0728)
Fotogalerie (Version: 16.4.3503.0728)
Fotogalerija (Version: 16.4.3503.0728)
Fotogalleri (Version: 16.4.3503.0728)
Fotogalleriet (Version: 16.4.3503.0728)
Fotogaléria (Version: 16.4.3503.0728)
Galer?a de fotos (Version: 16.4.3503.0728)
Galeria de Fotografias (Version: 16.4.3503.0728)
Galeria de Fotos (Version: 16.4.3503.0728)
Galeria fotografii (Version: 16.4.3503.0728)
Galerie de photos (Version: 16.4.3503.0728)
Galerie foto (Version: 16.4.3503.0728)
Galerija fotografija (Version: 16.4.3503.0728)
High-Definition Video Playback (Version: 11.1.11100.4.196)
iCloud (Version: 1.1.0.40)
iFunbox (v1.99.958.697), iFunbox DevTeam (Version: v1.99.958.697)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1008)
Intel® Management Engine Components (Version: 8.1.0.1281)
Intel® Processor Graphics (Version: 9.17.10.2817)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 1.1.0.0157)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.2.0.0266)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (Version: 11.5.2.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java SE Development Kit 7 Update 7 (64-bit) (Version: 1.7.0.70)
John Deere Drive Green (Version: 2.2.0.82)
Junk Mail filter update (Version: 16.4.3503.0728)
K-Lite Codec Pack 9.2.0 (Full) (Version: 9.2.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SkyDrive (Version: 16.4.6010.0727)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
Movie Maker (Version: 16.4.3503.0728)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Multimedia POP (Version: 1.0)
Nero 11 (Version: 11.2.01000)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11400.14.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11400.14.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.2.18400.2.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.11100.8.0)
Nero Burning ROM 11 (Version: 11.2.10300.0.0)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.16300.1.23)
Nero CoverDesigner 11 (Version: 6.0.11000.13.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Express 11 (Version: 11.2.10300.0.0)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Kwik Media (Version: 1.14.11600.19.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Recode 11 (Version: 5.2.10900.0.0)
Nero Recode 11 Help (CHM) (Version: 11.0.10500)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SharedVideoCodecs (Version: 1.0.11500.1.5)
Nero SoundTrax 11 (Version: 5.0.10700.6.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.11500.28.0)
Nero Video 11 (Version: 8.2.15700.3.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero WaveEditor 11 (Version: 6.2.11300.0.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20010)
Norton Internet Security (Version: 18.7.2.3)
Norton Online Backup (Version: 2.1.17869)
NVIDIA Display Control Panel (Version: 6.14.12.6883)
NVIDIA Graphics Driver 268.83 (Version: 268.83)
NVIDIA Install Application (Version: 2.265.42.0)
NVIDIA Optimus 1.0.23 (Version: 1.0.23)
NVIDIA Update Components (Version: 1.0.23)
Opera 12.02 (Version: 12.02.1578)
Orbit Downloader
Pandora Service
Peggle (Version: 2.2.0.82)
Penguins! (Version: 2.2.0.82)
Photo Common (Version: 16.4.3503.0728)
Photo Gallery (Version: 16.4.3503.0728)
Plants vs. Zombies (Version: 2.2.0.82)
Po?ta Windows Live (Version: 16.4.3503.0728)
Poczta us?ugi Windows Live (Version: 16.4.3503.0728)
Podstawowe programy Windows Live (Version: 16.4.3503.0728)
Polar Golfer (Version: 2.2.0.82)
QuickTime (Version: 7.72.80.56)
Raccolta foto (Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6710)
Samsung Recovery Solution 5 (Version: 5.0.1.5)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
Skype™ 5.10 (Version: 5.10.116)
Software Launcher (Version: 1.0.2)
TeraCopy 2.27
The KMPlayer (remove only)
tools-freebsd (Version: 9.2.0.812388)
tools-linux (Version: 9.2.0.812388)
tools-netware (Version: 9.2.0.812388)
tools-solaris (Version: 9.2.0.812388)
tools-windows (Version: 9.2.0.812388)
tools-winPre2k (Version: 9.2.0.812388)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
User Guide (Version: 1.3)
Valokuvavalikoima (Version: 16.4.3503.0728)
VMware Workstation (Version: 9.0.0)
WD SmartWare (Version: 1.1.0.2)
Welcome App (Start-up experience) (Version: 11.0.23500.0.0)
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Live ?? (Version: 16.4.3503.0728)
Windows Live ?? ??? (Version: 16.4.3503.0728)
Windows Live ??? (Version: 16.4.3503.0728)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live Family Safety (Version: 16.4.3503.0728)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mail (Version: 16.4.3503.0728)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 16.4.3503.0728)
Windows Live MIME IFilter (Version: 16.4.3503.0728)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live Po?ta (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live Temel Parçalar (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer (Version: 16.4.3503.0728)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 16.4.3503.0728)
Windows Liven peruspaketti (Version: 16.4.3503.0728)
Windows Liven s?hk?posti (Version: 16.4.3503.0728)
WinMate
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wireshark 1.8.2 (64-bit) (Version: 1.8.2)
Zuma Deluxe (Version: 2.2.0.95)
معرض الصور (Version: 16.4.3503.0728)

========================= Devices: ================================

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WebCam SC-0311139N
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 4009.55 MB
Available physical RAM: 1441.36 MB
Total Pagefile: 8017.29 MB
Available Pagefile: 4982.51 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.16 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:150 GB) (Free:79.16 GB) NTFS
2 Drive d: () (Fixed) (Total:294.6 GB) (Free:236.44 GB) NTFS

========================= Users: ========================================

User accounts for \\ABADIX-PC

AbadiX Administrator Guest
UpdatusUser VUSR_ABADIX-PC


**** End of log ****

===================================================================

After Scanning the system with MBAM, here the result I got

===================================================================
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
AbadiX :: ABADIX-PC [administrator]

9/20/2012 10:21:45 PM
mbam-log-2012-09-20 (22-21-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226163
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===================================================================

This is the result after scanning the system with aswMBR

===================================================================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-20 22:30:17
-----------------------------
22:30:17.770 OS Version: Windows x64 6.1.7601 Service Pack 1
22:30:17.770 Number of processors: 4 586 0x2A07
22:30:17.771 ComputerName: ABADIX-PC UserName: AbadiX
22:30:18.693 Initialize success
22:35:59.317 AVAST engine defs: 12092000
22:36:16.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000087
22:36:16.616 Disk 0 Vendor: ATA_____ 0001 Size: 476940MB BusType: 11
22:36:16.685 Disk 0 MBR read successfully
22:36:16.696 Disk 0 MBR scan
22:36:16.707 Disk 0 unknown MBR code
22:36:16.725 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:36:16.738 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 153600 MB offset 206848
22:36:16.744 Disk 0 Partition - 00 0F Extended LBA 301668 MB offset 314779648
22:36:16.773 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 21571 MB offset 932595712
22:36:16.884 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 301667 MB offset 314781696
22:36:16.924 Disk 0 scanning C:\windows\system32\drivers
22:36:27.759 Service scanning
22:36:55.014 Modules scanning
22:36:55.363 Disk 0 trace - called modules:
22:36:55.411 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
22:36:55.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cfa790]
22:36:55.433 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006b9ac50]
22:36:55.445 5 iaStorF.sys[fffff88001df5168] -> nt!IofCallDriver -> \Device\00000087[0xfffffa8004e392e0]
22:36:55.764 AVAST engine scan C:\windows
22:36:58.405 AVAST engine scan C:\windows\system32
22:39:47.732 AVAST engine scan C:\windows\system32\drivers
22:40:01.221 AVAST engine scan C:\Users\AbadiX
22:47:43.697 AVAST engine scan C:\ProgramData
22:49:31.660 Scan finished successfully
22:50:28.728 Disk 0 MBR has been saved successfully to "C:\Users\AbadiX\Desktop\MBR.dat"
22:50:28.741 The log file has been saved successfully to "C:\Users\AbadiX\Desktop\aswMBR.txt"
===================================================================

Finally, thank you so much for your help! :)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 AM

Posted 20 September 2012 - 03:27 PM

All looks good so far :)

I see this error...

Error: (09/18/2012 09:17:45 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Click Start button and in "Start search" type:
cmd
Hold CTRL and SHIFT buttons and press Enter.
Command prompt window will open.
Paste this in:
chkdsk /f /r (<------watch for "spaces")
Press Enter.
Restart the computer.
Chkdsk will run.

Let me know if any errors were found.

Next....

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 AbadiX

AbadiX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 20 September 2012 - 09:31 PM

All done! :)

This is the result I got after running AdwCleaner.exe

==========================================================================
# AdwCleaner v2.002 - Logfile created 09/21/2012 at 02:49:42
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (64 bits)
# User : AbadiX - ABADIX-PC
# Boot Mode : Normal
# Running from : C:\Users\AbadiX\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\AbadiX\AppData\Roaming\Mozilla\Firefox\Profiles\ao3hntrd.default\prefs.js

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\AbadiX\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1680 octets] - [21/09/2012 02:49:42]

########## EOF - C:\AdwCleaner[S1].txt - [1740 octets] ##########
=========================================================================

No infected files after scanning with ESET :)

Thank you again!

Edited by AbadiX, 20 September 2012 - 09:32 PM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 AM

Posted 20 September 2012 - 10:14 PM

Did you run "chkdsk"?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 AbadiX

AbadiX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 21 September 2012 - 01:18 AM

Yes! but I don't know if it showed any errors cause while it was checking I slept lol :P

Should I do it again?

Edited by AbadiX, 21 September 2012 - 01:19 AM.


#8 AbadiX

AbadiX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 21 September 2012 - 06:36 PM

Broni, I just wanted to know if I'm supposed to run chkdsk again since I slept while it was running and didn't have the chance to see if there were any errors.

Thank you!

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 AM

Posted 21 September 2012 - 07:08 PM

Yes go ahead.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 AbadiX

AbadiX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 21 September 2012 - 08:18 PM

I run chkdsk and this is the result:

Posted Image

Posted Image

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 AM

Posted 21 September 2012 - 08:21 PM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 AbadiX

AbadiX
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 21 September 2012 - 09:08 PM

I will do all listed instructions.

Thank you so much Broni! I really appreciate your help.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 AM

Posted 21 September 2012 - 09:09 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users