Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Hijacking-like Symptoms


  • Please log in to reply
8 replies to this topic

#1 surfingbird118

surfingbird118

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 08 December 2012 - 09:59 AM

Hello, my desktop recently started acting up after microsoft security essentials picked up multiple threats, including a trojan. Unfortunately, I didn't write down the names of them and I deleted them promptly after they were quarantined. Afterwards, I started experiencing all manner of graphical and stability issues that culminated in several instances of blue screens as well as some other alarming symptoms.

Specifically, real-time protection in microsoft security essentials switches off inexplicably and cannot be turned back on. In addition, after a short while (maybe 5 minutes), I cannot perform any scans (error code 0x800106ba). After a reboot, it gets hung up on C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.0\nvcuvenc.dll and refuses to continue scanning. Explorer also was having trouble staying stable. The odd thing I noticed was that as soon as I tried to disable my network adapter, it would trigger explorer to become unresponsive.

I first started noticing these problems when firefox was having trouble crashing uncharacteristically often. Then, I saw artifacts in the games I was playing. At this point, I decided to perform a forced scan with security essentials and, as I mentioned above, picked up some unwanted visitors. I thought I had resolved the problem, but firefox was still crashing. At that point, I rebooted a couple of times, each with the same result so I put the computer into safe mode with networking to investigate. I installed the free version of malwarebytes and performed a full scan, but was unable to find anything. Then, I ran CCleaner and rebooted again in normal mode. This time, firefox even refused to start, saying that it was unable to load XPCOM, all while spitting error messages that C:\windows\SysWOW64 was corrupted. Two blue screens later and I had had enough. I went to try and do a system restore, which finally worked on the 2nd attempt. Is this a physical memory problem or do I need to reformat?

Forgot to mention this is on a windows 7 machine. I also messed up badly with the system restore as I realize it rolled back to before the .dmp files were created. Sorry for the machine gun editing.

I am writing this from my laptop so I will try and post the dump file shortly. Thank you for any help you might be able to offer on this matter.

Edited by surfingbird118, 08 December 2012 - 10:29 AM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:34 PM

Posted 08 December 2012 - 02:46 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 surfingbird118

surfingbird118
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 08 December 2012 - 07:41 PM

Hi, thanks for replying. I booted the computer in safe mode and ran the four programs you linked.

Here's what I get from running TDSS: DokanMounter, IDriverT and TimeLock. They are all classified as "suspicious object, medium risk." I skipped Dokan and IDriver, but deleted timelock, as I have no use for it anyways and rebooted. It then asked for a restart so I rebooted in safe mode with networking and got a userinit.exe-Entry Point Not Found error, saying that "procedure entry point CtfImmLastEnableWndDestroy could not be located in the dynamic link library IMM32.dll." I clicked ok and it blue screened. It seemed to work fine after the 2nd restart.

This is what I got from Security Check
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

This is what I got from running Farbar:

Farbar Service Scanner Version: 07-12-2012
Ran by Zhongjia (administrator) on 08-12-2012 at 19:25:06
Running from "C:\Users\Zhongjia\Desktop\bleep"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

And, this is what MiniToolBox gives:

MiniToolBox by Farbar Version: 25-11-2012
Ran by Zhongjia (administrator) on 08-12-2012 at 19:37:11
Running from "C:\Users\Zhongjia\Desktop\bleep"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Zhongjia-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 1C-6F-65-D5-63-2B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd5b:5ace:ef04:607%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 08, 2012 7:16:45 PM
Lease Expires . . . . . . . . . . : Sunday, December 09, 2012 7:16:45 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 236744549
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-28-92-57-1C-6F-65-D5-63-2B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{2B07B46D-E83A-4BBD-861C-A15EEE97F6CC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4002:801::1005
173.194.37.39
173.194.37.34
173.194.37.35
173.194.37.33
173.194.37.32
173.194.37.41
173.194.37.37
173.194.37.36
173.194.37.46
173.194.37.40
173.194.37.38


Pinging google.com [173.194.37.32] with 32 bytes of data:
Reply from 173.194.37.32: bytes=32 time=71ms TTL=50
Reply from 173.194.37.32: bytes=32 time=51ms TTL=50

Ping statistics for 173.194.37.32:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 71ms, Average = 61ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=101ms TTL=48
Reply from 98.139.183.24: bytes=32 time=122ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 101ms, Maximum = 122ms, Average = 111ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...1c 6f 65 d5 63 2b ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::dd5b:5ace:ef04:607/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2012 07:13:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x0000000000029cee
Faulting process id: 0x528
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3

Error: (12/08/2012 07:09:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.1.522.0, time stamp: 0x50515c57
Faulting module name: mpengine.dll, version: 1.1.9002.0, time stamp: 0x509be9ae
Exception code: 0xc0000005
Fault offset: 0x000000000032b5b4
Faulting process id: 0x2f4
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (12/08/2012 09:59:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: wlrmdr.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc8be
Faulting module name: xmllite.dll, version: 1.3.1001.0, time stamp: 0x4df99705
Exception code: 0xc0000005
Fault offset: 0x0000000000008e69
Faulting process id: 0x610
Faulting application start time: 0xwlrmdr.exe0
Faulting application path: wlrmdr.exe1
Faulting module path: wlrmdr.exe2
Report Id: wlrmdr.exe3

Error: (12/08/2012 09:58:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
The remote procedure call failed.
.

Error: (12/08/2012 09:58:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: services.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc10e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000000d
Fault offset: 0xc0000000775f144f
Faulting process id: 0x1dc
Faulting application start time: 0xservices.exe0
Faulting application path: services.exe1
Faulting module path: services.exe2
Report Id: services.exe3

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (12/08/2012 07:33:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:33:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:33:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:31:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:31:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:31:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:26:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:26:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:26:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/08/2012 07:23:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/08/2012 07:13:48 PM) (Source: Application Error)(User: )
Description: DllHost.exe6.1.7600.163854a5bca54ole32.dll6.1.7601.175144ce7c92cc00000050000000000029cee52801cdd5a2037a5961C:\Windows\system32\DllHost.exeC:\Windows\system32\ole32.dll4d20d0a2-4195-11e2-b332-1c6f65d5632b

Error: (12/08/2012 07:09:34 PM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.1.522.050515c57mpengine.dll1.1.9002.0509be9aec0000005000000000032b5b42f401cdd5a16bf01995c:\Program Files\Microsoft Security Client\MsMpEng.exec:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41F3446C-1D31-4637-9BA8-25340B041D60}\mpengine.dllb585e734-4194-11e2-9da4-8c0de1eb956f

Error: (12/08/2012 09:59:09 AM) (Source: Application Error)(User: )
Description: wlrmdr.exe6.1.7600.163854a5bc8bexmllite.dll1.3.1001.04df99705c00000050000000000008e6961001cdd5548a6f15e1C:\Windows\system32\wlrmdr.exeC:\Windows\system32\xmllite.dlld12a1d0c-4147-11e2-86b9-1c6f65d5632b

Error: (12/08/2012 09:58:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
The remote procedure call failed.

Error: (12/08/2012 09:58:52 AM) (Source: Application Error)(User: )
Description: services.exe6.1.7600.163854a5bc10eunknown0.0.0.000000000c000000dc0000000775f144f1dc01cdd551fedbe7ceC:\Windows\system32\services.exeunknownc6f938e0-4147-11e2-86b9-1c6f65d5632b

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/08/2012 08:38:22 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer


=========================== Installed Programs ============================

@BIOS (Version: 2.09)
µTorrent (Version: 3.1.3)
3DMark Vantage (Version: 1.1.0)
AC3Filter 2.5b (Version: 2.5b)
Adobe AIR (Version: 3.5.0.600)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Advanced Tactical Center™ 1.0 (Version: 1.0.0.0)
Age of Empires® III: Complete Collection
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AutoGreen B10.1021.1 (Version: 1.00.0000)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.118.0)
BattlEye for OA Uninstall
BattlEye Uninstall
BIT.TRIP BEAT
Bonjour (Version: 3.0.0.10)
Borderlands 2
Call of Duty: Black Ops - Multiplayer
CCleaner (Version: 3.17)
CDisplay 1.8
Chivalry: Medieval Warfare
CPUID CPU-Z 1.57
CPUID HWMonitor 1.17
DAEMON Tools Lite (Version: 4.45.4.0315)
Dead Island
Dead Rising 2
DES 2.0 (Version: 1.00.0000)
DivX Setup (Version: 2.6.1.9)
Dokan Library 0.6.0
Dota 2
Easy Tune 6 B10.1024.1 (Version: 1.00.0000)
ESN Sonar (Version: 0.70.4)
Fallout New Vegas
FIFA 13 (Version: 1.1.0.0)
Folding@home-x86 (Version: 6.23)
Freelancer
FTL: Faster Than Light
Futuremark SystemInfo (Version: 4.0.0.0)
Garry's Mod 13 Beta
Geeks3D.com FurMark 1.9.0
Grand Theft Auto: Episodes from Liberty City
Hawken
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 37 (Version: 6.0.370)
Magicka
Mass Effect™ 3 (Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSI Afterburner 2.2.4 (Version: 2.2.4)
Mumble 1.2.3 (Version: 1.2.3)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
ON_OFF Charge B10.0427.1 (Version: 1.00.0001)
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
Operation Flashpoint ®: Red River (Version: 1.0.0000.129)
Origin (Version: 8.5.0.4554)
OverTargetMarkers Editor (Version: 1.2.0)
Pando Media Booster (Version: 2.6.0.6)
Pandora (Version: 2.0.6)
PAYDAY: The Heist
PFPortChecker 1.0.39 (Version: 1.0.39)
PlanetSide 2 Beta
Portal 2 - The Final Hours
PunkBuster Services (Version: 0.993)
Realm of the Mad God
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6433)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.20.0)
SHIFT 2 UNLEASHED™ (Version: 1.0.0.0)
Sins of a Solar Empire: Rebellion
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.0 (Version: 6.0.126)
Sleeping Dogs version 1.4 (Version: 1.4)
Smart 6 B10.1023.1 (Version: 1.00.0000)
StarCraft II (Version: 1.4.2.20141)
Steam (Version: 1.0.0.0)
SwitchBlade (Version: 3.0.4)
TeamSpeak 3 Client (Version: 3.0.9.2)
Terraria
The Elder Scrolls IV: Oblivion
Transformers Fall of Cybertron
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wmdiper (Version: 011.000.1560)
TurboTax 2011 wrapper (Version: 011.000.0121)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.4 (Version: 2.0.4)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
World of Tanks - Common Test
World of Tanks v.0.6.7
World of Tanks v.0.7.4_CT
World of Warplanes
WOT Statistics (Version: 2.2.0)

========================= Devices: ================================

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 11%
Total physical RAM: 8175.43 MB
Available physical RAM: 7211.07 MB
Total Pagefile: 16349.05 MB
Available Pagefile: 15418.32 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.5 GB) (Free:324.35 GB) NTFS
4 Drive f: (KINGSTON) (Removable) (Total:7.37 GB) (Free:6.56 GB) FAT32

========================= Users: ========================================

User accounts for \\ZHONGJIA-PC

Administrator Guest UpdatusUser
Zhongjia

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

02-12-2012 01:55:40 Windows Update
05-12-2012 02:44:34 Windows Update
08-12-2012 03:18:13 Windows Update

**** End of log ****


Thanks again for your help so far.

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:34 PM

Posted 08 December 2012 - 09:12 PM

Hi

Please do the following next:

:step1:

Going over your logs I noticed that you have utorrent installed.
  • Avoid peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • P2p programs share a directory or set of directories on your computer to the world. Anyone can type in a search, and potentially download something from your computer. This makes the machine an open web server -- massively increasing the attack surface of the machine.
  • To reduce the risk of infection avoid using any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall utorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:

  • Click the "Windows Orb" button - Posted Image.
  • Click Control Panel then Programs and Features..

If you wish to keep it, please do not use it until your computer is cleaned.


:step2:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step3:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step4:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step5:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 surfingbird118

surfingbird118
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 08 December 2012 - 11:22 PM

Computer keeps shutting off due to a power error and now something with werfault when I scan with malwarebytes. I'm going to retry in safemode without networking.

Update: Third blue screen in a row whilst scanning with malwarebytes. I'm not sure if it will stay stable long enough for me to even download debugging tools so I can read the minidumps. When I restart, it blues screens again due to some memory management error. Out of ideas here...

Ok, so after 2 failed attempts, I finally managed to scan all my drives with malwarebytes in offline safe mode. It didn't turn up anything though. It's strange because it seems like I will be impeded from running these applications by something, but when I finally get them to work, they are unable to find any problems. I'm starting ESET now...

I've blue screened again (bad pool header?) whilst running ESET. Restarted and got a memory management blue screen and another system service exception. Now a cache manager blue screen. Another problem is that it freezes during reboots into safe mode (both offline and with networking) when it gets stuck at CLASSPNP.SYS.

Update 2: After becoming frustrated with not being able to boot, I put a bootable memtest86 iso onto a thumb drive. Lo and behold, I start getting errors up the wazoo. Just to see if I can isolate the problem to one stick, I test each individually. One is fine and will let the computer boot into safe mode as well as normal mode just fine. The other one starts going crazy when I test it in memtest86. I'm only on test 6 of the first pass and it's already racked up 100k+ errors. However, I can boot up into safe mode and normal with the faulty stick just fine. Suffice it to say, I am not surprised when it blue screens when I try to run ESET. I will now use the good stick to run the tests you suggested. Keeping my fingers crossed.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.09.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 8.0.7601.17514
Zhongjia :: ZHONGJIA-PC [administrator]

12/9/2012 12:30:24 AM
mbam-log-2012-12-09 (00-30-24).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 558425
Time elapsed: 1 hour(s), 18 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by surfingbird118, 09 December 2012 - 06:06 AM.


#6 surfingbird118

surfingbird118
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 December 2012 - 02:28 AM

double post

Edited by surfingbird118, 09 December 2012 - 02:28 AM.


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:34 PM

Posted 09 December 2012 - 06:44 AM

Hi

Thanks for the information. Please follow steps 3, 4 and 5 in my previous post next.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 surfingbird118

surfingbird118
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 09 December 2012 - 07:06 AM

I'm still doing the ESET test with the good memory module. I'll keep you posted.

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:34 PM

Posted 09 December 2012 - 07:48 AM

ok :thumbup2:

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users