Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Pendrive in another computer shows virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 Newbie1011

Newbie1011

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 22 October 2013 - 08:09 PM

Hi

 

I had put my pendrive in another computer running Kaspersky antivirus to transfer some files

That computer said that my pendrive contains rootkit viruses

I did not get details of the suspected viruses as the pendrive was removed immediately

 

Please advise how to proceed

 

Based on solutions given in previous similar cases, I have run and saved the following basic data so that the work can go 1 step further

 

aswmbr

attach

dds

MBR.dat

 

If these are useful, I will attach or paste the outputs as advised by you

 

Thanks for helping


Edited by Newbie1011, 23 October 2013 - 04:32 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 23 October 2013 - 05:28 AM

Hello -

First EDIT - please glick on Follow this topic at top right to track this -

In Am I Infected we do not use those scans for now.

 

A couple of quick questions - Is there any important data on the Flash drive ?

Did you actually transfer anything from Computer A to Computer B or just drag it out in 5 seconds.

What computer did you do the scans on, as we will look at yours ......

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Now : Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
 Click Go and copy / paste the result (Result.txt).

 

 

If you have this installed, just Update it and do a Quick Scan, if not ........

Download Malwarebytes Anti-Malware Free (a.k.a MBAM) to your desktop.
NOTE : Do not accept the Free Trial Offer at this time. You can try that later
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Thanks -


Edited by noknojon, 23 October 2013 - 05:35 AM.


#3 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 23 October 2013 - 07:55 PM

My computer flash Drive was inserted in Computer B and removed in 5 secs when it showed Rootkit virus

I do not have any important data on the drive

I can format it, if required

But I have several flash drives and portable drives in which I regularly keep taking various backups

Can they all be infected and if attached, can reinfect this computer ?

It will be very difficult to format all these drives, unless absolutely necessary.

I will not attach those drives to this computer untill you confirm

 

I am pasting the output of the various tests you had recommended

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0) 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
 
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.23.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Shravan :: SHRAVAN-PC [administrator]
 
24/Oct/2013 6:10:35 AM
mbam-log-2013-10-24 (06-10-35).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207005
Time elapsed: 4 minute(s), 23 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\Users\Shravan\AppData\Roaming\BitTorrent\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Shravan\Downloads\DownloadManagerSetup.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Shravan\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Shravan\Downloads\ManyCamSetup.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
 
(end)
 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Shravan (administrator) on 24-10-2013 at 06:06:16
Running from "C:\Users\Shravan\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= IP Configuration: ================================
 
Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Yes
add address name="Local Area Connection" address=192.168.1.100 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Shravan-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : BC-AE-C5-47-59-77
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a465:9d1c:90b7:30cb%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::ed2:b5ff:fe04:892c%10
                                       192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 247246533
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-46-A3-6B-BC-AE-C5-47-59-77
   DNS Servers . . . . . . . . . . . : 125.22.47.125
                                       202.56.250.5
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
I have followed all your instructions while taking these outputs
 
Please advise next step
 
Thanks for helping
 


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 23 October 2013 - 10:52 PM

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Now : Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs

 Click Go and copy / paste the result (Result.txt).

 

You missed the bottom part of this ......... I have no Errors or Installed programs ........

 

Also please tell me if you have any problems yet -



#5 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 23 October 2013 - 11:25 PM

I am sorry. I missed it

 

I have no problems whatsoever.

Just wanted to be sure that the computer is clean

 

Thanks for helping



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 23 October 2013 - 11:37 PM

After you post the above - - -

First -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Next -

If this is a Laptop please plug it into a reliable power source .................

 

I'd like us to scan your machine with ESET OnlineScan

The scan is best done with M/soft Internet Explorer as it uses ActiveX

There is a link at 3 - 1 if you will not use Internet Explorer

First follow How To Temporarily Disable Your Anti-virus
1.Hold down Control (Ctrl) key, and click on This Link to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the icon on your desktop.

4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

 

*Scan potentially unwanted applications
*Scan for potentially unsafe applications
*Enable Anti-Stealth technology

 

9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Thanks -



#7 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 24 October 2013 - 08:30 AM

Rkill 2.6.2 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/24/2013 04:23:40 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\AstSrv.exe (PID: 1876) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Shravan\Desktop\rkill\rkill-10-24-2013-04-23-47.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
Program finished at: 10/24/2013 04:24:56 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)
 
I also scanned the computer using ESET
 
20 threat were found which were successfully deleted by the program
However, by mistake instead of 1st pressing list threats, I pressed finish due to which the output was lost
Shall I do the scan again?
 
Thanks for helping


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 24 October 2013 - 03:27 PM

1 = Good / 20 threat were found which were successfully deleted by the program
2 = Bummer / However, by mistake instead of 1st pressing list threats, I pressed finish
3 = Generally useless now / Shall I do the scan again? / BUT
But there should be a record - Please look -
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. We should also be able to see it -The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.

After this please finish Post #4 now -
 

Thanks -



#9 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 24 October 2013 - 06:39 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Shravan (administrator) on 25-10-2013 at 05:07:24
Running from "C:\Users\Shravan\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Yes
add address name="Local Area Connection" address=192.168.1.100 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Shravan-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : BC-AE-C5-47-59-77
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a465:9d1c:90b7:30cb%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::ed2:b5ff:fe04:892c%10
                                       192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 247246533
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-46-A3-6B-BC-AE-C5-47-59-77
   DNS Servers . . . . . . . . . . . : 125.22.47.125
                                       202.56.250.5
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{2BE50405-7707-4913-8488-C5774ABE191E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  AES-Static-125.47.22.125.airtel.in
Address:  125.22.47.125
 
Name:    google.com
Addresses:  2404:6800:4007:802::1006
 74.125.236.168
 74.125.236.165
 74.125.236.164
 74.125.236.174
 74.125.236.166
 74.125.236.169
 74.125.236.160
 74.125.236.161
 74.125.236.167
 74.125.236.162
 74.125.236.163
 
 
Pinging google.com [74.125.236.40] with 32 bytes of data:
Reply from 74.125.236.40: bytes=32 time=29ms TTL=55
Reply from 74.125.236.40: bytes=32 time=29ms TTL=55
 
Ping statistics for 74.125.236.40:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 29ms, Average = 29ms
Server:  AES-Static-125.47.22.125.airtel.in
Address:  125.22.47.125
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=314ms TTL=51
Reply from 98.138.253.109: bytes=32 time=286ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 286ms, Maximum = 314ms, Average = 300ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...bc ae c5 47 59 77 ......Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    276
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::ed2:b5ff:fe04:892c
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::a465:9d1c:90b7:30cb/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/25/2013 05:02:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/23/2013 05:52:50 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (10/20/2013 07:48:47 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16720 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 163c
 
Start Time: 01cecd3aa2a0caa3
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (10/19/2013 01:17:15 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (10/15/2013 09:25:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Faulting module name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Exception code: 0xc0000005
Fault offset: 0x0000685b
Faulting process id: 0x1428
Faulting application start time: 0xNow.exe0
Faulting application path: Now.exe1
Faulting module path: Now.exe2
Report Id: Now.exe3
 
Error: (10/14/2013 03:31:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Faulting module name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Exception code: 0xc0000005
Fault offset: 0x0000685b
Faulting process id: 0xfc8
Faulting application start time: 0xNow.exe0
Faulting application path: Now.exe1
Faulting module path: Now.exe2
Report Id: Now.exe3
 
Error: (10/14/2013 09:40:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0150010
Fault offset: 0x0008482b
Faulting process id: 0x1298
Faulting application start time: 0xNow.exe0
Faulting application path: Now.exe1
Faulting module path: Now.exe2
Report Id: Now.exe3
 
Error: (10/14/2013 09:40:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Faulting module name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Exception code: 0xc0000005
Fault offset: 0x0000685b
Faulting process id: 0x1298
Faulting application start time: 0xNow.exe0
Faulting application path: Now.exe1
Faulting module path: Now.exe2
Report Id: Now.exe3
 
Error: (10/11/2013 03:30:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Faulting module name: Now.exe, version: 1.8.4.3, time stamp: 0x5119e684
Exception code: 0xc0000005
Fault offset: 0x0000685b
Faulting process id: 0x9bc
Faulting application start time: 0xNow.exe0
Faulting application path: Now.exe1
Faulting module path: Now.exe2
Report Id: Now.exe3
 
Error: (10/11/2013 10:10:32 AM) (Source: Application Hang) (User: )
Description: The program Now.exe version 1.8.4.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1080
 
Start Time: 01cec631dce1378d
 
Termination Time: 92
 
Application Path: C:\Program Files\NOW\Now.exe
 
Report Id: 295226e6-322f-11e3-a40c-bcaec5475977
 
 
System errors:
=============
Error: (10/25/2013 04:57:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/24/2013 04:23:41 PM) (Source: Service Control Manager) (User: )
Description: The Ast Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/24/2013 04:14:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/24/2013 06:18:38 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/24/2013 05:09:14 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/23/2013 05:53:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/23/2013 05:53:08 PM) (Source: Service Control Manager) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/23/2013 05:53:08 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (10/23/2013 05:53:07 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (10/23/2013 05:41:40 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (10/25/2013 05:02:41 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (10/23/2013 05:52:50 PM) (Source: PerfNet)(User: )
Description: 
 
Error: (10/20/2013 07:48:47 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16720163c01cecd3aa2a0caa311C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (10/19/2013 01:17:15 PM) (Source: PerfNet)(User: )
Description: 
 
Error: (10/15/2013 09:25:38 AM) (Source: Application Error)(User: )
Description: Now.exe1.8.4.35119e684Now.exe1.8.4.35119e684c00000050000685b142801cec95a2b27cc8bC:\Program Files\NOW\Now.exeC:\Program Files\NOW\Now.exea6aa9f8e-354d-11e3-9733-bcaec5475977
 
Error: (10/14/2013 03:31:14 PM) (Source: Application Error)(User: )
Description: Now.exe1.8.4.35119e684Now.exe1.8.4.35119e684c00000050000685bfc801cec897f80bb56fC:\Program Files\NOW\Now.exeC:\Program Files\NOW\Now.exe8ecc90aa-34b7-11e3-b183-bcaec5475977
 
Error: (10/14/2013 09:40:46 AM) (Source: Application Error)(User: )
Description: Now.exe1.8.4.35119e684ntdll.dll6.1.7601.18247521ea8e7c01500100008482b129801cec8909118c4e2C:\Program Files\NOW\Now.exeC:\Windows\SysWOW64\ntdll.dll991d2918-3486-11e3-b183-bcaec5475977
 
Error: (10/14/2013 09:40:43 AM) (Source: Application Error)(User: )
Description: Now.exe1.8.4.35119e684Now.exe1.8.4.35119e684c00000050000685b129801cec8909118c4e2C:\Program Files\NOW\Now.exeC:\Program Files\NOW\Now.exe97a1a719-3486-11e3-b183-bcaec5475977
 
Error: (10/11/2013 03:30:23 PM) (Source: Application Error)(User: )
Description: Now.exe1.8.4.35119e684Now.exe1.8.4.35119e684c00000050000685b9bc01cec63c08b25830C:\Program Files\NOW\Now.exeC:\Program Files\NOW\Now.exef1407968-325b-11e3-a40c-bcaec5475977
 
Error: (10/11/2013 10:10:32 AM) (Source: Application Hang)(User: )
Description: Now.exe1.8.4.3108001cec631dce1378d92C:\Program Files\NOW\Now.exe295226e6-322f-11e3-a40c-bcaec5475977
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Advanced SystemCare 6 (Version: 6.4)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD Steady Video Plug-In  (Version: 2.04.0000)
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485)
Avira Free Antivirus (Version: 14.0.0.383)
BitTorrent (Version: 7.8.0.29039)
Bullzip PDF Printer 9.10.0.1629 (Version: 9.10.0.1629)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cool & Quiet
CPUID HWMonitor 1.21
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Google Chrome (Version: 30.0.1599.101)
Google Drive (Version: 1.12.5329.1887)
Google Update Helper (Version: 1.3.21.165)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
JMicron JMB36X Driver (Version: 1.17.62.0)
Junk Mail filter update (Version: 16.4.3505.0912)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 11.24.10.3)
MetaStock Professional 11.0
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (Version: 17.0.2015.0811)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0)
NOW (Version: 1.8.4.3)
PDFill FREE PDF Tools (Version: 9.0)
Power Indiabulls (Version: 5.0)
Shubha Downloader (Version: 00.00.00.05)
shubha real time (Version: 1.0.0.38)
Skype Click to Call (Version: 6.11.13348)
Skype™ 6.9 (Version: 6.9.106)
Smart Defrag 2 (Version: 2.9)
SpywareBlaster 5.0 (Version: 5.0.0)
TeamViewer 8 (Version: 8.0.22298)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Viber (Version: 3.0.0.133634)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Yahoo! Messenger
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 
**** End of log ****
 
I reached the log.txt file in ESET Directory 
this is what it had
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
Please advise next step
 
Thanks for helping


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 24 October 2013 - 07:22 PM

Just quick ones for now then another scan after these

 

Rats - Not the "20 threat were found" as stated .......

 

Please remove these IObit programs, as they are causing problems with your Antivirus.
Advanced SystemCare 6 (Version: 6.4) <= Antivirus + Registry Cleaner tool
Smart Defrag 2 (Version: 2.9)

 

BitTorrent (Version: 7.8.0.29039) <= A good place to pick up 20 infections (Remove)

 

Now.exe seems to give several odd errors but it seems an OK program.
Do you have an "extra" clock installed on the desktop ?

 

Constant solution for : The ScRegSetValueExW call failed for FailureActions with the following error:
Go to Options/Advanced Settings and turn off " AVG Self Protection".
If you are using AVG 2013 Antivirus, then disable "AVG Self Protection"



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 24 October 2013 - 07:29 PM

Kaspersky OnlineScan Try this and see if your computer reacts to anything -
 

Not my normal scanner, but just follow directions and see if we get any more hits -



#12 Newbie1011

Newbie1011
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 24 October 2013 - 07:51 PM

Just quick ones for now then another scan after these

 

Rats - Not the "20 threat were found" as stated .......

 

Please remove these IObit programs, as they are causing problems with your Antivirus.
Advanced SystemCare 6 (Version: 6.4) <= Antivirus + Registry Cleaner tool
Smart Defrag 2 (Version: 2.9)

 

BitTorrent (Version: 7.8.0.29039) <= A good place to pick up 20 infections (Remove)

 

Now.exe seems to give several odd errors but it seems an OK program.
Do you have an "extra" clock installed on the desktop ?

 

Constant solution for : The ScRegSetValueExW call failed for FailureActions with the following error:
Go to Options/Advanced Settings and turn off " AVG Self Protection".
If you are using AVG 2013 Antivirus, then disable "AVG Self Protection"

 

I have removed Advanced system care, Smart Defrag2  & Bit torrent

I dont have any extra clock on my desktop. In the windows default clock (Bottom right of the screen which shows the computer time)  i have 2 cities time

now.exe is a legitimate program

 

I have Avira anti virus not AVG

 

Please advise how to proceed

 

I am running the kaspersky and will post the output, but please advise should I use the fix button as it shows missing critical protection and it is stuck on 0% for a long time?

 

I stopped the scan and the error it showed was that the Anti virus is stopped where as Avira panel shows that it is running well

 

Thanks for helping

 


Edited by Newbie1011, 24 October 2013 - 08:28 PM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:27 AM

Posted 24 October 2013 - 10:34 PM

I have Avira anti virus not AVG
I could see that - My reply was a copy/paste from 2 sites that fixed the problem ??

 

now.exe is a legitimate program
I am aware of this, but I can only read what shows in Errors (as you can read).

Examples =
- The program Now.exe version 1.8.4.3 stopped interacting with Windows and was closed.
- Now.exe1.8.4.35119e684Now.exe1.8.4.35119e684c00000050000685b9bc01cec63c08b25830C:\Program Files\NOW\Now.exeC:\Program Files\NOW\Now.exef1407968-325b-11e3-a40c-bcaec5475977

 

To post further for Rootkit Removal / Checking, you need to Please read Preparation Guide from #6

and post a new topic in Virus, Trojan, Spyware, and Malware Removal Logs With DDS logs copied and pasted -

 

Thank You -



#14 Platypus

Platypus

  • Global Moderator
  • 15,780 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:27 AM

Posted 25 October 2013 - 07:28 PM

Continued here:

 

http://www.bleepingcomputer.com/forums/t/511844/my-pendrive-in-another-computer-shows-virus/


Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users