Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I detected the user wangzhisong in my Windows' users' folder


  • Please log in to reply
12 replies to this topic

#1 frankdd

frankdd

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 December 2013 - 09:04 AM

Hi!

 

I just detected in my Windows' users' folder an user we don't have at home: wangzhisong

 

I checked in Internet and it looks like that it can be a virus or something similar. After running AVG and Avira rescues CDs to clean up my machine this folder still exists and I'm not sure if my computer is clean. What can I do? Thanks!

 

Kind regards



BC AdBot (Login to Remove)

 


#2 Silverbirch1

Silverbirch1

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:04:41 PM

Posted 09 December 2013 - 09:52 AM

Hi, Frank;

If the folder is empty, it is to be hoped that the problem is gone. However, I would recommend downloading and using Malware Bytes as it goes a little deeper into malware as well as viruses. Although I like AVG, it doesn't always find everything. If MB doesn't find anything, and you find your pc running slower than usual or having unusual errors, it might be necessary to run some other programs and/or tests that others here would have more expertise with.

 

Good Luck! :)



#3 frankdd

frankdd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 December 2013 - 10:19 AM

Hi Silverbirch1,

 

Thank you for your fast answer.

 

Yes I did the Malware Bytes scanning and it found some small things but nothing related to the wangzhisong user.

 

However I'm still thinking maybe there is still something. Where can I ask for more expert guide? Thanks!

 

Kind regards,

Frank


Edited by frankdd, 09 December 2013 - 10:49 AM.


#4 Silverbirch1

Silverbirch1

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:04:41 PM

Posted 09 December 2013 - 10:33 AM

Hi, Frank;

:) You're welcome. I'm on here looking for answers for my own problem, and saw your question. I've had extensive dealings with virus problems thanks to a granddaughter who clicked to exit a popup screen that promptly downloaded a nasty little virus. (tho that's not my current problem, lol.) You'll probably need combofix, etc., which should only be used by experts, or with expert guidance, of which I can claim neither as I've only used them with help a couple of times.  I would recommend staying with this thread and wait for someone with more knowledge to reply.  You also might look into the threads dealing with Combofix while you wait.

 

Good Luck! :)



#5 frankdd

frankdd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 December 2013 - 10:49 AM

Ok Silverbirch1,

 

Thanks and Googd Luck too! ;-)

Frank



#6 Silverbirch1

Silverbirch1

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon Coast
  • Local time:04:41 PM

Posted 09 December 2013 - 10:58 AM

Just realized that the main topic you probably want is the one listed directly above the "I am infected..." one. It deals with the deeper levels of virus detection and eradication. That's where you will get guidance for using combofix, etc. :)



#7 memegan816

memegan816

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:06:11 AM

Posted 09 December 2013 - 11:09 AM

Hi Frankk,

 

Try Faronics Anti-executable. Its an aaplication control software. It scan the system and prepared a list of unwanted application which you can easily block or remove. Also they have their antivirus too. So you can try both. May be your problem will get solve. 

 

Regards,

Melissa



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 09 December 2013 - 09:18 PM

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with new malware infections or other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here
Credit : QuietMan7


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 10 December 2013 - 07:57 PM

 
 

G'day Frank and Welcome to BC !

Run these for me and we will have a look for you

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Download  MiniToolBox MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

 

 

 

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#10 frankdd

frankdd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 15 December 2013 - 03:17 AM

Hi Condobloke,

 

And thank you Silverbirch1 and memegan816.

 

Here are the results of these tests:

 

 
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Mozilla Firefox (25.0.1) 
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 
 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Francisco (administrator) on 15-12-2013 at 09:13:33
Running from "C:\Users\Francisco\Downloads"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configuraci¢n IP de Windows
 
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Conexión de área local (Connected)
 
 
# ----------------------------------
# Configuraci¢n de IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Fin de la configuraci¢n de IPv4
 
 
 
Configuraci¢n IP de Windows
 
   Nombre de host. . . . . . . . . : PCX
   Sufijo DNS principal  . . . . . : 
   Tipo de nodo. . . . . . . . . . : h¡brido
   Enrutamiento IP habilitado. . . : no
   Proxy WINS habilitado . . . . . : no
 
Adaptador de Ethernet Conexi¢n de  rea local:
 
   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Descripci¢n . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
   Direcci¢n f¡sica. . . . . . . . . . . . . : 20-CF-30-AE-62-87
   DHCP habilitado . . . . . . . . . . . . . : s¡
   Configuraci¢n autom tica habilitada . . . : s¡
   V¡nculo: direcci¢n IPv6 local. . . : fe80::a972:34ef:c831:1e0e%10(Preferido) 
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.36(Preferido) 
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Concesi¢n obtenida. . . . . . . . . . . . : domingo, 15 de diciembre de 2013 8:56:54
   La concesi¢n expira . . . . . . . . . . . : lunes, 16 de diciembre de 2013 8:56:54
   Puerta de enlace predeterminada . . . . . : 192.168.1.1
   Servidor DHCP . . . . . . . . . . . . . . : 192.168.1.1
   IAID DHCPv6 . . . . . . . . . . . . . . . : 237031216
   DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-1A-28-A7-30-20-CF-30-AE-62-87
   Servidores DNS. . . . . . . . . . . . . . : 192.168.1.1
   NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado
 
Adaptador de t£nel isatap.{1D325DB7-5B39-4DE1-B2FE-EAE160003546}:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft
   Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP habilitado . . . . . . . . . . . . . : no
   Configuraci¢n autom tica habilitada . . . : s¡
 
Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
 
   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Descripci¢n . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP habilitado . . . . . . . . . . . . . : no
   Configuraci¢n autom tica habilitada . . . : s¡
   Direcci¢n IPv6 . . . . . . . . . . : 2001:0:5ef5:79fd:2461:2ba6:3f57:fedb(Preferido) 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::2461:2ba6:3f57:fedb%12(Preferido) 
   Puerta de enlace predeterminada . . . . . : ::
   NetBIOS sobre TCP/IP. . . . . . . . . . . : deshabilitado
Servidor:  UnKnown
Address:  192.168.1.1
 
Nombre:  google.com
Addresses:  2a00:1450:4003:804::1000
 173.194.34.196
 173.194.34.199
 173.194.34.206
 173.194.34.194
 173.194.34.197
 173.194.34.193
 173.194.34.192
 173.194.34.201
 173.194.34.200
 173.194.34.195
 173.194.34.198
 
 
Haciendo ping a google.com [173.194.34.199] con 32 bytes de datos:
Respuesta desde 173.194.34.199: bytes=32 tiempo=278ms TTL=55
Respuesta desde 173.194.34.199: bytes=32 tiempo=395ms TTL=55
 
Estad¡sticas de ping para 173.194.34.199:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 278ms, M ximo = 395ms, Media = 336ms
Servidor:  UnKnown
Address:  192.168.1.1
 
Nombre:  yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Haciendo ping a yahoo.com [98.139.183.24] con 32 bytes de datos:
Respuesta desde 98.139.183.24: bytes=32 tiempo=553ms TTL=48
Respuesta desde 98.139.183.24: bytes=32 tiempo=436ms TTL=48
 
Estad¡sticas de ping para 98.139.183.24:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 436ms, M ximo = 553ms, Media = 494ms
 
Haciendo ping a 127.0.0.1 con 32 bytes de datos:
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
 
Estad¡sticas de ping para 127.0.0.1:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
===========================================================================
ILista de interfaces
 10...20 cf 30 ae 62 87 ......Realtek PCIe GBE Family Controller #2
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red        M scara de red   Puerta de enlace   Interfaz  M‚trica
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.36     20
        127.0.0.0        255.0.0.0      En v¡nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      En v¡nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306
      192.168.1.0    255.255.255.0      En v¡nculo      192.168.1.36    276
     192.168.1.36  255.255.255.255      En v¡nculo      192.168.1.36    276
    192.168.1.255  255.255.255.255      En v¡nculo      192.168.1.36    276
        224.0.0.0        240.0.0.0      En v¡nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      En v¡nculo      192.168.1.36    276
  255.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      En v¡nculo      192.168.1.36    276
===========================================================================
Rutas persistentes:
  Ninguno
 
IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
 Cuando destino de red m‚trica      Puerta de enlace
 12     58 ::/0                     En v¡nculo
  1    306 ::1/128                  En v¡nculo
 12     58 2001::/32                En v¡nculo
 12    306 2001:0:5ef5:79fd:2461:2ba6:3f57:fedb/128
                                    En v¡nculo
 10    276 fe80::/64                En v¡nculo
 12    306 fe80::/64                En v¡nculo
 12    306 fe80::2461:2ba6:3f57:fedb/128
                                    En v¡nculo
 10    276 fe80::a972:34ef:c831:1e0e/128
                                    En v¡nculo
  1    306 ff00::/8                 En v¡nculo
 12    306 ff00::/8                 En v¡nculo
 10    276 ff00::/8                 En v¡nculo
===========================================================================
Rutas persistentes:
  Ninguno
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/10/2013 07:13:43 PM) (Source: Application Error) (User: )
Description: Nombre de la aplicación con errores: chrome.exe, versión: 31.0.1650.63, marca de tiempo: 0x529e8b45
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000
Id. del proceso con errores: 0x1100
Hora de inicio de la aplicación con errores: 0xchrome.exe0
Ruta de acceso de la aplicación con errores: chrome.exe1
Ruta de acceso del módulo con errores: chrome.exe2
Id. del informe: chrome.exe3
 
Error: (12/10/2013 06:48:02 PM) (Source: Application Error) (User: )
Description: Nombre de la aplicación con errores: chrome.exe, versión: 31.0.1650.63, marca de tiempo: 0x529e8b45
Nombre del módulo con errores: ole32.dll, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7b96f
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0003bc21
Id. del proceso con errores: 0x1550
Hora de inicio de la aplicación con errores: 0xchrome.exe0
Ruta de acceso de la aplicación con errores: chrome.exe1
Ruta de acceso del módulo con errores: chrome.exe2
Id. del informe: chrome.exe3
 
Error: (12/10/2013 06:36:24 PM) (Source: Application Error) (User: )
Description: Nombre de la aplicación con errores: chrome.exe, versión: 31.0.1650.63, marca de tiempo: 0x529e8b45
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000
Id. del proceso con errores: 0xee4
Hora de inicio de la aplicación con errores: 0xchrome.exe0
Ruta de acceso de la aplicación con errores: chrome.exe1
Ruta de acceso del módulo con errores: chrome.exe2
Id. del informe: chrome.exe3
 
Error: (12/10/2013 05:29:26 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el 
 
archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/10/2013 05:29:22 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el 
 
archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/10/2013 11:28:03 AM) (Source: Application Hang) (User: )
Description: El programa mbam.exe, versión 1.75.0.1, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el 
 
panel de control Centro de actividades.
 
Identificador de proceso: 1460
 
Hora de inicio: 01cef5923d569860
 
Hora de finalización: 14
 
Ruta de acceso de la aplicación: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
Identificador de informe: bd97053a-6185-11e3-a2d4-20cf30ae6287
 
Error: (12/09/2013 01:46:50 PM) (Source: Distributed Link Tracking Client) (User: )
Description: G
 
Error: (12/09/2013 09:47:29 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el 
 
archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/09/2013 09:47:17 AM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el 
 
archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/04/2013 06:53:45 PM) (Source: Microsoft-Windows-RestartManager) (User: PCX)
Description: No se pudo cerrar la aplicación o el servicio 'Explorador de Windows'.
 
 
System errors:
=============
Error: (12/15/2013 08:56:51 AM) (Source: Service Control Manager) (User: )
Description: El servicio DeviceVM Meta Data Export Service no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (12/15/2013 08:56:40 AM) (Source: Ntfs) (User: )
Description: El administrador de recursos de transacción en el volumen F: detectó un error irreproducible y no se pudo iniciar. Los datos contienen el código de error.
 
Error: (12/15/2013 08:56:40 AM) (Source: Disk) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.
 
Error: (12/14/2013 04:10:35 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (12/14/2013 11:54:01 AM) (Source: Service Control Manager) (User: )
Description: El servicio Servicio de Google Update (gupdate) no pudo iniciarse debido al siguiente error: 
%%1053
 
Error: (12/14/2013 11:54:01 AM) (Source: Service Control Manager) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Servicio de Google Update (gupdate).
 
Error: (12/14/2013 11:54:01 AM) (Source: DCOM) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (12/14/2013 09:34:09 AM) (Source: Service Control Manager) (User: )
Description: El servicio DeviceVM Meta Data Export Service no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (12/14/2013 09:33:59 AM) (Source: Ntfs) (User: )
Description: El administrador de recursos de transacción en el volumen F: detectó un error irreproducible y no se pudo iniciar. Los datos contienen el código de error.
 
Error: (12/14/2013 09:33:59 AM) (Source: Disk) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.
 
 
Microsoft Office Sessions:
=========================
Error: (12/10/2013 07:13:43 PM) (Source: Application Error)(User: )
Description: chrome.exe31.0.1650.63529e8b45unknown0.0.0.000000000c000000500000000110001cef5d37be8d159C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknowncce936d4-61c6-11e3-abcf-20cf30ae6287
 
Error: (12/10/2013 06:48:02 PM) (Source: Application Error)(User: )
Description: chrome.exe31.0.1650.63529e8b45ole32.dll6.1.7601.175144ce7b96fc00000050003bc21155001cef5cf3cedb62cC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\ole32.dll36dc2471
 
-61c3-11e3-abcf-20cf30ae6287
 
Error: (12/10/2013 06:36:24 PM) (Source: Application Error)(User: )
Description: chrome.exe31.0.1650.63529e8b45unknown0.0.0.000000000c000000500000000ee401cef5ce477226beC:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown96b82b90-61c1-11e3-abcf-20cf30ae6287
 
Error: (12/10/2013 05:29:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\francisco\downloads\esetsmartinstaller_enu.exe
 
Error: (12/10/2013 05:29:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\francisco\downloads\esetsmartinstaller_enu.exe
 
Error: (12/10/2013 11:28:03 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1146001cef5923d56986014C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exebd97053a-6185-11e3-a2d4-20cf30ae6287
 
Error: (12/09/2013 01:46:50 PM) (Source: Distributed Link Tracking Client)(User: )
Description: G
 
Error: (12/09/2013 09:47:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Francisco\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/09/2013 09:47:17 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Francisco\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/04/2013 06:53:45 PM) (Source: Microsoft-Windows-RestartManager)(User: PCX)
Description: 1C:\Windows\explorer.exeExplorador de Windows0411724880
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-02 19:15:43.758
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:15:43.615
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:15:43.473
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:15:43.331
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:15:42.349
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:15:42.207
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:15:42.065
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:15:41.906
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-securestartup-
 
core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:14:26.735
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-s..trics-
 
sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2013-12-02 19:14:26.612
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-s..trics-
 
sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Shockwave Player 12.0 (Version: 12.0.6.147)
ASUSUpdate (Version: 7.18.03)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
CCleaner (Version: 4.08)
Cool & Quiet
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (Version: 2.4.7)
GOM Player (Version: 2.2.56.5181)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
iLook 300 (Version: 1.0.0.28)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Management Engine Components (Version: 6.0.0.1179)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware versión 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile ESN Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Access MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Basque) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Catalan) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Galician) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (Spanish) 2010 (Version: 14.0.7015.1000)
Mozilla Firefox 25.0.1 (x86 es-ES) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (Version: 4.0.30319)
PC Probe II (Version: 1.04.86)
PDF-Viewer (Version: 2.5.213.1)
PDF-XChange Viewer Packages
Realtek Ethernet Controller Driver (Version: 7.76.1028.2013)
Realtek Ethernet Diagnostic Utility (Version: 2.0.2.3)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11 (Version: 6.11.102)
Software de impresora EPSON
swMSM (Version: 12.0.0.1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 50%
Total physical RAM: 3931.99 MB
Available physical RAM: 1929.55 MB
Total Pagefile: 7862.16 MB
Available Pagefile: 5478.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.9 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:1171.78 GB) (Free:1128.72 GB) NTFS
2 Drive d: () (Fixed) (Total:3.91 GB) (Free:3.8 GB) NTFS
3 Drive e: (HDD2Gb) (Fixed) (Total:1863.01 GB) (Free:8.86 GB) NTFS
4 Drive f: (Datos) (Fixed) (Total:356.14 GB) (Free:4.05 GB) NTFS
5 Drive g: (Backup) (Fixed) (Total:191.41 GB) (Free:2.93 GB) NTFS
6 Drive h: () (Fixed) (Total:380.06 GB) (Free:9.23 GB) NTFS
9 Drive k: (UDISK 2.0) (Removable) (Total:0.92 GB) (Free:0.09 GB) FAT
10 Drive l: (OFFICE14) (CDROM) (Total:0.7 GB) (Free:0 GB) UDF
11 Drive m: (DATOS(3T)) (Fixed) (Total:876.12 GB) (Free:557.7 GB) NTFS
 
========================= Users: ========================================
 
Cuentas de usuario de \\PCX
 
Administrador            Anna                     Francisco                
Invitado                 XŠnia                    
Se ha completado el comando correctamente.
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 
 
Thank you!
Frank


#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 15 December 2013 - 03:59 AM

 
 

Please run these,

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool,  If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by the infection when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate the Infection that we are attempting to get rid of. So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.


rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

 

 

 

 

Please Download  AdwCleaner
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on the Scan button.
* When the scan has finished click on the
Clean button.
* NOTE : Your computer will be
rebooted automatically. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner.txt as well.
Once I OK the log, please click the Uninstall button to fully remove all

 

 

 

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 29 December 2013 - 08:44 PM

I will assume from the lack of response, that you no longer require help, and remove this topic from my watch list.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#13 mazika

mazika

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Warsaw
  • Local time:02:41 AM

Posted 25 July 2014 - 06:37 PM

Hi :)
 
I have similar problem as Frankdd if just notice that i have 'new' user wangzhisong.
 
as well i notice that my laptop slow down and sametimes its take ages before its start.
 
I will be very greatfull for a help.
 
(I would like to download you a log but i am not sure how can i add attachment)


Edited by mazika, 25 July 2014 - 06:40 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users