Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image error/Random Shutdowns


  • This topic is locked This topic is locked
15 replies to this topic

#1 sn0wwarrior

sn0wwarrior

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 28 June 2012 - 12:58 PM

Hi,

Im new here so I hope Im putting this in the right forum.

I am looking for help in fixing some problems with my dad's laptop. Its a dell about 2 1/2 years old. Running Windows 7. he is currently using Avast anti-virus, but used to run mcAfee anti-virus. Internet connection seems to be fine. Only errors that come up are on the start up of the desktop.

When I start the computer an error message pops up saying :
"lxcimon.exe-bad Image

\\.\globalroot\system\assembly\tmp\u\80000032.@
is either not designed to run on windows or it contains
an error. try installing the program again using the
orginal installation media or contact your
system administrator or the software vendor of support."

In addition to this the computer will shut off on its own for no reason, these shut downs are occurring quite often.
I have tried to run system restore to several different restore points, however the system restore fails no matter which point I try to restore too.

Any help you can give at this point would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:32 AM

Posted 28 June 2012 - 02:08 PM

Hello sn0wwarrior,

Welcome to the forum. Looks the system is infected with ZeroAccess. I will assist you with cleaning the laptop.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 sn0wwarrior

sn0wwarrior
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 28 June 2012 - 03:58 PM

Hi, farbar
Thanks for taking the time to help, here is the log.

Scan result of Farbar Recovery Scan Tool Version: 28-06-2012 02
Ran by SYSTEM at 28-06-2012 15:53:04
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe" [103344 2007-05-11] (Lexmark International Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [lxcimon.exe] "C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe" [205744 2007-05-11] (Lexmark International, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [iYogi Support Dock] "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [1641200 2012-03-05] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [3493720 2011-07-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKU\Bart\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\Bart\...\Run: [Google Update] "C:\Users\Bart\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-07] (Google Inc.)
HKU\Bart\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [42184 2011-07-04] (AVAST Software)
4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()
2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [393648 2011-09-05] (Eastman Kodak Company)
2 lxci_device; C:\Windows\system32\lxcicoms.exe -service [566192 2007-02-01] ( )
2 lxci_device; C:\Windows\SysWow64\lxcicoms.exe -service [537520 2007-02-01] ( )
2 SDiManage; "C:\Program Files (x86)\iYogi\SDiManage\IYogiMonitoringSvc.exe" [17408 2011-11-03] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)
2 SupportDockService.exe; "C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe" [78336 2012-03-01] (iYogi Technical Services)
2 svcwrsssdk; C:\Windows\System32\etoksrv.dll [6656 2009-07-13] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
4 0297911320691536mcinstcleanup; C:\Users\Bart\AppData\Local\Temp\029791~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-07-04] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [64856 2011-07-04] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-07-04] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-07-04] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [288088 2011-07-04] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [45400 2011-07-04] (AVAST Software)
2 npf; C:\Windows\System32\Drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
3 RTLWUSB; C:\Windows\System32\DRIVERS\RTL8187.sys [275456 2007-01-11] (Realtek Semiconductor Corporation )

========================== NetSvcs (Whitelisted) ===========

NETSVC: svcwrsssdk -> C:\Windows\system32\etoksrv.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess

============ One Month Created Files and Folders ==============

2012-06-28 15:52 - 2012-06-28 15:53 - 00000000 ____D C:\FRST
2012-06-27 10:55 - 2012-06-27 10:55 - 00979144 ____A (Solid State Networks) C:\Users\Bart\Downloads\install_reader10_en_mssd_aih.exe
2012-06-24 07:22 - 2012-06-24 07:22 - 00000165 ___AH C:\Users\Bart\Desktop\~$The Beginning of the Church - 43 -The Riches In God's Family (Acts 18-1-11).pptx
2012-06-23 14:25 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 14:25 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-23 14:25 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 14:25 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 14:25 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-23 14:25 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 14:25 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-23 14:25 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-23 14:25 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 14:23 - 2012-06-21 18:18 - 00069046 ____A C:\Users\Bart\Desktop\The Beginning of the Church - 43 -The Riches In God's Family (Acts 18-1-11).pptx
2012-06-21 13:58 - 2012-06-28 08:02 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-06-21 13:48 - 2012-06-21 13:48 - 00000000 ____D C:\Users\All Users\Ask
2012-06-21 13:47 - 2012-06-21 13:47 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-21 13:47 - 2012-06-21 13:47 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-21 13:47 - 2012-06-21 13:47 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-21 13:47 - 2012-06-21 13:47 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-21 13:47 - 2012-06-21 13:47 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-21 13:46 - 2012-06-21 13:46 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-16 12:04 - 2012-06-19 11:08 - 00080409 ____A C:\Users\Bart\Desktop\The Exodus of Isreal - 17 - God's Requirement - Third Plague (Ex 8-16-19).pptx
2012-06-14 05:07 - 2012-06-14 05:07 - 00058197 ____A C:\Users\Bart\Downloads\Reports.aspx
2012-06-13 04:53 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 04:53 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 04:53 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 04:53 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 04:53 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 04:53 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 04:53 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 04:53 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 04:53 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-13 04:53 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 04:53 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 04:53 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 04:53 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 04:53 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 04:53 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 04:52 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 04:52 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 04:52 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 04:52 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 04:52 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 04:52 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 04:51 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 04:51 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 15:23 - 2012-06-12 15:23 - 00000000 ____D C:\Users\Bart\AppData\Local\Macromedia
2012-06-10 07:20 - 2012-06-10 07:20 - 00000165 ___AH C:\Users\Bart\Desktop\~$The Beginning of the Church - 42 - Wholly Given (Acts 17-16-34).pptx
2012-06-04 07:55 - 2012-06-04 07:58 - 00000000 ____D C:\Users\Bart\Desktop\CURRENT WORK
2012-05-31 14:22 - 2012-06-26 12:59 - 00000000 ____D C:\Users\Bart\Desktop\Arcahery
2012-05-31 06:01 - 2012-06-21 07:01 - 00010105 ____A C:\Users\Bart\Documents\Stock Info.xlsx

============ 3 Months Modified Files and Folders =============

2012-06-28 15:53 - 2012-06-28 15:52 - 00000000 ____D C:\FRST
2012-06-28 12:48 - 2012-05-14 13:10 - 01820693 ____A C:\Windows\WindowsUpdate.log
2012-06-28 12:48 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-28 12:48 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-28 12:47 - 2010-07-07 11:57 - 00000000 ____D C:\Users\Bart\AppData\Roaming\Skype
2012-06-28 12:45 - 2012-05-14 13:07 - 00007728 ____A C:\Windows\setupact.log
2012-06-28 12:45 - 2011-11-07 12:02 - 00000000 ____D C:\Users\All Users\Kodak
2012-06-28 12:45 - 2010-12-24 19:14 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-28 12:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-28 12:33 - 2012-05-22 05:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-28 12:33 - 2011-07-07 13:19 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188377681-3396787066-3040908014-1000UA.job
2012-06-28 12:33 - 2011-07-07 13:19 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188377681-3396787066-3040908014-1000Core.job
2012-06-28 12:33 - 2010-12-24 19:14 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-28 10:21 - 2011-08-17 10:16 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188377681-3396787066-3040908014-1000UA.job
2012-06-28 10:21 - 2011-08-17 10:16 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4188377681-3396787066-3040908014-1000Core.job
2012-06-28 08:02 - 2012-06-21 13:58 - 00000000 ____D C:\Program Files (x86)\Ask.com
2012-06-28 08:02 - 2010-05-28 17:25 - 00000000 ____D C:\users\Bart
2012-06-28 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-28 08:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-27 13:35 - 2012-04-26 07:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-27 13:35 - 2010-05-30 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-27 13:35 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-06-27 12:17 - 2011-11-07 12:31 - 00038044 ____A C:\Users\Bart\AppData\Local\installer.log
2012-06-27 10:55 - 2012-06-27 10:55 - 00979144 ____A (Solid State Networks) C:\Users\Bart\Downloads\install_reader10_en_mssd_aih.exe
2012-06-27 10:35 - 2011-07-09 12:29 - 00000000 ____D C:\Users\Bart\Desktop\sermons to come
2012-06-26 17:53 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-26 12:59 - 2012-05-31 14:22 - 00000000 ____D C:\Users\Bart\Desktop\Arcahery
2012-06-24 07:22 - 2012-06-24 07:22 - 00000165 ___AH C:\Users\Bart\Desktop\~$The Beginning of the Church - 43 -The Riches In God's Family (Acts 18-1-11).pptx
2012-06-23 14:34 - 2012-05-22 05:46 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-23 14:34 - 2012-01-17 11:27 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-21 18:18 - 2012-06-21 14:23 - 00069046 ____A C:\Users\Bart\Desktop\The Beginning of the Church - 43 -The Riches In God's Family (Acts 18-1-11).pptx
2012-06-21 17:12 - 2011-12-13 11:14 - 00000000 ____D C:\Users\Bart\Desktop\Bulletin
2012-06-21 13:48 - 2012-06-21 13:48 - 00000000 ____D C:\Users\All Users\Ask
2012-06-21 13:47 - 2012-06-21 13:47 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-21 13:47 - 2012-06-21 13:47 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-21 13:47 - 2012-06-21 13:47 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-21 13:47 - 2012-06-21 13:47 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-21 13:47 - 2012-06-21 13:47 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-21 13:47 - 2011-11-11 09:28 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-21 13:46 - 2012-06-21 13:46 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-21 07:01 - 2012-05-31 06:01 - 00010105 ____A C:\Users\Bart\Documents\Stock Info.xlsx
2012-06-21 05:49 - 2012-04-21 14:05 - 00000000 ____D C:\Users\Bart\Desktop\Stock readings
2012-06-19 11:08 - 2012-06-16 12:04 - 00080409 ____A C:\Users\Bart\Desktop\The Exodus of Isreal - 17 - God's Requirement - Third Plague (Ex 8-16-19).pptx
2012-06-14 05:07 - 2012-06-14 05:07 - 00058197 ____A C:\Users\Bart\Downloads\Reports.aspx
2012-06-13 09:26 - 2009-07-13 20:45 - 00342128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 09:22 - 2010-05-29 06:44 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 07:13 - 2010-06-20 11:25 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 15:23 - 2012-06-12 15:23 - 00000000 ____D C:\Users\Bart\AppData\Local\Macromedia
2012-06-11 19:59 - 2011-07-07 13:27 - 00002360 ____A C:\Users\Bart\Desktop\Google Chrome.lnk
2012-06-10 10:23 - 2010-05-18 03:20 - 00000000 ____D C:\Users\All Users\Skype
2012-06-10 07:20 - 2012-06-10 07:20 - 00000165 ___AH C:\Users\Bart\Desktop\~$The Beginning of the Church - 42 - Wholly Given (Acts 17-16-34).pptx
2012-06-06 13:23 - 2011-10-19 10:42 - 00000000 ____D C:\Users\Bart\Desktop\Zechariah 2011
2012-06-04 07:58 - 2012-06-04 07:55 - 00000000 ____D C:\Users\Bart\Desktop\CURRENT WORK
2012-06-02 14:19 - 2012-06-23 14:25 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 14:25 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 14:25 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 14:25 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 14:25 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 14:25 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 14:25 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-23 14:25 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-23 14:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-30 11:39 - 2010-07-02 07:57 - 00000000 ____D C:\Users\Bart\Desktop\STUDY GUIDE
2012-05-24 06:38 - 2012-02-05 07:22 - 00000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-22 05:41 - 2012-05-22 05:41 - 00000000 __SHD C:\found.000
2012-05-21 09:19 - 2012-05-21 09:19 - 00000000 ____D C:\Users\Bart\Desktop\S-Homwork
2012-05-20 07:23 - 2012-05-20 07:23 - 00000165 ___AH C:\Users\Bart\Desktop\~$The Beginning of the Church - 40 - Turning the Upside down, Right side up! ( Acts 171-9).pptx
2012-05-17 16:01 - 2011-11-11 06:27 - 00000000 ____D C:\Program Files (x86)\iYogi Support Dock
2012-05-17 04:59 - 2012-05-17 04:59 - 00002037 ____A C:\Users\Public\Desktop\iYogi Support Dock.lnk
2012-05-17 04:59 - 2011-11-11 09:56 - 00000000 ____D C:\Users\All Users\iYogi
2012-05-16 12:49 - 2011-05-04 06:03 - 00000000 ____D C:\Users\Bart\Desktop\D & M 2011
2012-05-14 20:01 - 2012-06-13 04:53 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-13 04:53 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-13 04:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-13 04:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-13 04:51 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 13:07 - 2012-05-14 13:07 - 00000334 ____A C:\Windows\PFRO.log
2012-05-14 13:07 - 2012-05-14 13:07 - 00000000 ____A C:\Windows\setuperr.log
2012-05-14 11:08 - 2012-05-14 11:08 - 00002302 ____A C:\Windows\__nsc.bmp
2012-05-14 11:08 - 2012-05-14 11:08 - 00002175 ____A C:\Windows\__rr.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00002175 ____A C:\Windows\__jr.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00002148 ____A C:\Windows\__pr.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00002049 ____A C:\Windows\__ir.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00002013 ____A C:\Windows\__br.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00001969 ____A C:\Windows\__sr.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00001960 ____A C:\Windows\__mr.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00001845 ____A C:\Windows\__tr.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00001641 ____A C:\Windows\__ar.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00001546 ____A C:\Windows\__fr.gif
2012-05-14 11:08 - 2012-05-14 11:08 - 00000000 ____D C:\Users\All Users\SmartPCScan
2012-05-14 11:06 - 2012-05-14 11:06 - 03825664 ____A (iYogi) C:\Users\Bart\Desktop\APCT.exe
2012-05-11 14:49 - 2010-05-18 03:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-05-11 14:49 - 2010-05-18 03:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 14:49 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-11 14:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-11 14:37 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-05-06 09:35 - 2012-05-06 09:35 - 00000165 ___AH C:\Users\Bart\Desktop\~$The Exodus of Isreal - 14 - The Soul’s Eternal Life Or Death (Ex. 7-6-13).pptx
2012-05-04 16:03 - 2012-05-04 15:46 - 00068229 ____A C:\Users\Bart\Documents\CALVARY BAPTIST CHURCH.pptx
2012-05-04 03:06 - 2012-06-13 04:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 04:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 04:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 19:55 - 2012-06-13 04:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 07:41 - 2012-04-26 07:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-25 21:41 - 2012-06-13 04:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 04:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 04:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-20 16:06 - 2012-04-20 16:06 - 00000165 ___AH C:\Users\Bart\Desktop\~$The Beginning of the Church - 37 - Cultured lady Imprisoned by Commerce (Acts 1611-15).pptx
2012-04-20 13:09 - 2012-02-01 09:39 - 00000000 ____D C:\Users\Bart\Documents\United States Consitution Notes
2012-04-19 21:42 - 2012-06-13 04:53 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-13 04:53 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-13 04:53 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-13 04:53 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-13 04:53 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-13 04:53 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-13 04:53 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-13 04:53 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-13 04:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-13 04:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-13 04:53 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-13 04:53 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-13 04:53 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-13 04:53 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-13 04:53 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-13 04:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-13 04:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:30 - 2012-04-19 14:20 - 00060747 ____A C:\Users\Bart\Documents\The Exodus of Isreal - 13 - God Plan Has Purpose (Ex 7-1-5).pptx
2012-04-19 19:16 - 2012-06-13 04:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-17 08:01 - 2011-11-07 15:29 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-14 05:45 - 2012-01-20 20:45 - 00142479 ____H C:\Users\Bart\Desktop\~WRL2996.tmp
2012-04-01 13:18 - 2010-10-29 17:58 - 00000000 ____D C:\Users\Bart\AppData\Local\PowerDVD DX

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3892.52 MB
Available physical RAM: 3213.18 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3197.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:393.02 GB) NTFS
2 Drive e: (DVD_ROM) (CDROM) (Total:4.08 GB) (Free:0 GB) UDF
3 Drive f: (Lexar) (Removable) (Total:3.73 GB) (Free:3.64 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 564 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Lexar FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 17:54

======================= End Of Log ==========================

Edited by sn0wwarrior, 28 June 2012 - 04:00 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:32 AM

Posted 28 June 2012 - 04:13 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
C:\Windows\System32\consrv.dll
2 svcwrsssdk; C:\Windows\System32\etoksrv.dll [6656 2009-07-13] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
C:\Windows\System32\etoksrv.dll
NETSVC: svcwrsssdk -> C:\Windows\system32\etoksrv.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
end

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also reboot the computer and tell me how it went.

#5 sn0wwarrior

sn0wwarrior
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 28 June 2012 - 04:49 PM

Ok
I ran it again, and the computer started up without any error messages. It will take a little while for me to see if the computer shuts it self off on its own again or not, but for now it looks fine.

here is the log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 28-06-2012 02
Ran by SYSTEM at 2012-06-28 16:44:33 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll moved successfully.
svcwrsssdk service deleted successfully.
C:\Windows\System32\etoksrv.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs svcwrsssdk Deleted successfully.

==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:32 AM

Posted 28 June 2012 - 05:09 PM

Well done.

We have removed the infection. But this infection does some damage we need to restore later on. But now we check for any leftover.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 sn0wwarrior

sn0wwarrior
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 28 June 2012 - 11:20 PM

Ok i ran the scan it said it didnt find any problems.

here is the log:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bart :: BART-PC [administrator]

Protection: Enabled

6/28/2012 11:10:54 PM
mbam-log-2012-06-28 (23-10-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210727
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:32 AM

Posted 29 June 2012 - 12:50 AM

That is good. Now we check to see what should be restored.

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List installed programs.
    • List Devices
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download Farbar Service Scanner and run it.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


#9 sn0wwarrior

sn0wwarrior
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 29 June 2012 - 09:28 PM

Hey

sorry for the delay, had to work most all of the day.

anway here is the log for ffs:

Farbar Service Scanner Version: 25-06-2012 01
Ran by Bart (administrator) on 29-06-2012 at 21:21:01
Running from "C:\Users\Bart\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

and the log for minitool


MiniToolBox by Farbar Version: 25-06-2012
Ran by Bart (administrator) on 29-06-2012 at 21:23:43
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:61960

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Accelerometer (Version: 1.06.08.17)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
Age of Empires III (Version: 1.00.0000)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 5.7.5.30)
aioscnnr (Version: 7.0.5.10)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
avast! Free Antivirus (Version: 6.0.1203.0)
Banctec Service Agreement (Version: 2.0.0)
Bing Bar (Version: 7.0.850.0)
C4USelfUpdater (Version: 1.00.0000)
center (Version: 6.2.5.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cozi (Version: 1.0.4323.24051)
Dell DataSafe Online (Version: 1.2.0009)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 14.0.2.0)
Dell Webcam Central (Version: 1.40.05)
DW WLAN Card Utility (Version: 5.60.48.18)
EasyBits GO
essentials (Version: 6.0.14.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 19.0.1084.56)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
GoToAssist 8.0.0.514
HISTORY Great Battles Medieval (Version: 1.02)
Inbox Toolbar (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1968)
iYogi Support Dock (Version: 5.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 33 (Version: 6.0.330)
Junk Mail filter update (Version: 14.0.8089.726)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.1.6.30)
Lexmark 7300 Series
LightScribe System Software (Version: 1.18.16.1)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nmap 5.51
ocr (Version: 6.2.3.50)
Power BibleCD 5.7 (Version: 5.7.0000)
PowerDVD DX (Version: 8.3.6029)
PreReq (Version: 6.2.2.60)
Quickset64 (Version: 9.6.11)
RoE Power Tools (Version: 0.1)
Roxio Burn (Version: 1.01)
SDiManage (Version: 1.0.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.9 (Version: 5.9.123)
Star Wars Empire at War (Version: 1.0)
Star Wars Empire at War Forces of Corruption (Version: 1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
WebEx
WildTangent Games (Version: 1.0.0.71)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinPcap 4.1.2 (Version: 4.1.0.2001)

========================= Devices: ================================


**** End of log ****

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:32 AM

Posted 29 June 2012 - 11:28 PM

No worries for the delay.

  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please uninstall the following:

    Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Please run MiniToolBox once more. Check "List Winsock Entries", click "GO" and post the log it makes.


#11 sn0wwarrior

sn0wwarrior
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 30 June 2012 - 01:12 PM

ran all the programs and here is the log:


MiniToolBox by Farbar Version: 25-06-2012
Ran by Bart (administrator) on 30-06-2012 at 12:18:12
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Bart-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 78-E4-00-4A-27-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : greenway.k12.mn.us
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-AC-6F-6B-AA-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 78-E4-00-4A-27-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::688b:a43c:609a:4f54%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 30, 2012 9:30:41 AM
Lease Expires . . . . . . . . . . : Sunday, July 01, 2012 12:15:38 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 192472064
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-84-45-C0-B8-AC-6F-6B-AA-B5
DNS Servers . . . . . . . . . . . : 192.168.0.1
205.171.3.25
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{99088D4B-A737-4A04-8CC8-5349C4DBB3FF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3cd6:31cb:3f57:fffc(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cd6:31cb:3f57:fffc%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2001:4860:400a:800::100e
74.125.225.5
74.125.225.6
74.125.225.7
74.125.225.8
74.125.225.9
74.125.225.14
74.125.225.0
74.125.225.1
74.125.225.2
74.125.225.3
74.125.225.4


Pinging google.com [74.125.225.6] with 32 bytes of data:
Reply from 74.125.225.6: bytes=32 time=75ms TTL=57
Reply from 74.125.225.6: bytes=32 time=75ms TTL=57

Ping statistics for 74.125.225.6:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 75ms, Average = 75ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=127ms TTL=53
Reply from 98.139.183.24: bytes=32 time=158ms TTL=53

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 158ms, Average = 142ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=64
Reply from 127.0.0.1: bytes=32 time=2ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
14...78 e4 00 4a 27 54 ......Microsoft Virtual WiFi Miniport Adapter
11...b8 ac 6f 6b aa b5 ......Realtek PCIe GBE Family Controller
10...78 e4 00 4a 27 54 ......DW1501 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 281
192.168.0.3 255.255.255.255 On-link 192.168.0.3 281
192.168.0.255 255.255.255.255 On-link 192.168.0.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:3cd6:31cb:3f57:fffc/128
On-link
10 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3cd6:31cb:3f57:fffc/128
On-link
10 281 fe80::688b:a43c:609a:4f54/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2012 00:12:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2012 00:12:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/28/2012 11:40:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2012 11:37:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/28/2012 10:01:30 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/28/2012 03:41:59 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (06/28/2012 11:04:46 AM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80071a90.

Error: (06/28/2012 10:57:46 AM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80071a90.

Error: (06/27/2012 05:21:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 5.60.48.18, time stamp: 0x4b1e7b37
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007ff003ed358
Faulting process id: 0x4e8
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3

Error: (06/27/2012 04:37:37 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80071a90.


System errors:
=============
Error: (06/30/2012 00:15:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/30/2012 11:42:08 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/30/2012 11:42:07 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/30/2012 11:42:06 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/30/2012 09:31:31 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/30/2012 09:31:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/30/2012 09:31:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/30/2012 09:31:29 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/30/2012 09:31:29 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/30/2012 09:30:43 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (11/24/2010 10:03:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6533 seconds with 2760 seconds of active time. This session ended with a crash.

Error: (08/20/2010 03:59:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1793 seconds with 900 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Accelerometer (Version: 1.06.08.17)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
Age of Empires III (Version: 1.00.0000)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 5.7.5.30)
aioscnnr (Version: 7.0.5.10)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
avast! Free Antivirus (Version: 6.0.1203.0)
Banctec Service Agreement (Version: 2.0.0)
Bing Bar (Version: 7.0.850.0)
C4USelfUpdater (Version: 1.00.0000)
CCleaner (Version: 3.20)
center (Version: 6.2.5.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cozi (Version: 1.0.4323.24051)
Dell DataSafe Online (Version: 1.2.0009)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 14.0.2.0)
Dell Webcam Central (Version: 1.40.05)
DW WLAN Card Utility (Version: 5.60.48.18)
EasyBits GO
essentials (Version: 6.0.14.0)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 19.0.1084.56)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
GoToAssist 8.0.0.514
HISTORY Great Battles Medieval (Version: 1.02)
Inbox Toolbar (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1968)
iYogi Support Dock (Version: 5.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 33 (Version: 6.0.330)
Junk Mail filter update (Version: 14.0.8089.726)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.1.6.30)
Lexmark 7300 Series
LightScribe System Software (Version: 1.18.16.1)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nmap 5.51
ocr (Version: 6.2.3.50)
Power BibleCD 5.7 (Version: 5.7.0000)
PowerDVD DX (Version: 8.3.6029)
PreReq (Version: 6.2.2.60)
Quickset64 (Version: 9.6.11)
RoE Power Tools (Version: 0.1)
Roxio Burn (Version: 1.01)
SDiManage (Version: 1.0.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.9 (Version: 5.9.123)
Star Wars Empire at War (Version: 1.0)
Star Wars Empire at War Forces of Corruption (Version: 1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
WebEx
WildTangent Games (Version: 1.0.0.71)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinPcap 4.1.2 (Version: 4.1.0.2001)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3892.52 MB
Available physical RAM: 2310.72 MB
Total Pagefile: 9728.71 MB
Available Pagefile: 7920.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.89 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:392.39 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:3.73 GB) (Free:3.63 GB) FAT32

========================= Users: ========================================

User accounts for \\BART-PC

Administrator Bart Guest

========================= Minidump Files ==================================

========================= Restore Points ==================================

21-05-2012 15:33:51 Scheduled Checkpoint
29-05-2012 17:22:29 Scheduled Checkpoint
05-06-2012 04:03:42 Windows Update
13-06-2012 14:35:44 Scheduled Checkpoint
13-06-2012 15:12:38 Windows Update
20-06-2012 15:22:47 Scheduled Checkpoint
21-06-2012 21:46:38 Installed Java™ 6 Update 33
21-06-2012 21:47:48 Installed Java Runtime Environment
23-06-2012 22:24:41 Windows Update
27-06-2012 21:15:21 Restore Operation

**** End of log ****

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:32 AM

Posted 30 June 2012 - 05:19 PM

We need to restore winsock entries that were hijacked.

  • Please download Attached File  winsock64.reg   768bytes   7 downloads
    Double-click it and confirm the prompt to allow to merge.
  • Please run MiniToolBox. Note that we only need need "List Winsock Entries" to be checked. Click "Go" and post the log it makes.
  • Also tell me how is the computer running.


#13 sn0wwarrior

sn0wwarrior
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 01 July 2012 - 01:16 AM

heres the log, The computer seems to be running fine, it did shutdown on its own 1 time, but that may have been due to overheating not sure.


MiniToolBox by Farbar Version: 25-06-2012
Ran by Bart (administrator) on 01-07-2012 at 01:14:45
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:32 AM

Posted 01 July 2012 - 05:01 AM

Those winsock entries are repaired.

It looks goo and you are good to go. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Press "Configure".
  • Select "Delete". Then press "Continue" close and "OK".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Have a nice day sn0wwarrior.:)

#15 sn0wwarrior

sn0wwarrior
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 01 July 2012 - 03:11 PM

ok great, thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users