Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 zeroAccess - Cannot startup or Restore


  • This topic is locked This topic is locked
18 replies to this topic

#1 nymets1104

nymets1104

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 24 November 2012 - 03:48 AM

I have Windows 7 x64 installed on Dell Insprion. Recently I used AVIRA anti-virus to remove several instances of malware. Upon rebooting computer, unable to startup. Automatic Recovery does not work and there are 0 system restore points avilable. I have installed and ran Farbar Recovery Scan and included the LOG below I also searched the services.exe in FRST and inlcuded those results as well. Any advice for restoring start up capabilities would be greatly appreciated.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 23-11-2012 20:05:19
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [MacDrive 9 application] "C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe" [507904 2012-05-31] (Mediafour Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [41944 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640480 2012-07-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103576 2012-06-09] (VMware, Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [384800 2012-11-13] (Avira Operations GmbH & Co. KG)
HKU\David\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\David\...\Run: [AdobeBridge] [x]
HKU\David\...\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-21] (Google Inc.)
HKU\David\...\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup [44544 2009-07-13] (Microsoft Corporation)
HKU\David\...\Run: [nhasvc] "C:\Windows\System32\rundll32.exe" ,Number_Subtract [45568 2009-07-13] (Microsoft Corporation)
HKU\David\...\Run: [Spotify Web Helper] "C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-26] (Spotify Ltd)
HKU\David\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex [692152 2012-10-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-17] (Dell)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-29] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1089608 2012-09-29] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\David\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\David\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [84256 2012-10-16] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [108320 2012-10-16] (Avira Operations GmbH & Co. KG)
2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [1737728 2012-09-22] (Lavasoft Limited )
2 MacDrive9Service; "C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe" [178176 2012-05-21] (Mediafour Corporation)
2 OracleDBConsoledataBase; C:\app\David\product\11.2.0\dbhome_4\bin\nmesrvc.exe [35328 2010-03-02] (Oracle Corporation)
4 OracleDBConsoleDB1; C:\app\David\product\11.2.0\dbhome_5\bin\nmesrvc.exe [35328 2010-03-02] (Oracle Corporation)
2 OracleDBConsoleHW3; C:\app\David\product\11.2.0\dbhome_4\bin\nmesrvc.exe [35328 2010-03-02] (Oracle Corporation)
4 OracleDBConsoleorcl; C:\app\David\product\11.2.0\dbhome_4\bin\nmesrvc.exe [35328 2010-03-02] (Oracle Corporation)
4 OracleJobSchedulerBULLbleep; C:\app\david\product\11.2.0\dbhome99\Bin\extjob.exe BULLbleep [45568 2010-03-30] ()
3 OracleJobSchedulerCOUNTRY; C:\app\david\product\11.2.0\dbhome_2\Bin\extjob.exe COUNTRY [45568 2010-03-30] ()
4 OracleJobSchedulerCOUNTRY2; C:\app\david\product\11.2.0\dbhome_2\Bin\extjob.exe COUNTRY2 [45568 2010-03-30] ()
4 OracleJobSchedulerDATABASE; C:\app\david\product\11.2.0\dbhome_4\Bin\extjob.exe DATABASE [45568 2010-03-30] ()
4 OracleJobSchedulerDB1; C:\app\david\product\11.2.0\dbhome_5\Bin\extjob.exe DB1 [45568 2010-03-30] ()
4 OracleJobSchedulerHW3; C:\app\david\product\11.2.0\dbhome_4\Bin\extjob.exe HW3 [45568 2010-03-30] ()
4 OracleJobSchedulerORCL; C:\app\david\product\11.2.0\dbhome_4\Bin\extjob.exe ORCL [45568 2010-03-30] ()
4 OracleMTSRecoveryService; C:\app\David\product\11.2.0\dbhome_2\bin\omtsreco.exe "OracleMTSRecoveryService" [81408 2010-03-12] (Oracle Corporation)
4 OracleOraDb11g_home1ClrAgent; C:\app\David\product\11.2.0\dbhome_2\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:C:\app\David\product\11.2.0\dbhome_2\bin\oraclr11.dll" [161792 2010-03-12] (Oracle Corporation)
4 OracleOraDb11g_home2ClrAgent; C:\app\David\product\11.2.0\dbhome_4\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:C:\app\David\product\11.2.0\dbhome_4\bin\oraclr11.dll" [161792 2010-03-12] (Oracle Corporation)
4 OracleOraDb11g_home3ClrAgent; C:\app\David\product\11.2.0\dbhome_5\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:C:\app\David\product\11.2.0\dbhome_5\bin\oraclr11.dll" [161792 2010-03-12] (Oracle Corporation)
2 OracleServiceBULLbleep; C:\app\david\product\11.2.0\dbhome99\bin\ORACLE.EXE BULLbleep [134018048 2010-03-30] (Oracle Corporation)
2 OracleServiceCOUNTRY; C:\app\david\product\11.2.0\dbhome_2\bin\ORACLE.EXE COUNTRY [134018048 2010-03-30] (Oracle Corporation)
2 OracleServiceCOUNTRY2; C:\app\david\product\11.2.0\dbhome_2\bin\ORACLE.EXE COUNTRY2 [134018048 2010-03-30] (Oracle Corporation)
2 OracleServiceDATABASE; C:\app\david\product\11.2.0\dbhome_4\bin\ORACLE.EXE DATABASE [134018048 2010-03-30] (Oracle Corporation)
4 OracleServiceDB1; C:\app\david\product\11.2.0\dbhome_5\bin\ORACLE.EXE DB1 [134018048 2010-03-30] (Oracle Corporation)
2 OracleServiceHW3; C:\app\david\product\11.2.0\dbhome_4\bin\ORACLE.EXE HW3 [134018048 2010-03-30] (Oracle Corporation)
4 OracleServiceORCL; C:\app\david\product\11.2.0\dbhome_4\bin\ORACLE.EXE ORCL [134018048 2010-03-30] (Oracle Corporation)
3 OracleVssWriterBULLbleep; C:\app\david\product\11.2.0\dbhome99\bin\OraVSSW.exe BULLbleep [192000 2010-03-30] ()
3 OracleVssWriterCOUNTRY; C:\app\david\product\11.2.0\dbhome_2\bin\OraVSSW.exe COUNTRY [192000 2010-03-30] ()
3 OracleVssWriterCOUNTRY2; C:\app\david\product\11.2.0\dbhome_2\bin\OraVSSW.exe COUNTRY2 [192000 2010-03-30] ()
4 OracleVssWriterDATABASE; C:\app\david\product\11.2.0\dbhome_4\bin\OraVSSW.exe DATABASE [192000 2010-03-30] ()
4 OracleVssWriterDB1; C:\app\david\product\11.2.0\dbhome_5\bin\OraVSSW.exe DB1 [192000 2010-03-30] ()
3 OracleVssWriterHW3; C:\app\david\product\11.2.0\dbhome_4\bin\OraVSSW.exe HW3 [192000 2010-03-30] ()
4 OracleVssWriterORCL; C:\app\david\product\11.2.0\dbhome_4\bin\OraVSSW.exe ORCL [192000 2010-03-30] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-24] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [280792 2012-11-22] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-08-21] ()
2 bthenum; C:\Windows\System32\Epiusb.dll [x]
4 Oraclec_app_david_product_112~1.0_dbhome_2ConfigurationManager; C:\app\david\product\112~1.0\dbhome_2\ccr\bin\nmz.exe C:\app\david\product\112~1.0\dbhome_2\ccr\hosts\mccarran-pc [x]
4 Oraclec_app_david_product_112~1.0_dbhome_4ConfigurationManager; C:\app\david\product\112~1.0\dbhome_4\ccr\bin\nmz.exe C:\app\david\product\112~1.0\dbhome_4\ccr\hosts\mccarran-pc [x]

==================== Drivers (Whitelisted) =====================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98888 2012-11-13] (Avira Operations GmbH & Co. KG)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [129216 2012-11-13] (Avira Operations GmbH & Co. KG)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27800 2012-09-24] (Avira Operations GmbH & Co. KG)
1 CBDisk; C:\Windows\System32\Drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-05-28] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-05-25] (Lavasoft AB)
0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [317136 2012-06-06] (Mediafour Corporation)
0 MDPMGRNT; C:\Windows\System32\Drivers\MDPMGRNT.sys [32464 2012-06-05] (Mediafour Corporation)
4 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8918 2011-09-23] ()
3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [113536 2007-04-19] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [113536 2007-04-19] (Novatel Wireless Inc.)
3 PTDUBus; C:\Windows\System32\Drivers\PTDUBus.sys [70672 2009-08-12] (DEVGURU Co., LTD.)
3 PTDUMdm; C:\Windows\System32\Drivers\PTDUMdm.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTDUVsp; C:\Windows\System32\Drivers\PTDUVsp.sys [173456 2009-08-12] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTDUWFLT; C:\Windows\System32\Drivers\PTDUWFLT.sys [12688 2009-08-12] (DEVGURU Co., LTD.)
3 PTDUWWAN; C:\Windows\System32\Drivers\PTDUWWAN.sys [141840 2009-08-12] (DEVGURU Co., LTD.)
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
2 OracleOraDb11g_home1TNSListener; C:\app\David\product\11.2.0\dbhome_2\BIN\TNSLSNR [x]
2 OracleOraDb11g_home2TNSListener; C:\app\David\product\11.2.0\dbhome_4\BIN\TNSLSNR [x]
3 OracleOraDb11g_home2TNSListenerLISTENER1; C:\app\David\product\11.2.0\dbhome_4\BIN\TNSLSNR [x]
4 OracleOraDb11g_home3TNSListener; C:\app\David\product\11.2.0\dbhome_5\BIN\TNSLSNR [x]

==================== NetSvcs (Whitelisted) ====================

NETSVC: bthenum -> C:\Windows\system32\Epiusb.dll ==> No File.

==================== One Month Created Files and Folders ========

2012-11-23 20:05 - 2012-11-23 20:05 - 00000000 ____D C:\FRST
2012-11-20 10:19 - 2012-11-20 10:43 - 00004009 ____A C:\Users\David\Desktop\index.h
2012-11-20 10:01 - 2012-11-20 10:01 - 00006382 ____A C:\Users\David\Desktop\webSearchBU.c
2012-11-12 22:50 - 2012-11-12 22:50 - 00006142 ____A C:\Users\David\Desktop\webSearchWITHfgetC.cpp
2012-11-12 21:20 - 2012-11-21 01:57 - 00006380 ____A C:\Users\David\Desktop\webSearch.c
2012-11-12 21:17 - 2012-11-12 22:55 - 00000060 ____A C:\Users\David\Desktop\Makefile
2012-11-12 16:06 - 2012-11-12 16:06 - 00000170 ____A C:\Users\David\Desktop\train1.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000169 ____A C:\Users\David\Desktop\train2.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000114 ____A C:\Users\David\Desktop\doubleBig.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000112 ____A C:\Users\David\Desktop\double2.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000112 ____A C:\Users\David\Desktop\double1.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000056 ____A C:\Users\David\Desktop\single2.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000056 ____A C:\Users\David\Desktop\single1.txt
2012-11-12 15:02 - 2012-11-19 04:34 - 00000066 ____A C:\Users\David\Desktop\inFile.txt
2012-11-09 19:19 - 2012-11-12 22:50 - 00005969 ____A C:\Users\David\Desktop\crawlerNEW.c
2012-11-07 22:02 - 2012-11-07 22:02 - 00000000 ____D C:\Users\David\Application Data\Avira
2012-11-07 22:02 - 2012-11-07 22:02 - 00000000 ____D C:\Users\David\AppData\Roaming\Avira
2012-11-07 21:56 - 2012-11-13 09:22 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2012-11-07 21:56 - 2012-11-13 09:22 - 00098888 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2012-11-07 21:56 - 2012-11-07 21:56 - 00002028 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-11-07 21:56 - 2012-11-07 21:56 - 00002028 ____A C:\Users\All Users\Desktop\Avira Control Center.lnk
2012-11-07 21:56 - 2012-11-07 21:56 - 00000000 ____D C:\Users\All Users\Avira
2012-11-07 21:56 - 2012-11-07 21:56 - 00000000 ____D C:\Users\All Users\Application Data\Avira
2012-11-07 21:56 - 2012-11-07 21:56 - 00000000 ____D C:\Program Files (x86)\Avira
2012-11-07 21:56 - 2012-09-24 08:58 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2012-11-07 21:35 - 2012-11-07 21:35 - 00000000 ____D C:\Users\David\Application Data\Runscanner.net
2012-11-07 21:35 - 2012-11-07 21:35 - 00000000 ____D C:\Users\David\AppData\Roaming\Runscanner.net
2012-11-04 18:47 - 2012-11-04 18:47 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-11-04 18:47 - 2012-11-04 18:47 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2012-11-02 02:15 - 2012-11-02 02:15 - 00000000 ____D C:\Users\David\Desktop\rkill
2012-10-31 20:33 - 2012-10-31 20:34 - 03905297 ____A C:\Users\David\Downloads\08_Chapter3-5(1).pptx
2012-10-31 20:33 - 2012-10-31 20:33 - 03296402 ____A C:\Users\David\Downloads\10_Chapter4-2(1).pptx
2012-10-31 20:33 - 2012-10-31 20:33 - 00326234 ____A C:\Users\David\Downloads\Midterm2_Review(1).pptx

==================== One Month Modified Files and Folders =======

2012-11-23 19:59 - 2011-05-30 21:58 - 00024412 ____A C:\aaw7boot.log
2012-11-23 19:23 - 2012-07-31 23:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-23 19:23 - 2012-02-03 04:11 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-23 19:23 - 2012-02-03 04:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-23 19:23 - 2011-11-21 17:45 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-10647207-3761179689-2630143517-1001UA.job
2012-11-23 19:23 - 2011-11-21 17:45 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-10647207-3761179689-2630143517-1001Core.job
2012-11-22 03:08 - 2012-05-06 21:58 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-22 01:21 - 2011-08-16 22:35 - 00280792 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-11-22 01:21 - 2010-05-08 22:36 - 00280792 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-11-22 01:20 - 2010-05-08 22:36 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-11-22 01:03 - 2009-07-13 22:51 - 00092017 ____A C:\Windows\setupact.log
2012-11-22 00:28 - 2012-05-14 22:00 - 00000000 ____D C:\Users\David\Local Settings\Spotify
2012-11-22 00:28 - 2012-05-14 22:00 - 00000000 ____D C:\Users\David\Local Settings\Application Data\Spotify
2012-11-22 00:28 - 2012-05-14 22:00 - 00000000 ____D C:\Users\David\Application Data\Spotify
2012-11-22 00:28 - 2012-05-14 22:00 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify
2012-11-22 00:28 - 2012-05-14 22:00 - 00000000 ____D C:\Users\David\AppData\Local\Spotify
2012-11-21 23:48 - 2011-12-01 23:31 - 00000000 ____D C:\Users\David\My Documents\Studio-Seva
2012-11-21 23:48 - 2011-12-01 23:31 - 00000000 ____D C:\Users\David\Documents\Studio-Seva
2012-11-21 23:37 - 2009-07-13 23:13 - 00723072 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-21 01:57 - 2012-11-12 21:20 - 00006380 ____A C:\Users\David\Desktop\webSearch.c
2012-11-21 01:57 - 2012-10-02 12:36 - 00000369 ____A C:\Windows\cedt.INI
2012-11-21 01:02 - 2012-08-21 23:01 - 00000000 ____D C:\Users\David\Application Data\FileZilla
2012-11-21 01:02 - 2012-08-21 23:01 - 00000000 ____D C:\Users\David\AppData\Roaming\FileZilla
2012-11-21 00:58 - 2012-08-23 09:09 - 00000600 ____A C:\Users\David\Local Settings\PUTTY.RND
2012-11-21 00:58 - 2012-08-23 09:09 - 00000600 ____A C:\Users\David\Local Settings\Application Data\PUTTY.RND
2012-11-21 00:58 - 2012-08-23 09:09 - 00000600 ____A C:\Users\David\AppData\Local\PUTTY.RND
2012-11-20 11:19 - 2012-09-10 18:56 - 00000000 ____D C:\Users\David\Desktop\CS232
2012-11-20 10:43 - 2012-11-20 10:19 - 00004009 ____A C:\Users\David\Desktop\index.h
2012-11-20 10:01 - 2012-11-20 10:01 - 00006382 ____A C:\Users\David\Desktop\webSearchBU.c
2012-11-19 04:34 - 2012-11-12 15:02 - 00000066 ____A C:\Users\David\Desktop\inFile.txt
2012-11-14 09:03 - 2012-07-30 00:40 - 00000000 ____D C:\Users\David\Local Settings\Application Data\{5DE04988-DA11-11E1-8270-B8AC6F996F26}
2012-11-14 09:03 - 2012-07-30 00:40 - 00000000 ____D C:\Users\David\Local Settings\{5DE04988-DA11-11E1-8270-B8AC6F996F26}
2012-11-14 09:03 - 2012-07-30 00:40 - 00000000 ____D C:\Users\David\AppData\Local\{5DE04988-DA11-11E1-8270-B8AC6F996F26}
2012-11-13 09:22 - 2012-11-07 21:56 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2012-11-13 09:22 - 2012-11-07 21:56 - 00098888 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2012-11-12 22:55 - 2012-11-12 21:17 - 00000060 ____A C:\Users\David\Desktop\Makefile
2012-11-12 22:50 - 2012-11-12 22:50 - 00006142 ____A C:\Users\David\Desktop\webSearchWITHfgetC.cpp
2012-11-12 22:50 - 2012-11-09 19:19 - 00005969 ____A C:\Users\David\Desktop\crawlerNEW.c
2012-11-12 16:06 - 2012-11-12 16:06 - 00000170 ____A C:\Users\David\Desktop\train1.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000169 ____A C:\Users\David\Desktop\train2.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000114 ____A C:\Users\David\Desktop\doubleBig.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000112 ____A C:\Users\David\Desktop\double2.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000112 ____A C:\Users\David\Desktop\double1.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000056 ____A C:\Users\David\Desktop\single2.txt
2012-11-12 16:06 - 2012-11-12 16:06 - 00000056 ____A C:\Users\David\Desktop\single1.txt
2012-11-09 19:19 - 2012-08-21 22:16 - 00000000 ____D C:\Users\David\Desktop\CS271
2012-11-09 19:19 - 2011-03-24 20:12 - 00000000 ____D C:\Users\David\Desktop\eclipse-SDK-3.6.2-win32
2012-11-09 14:18 - 2011-11-21 17:46 - 00002490 ____A C:\Users\David\Desktop\Google Chrome.lnk
2012-11-08 07:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2012-11-08 07:18 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-11-08 07:12 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-08 07:12 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-08 07:00 - 2012-08-21 22:43 - 00000000 ____D C:\Users\All Users\VMware
2012-11-08 07:00 - 2012-08-21 22:43 - 00000000 ____D C:\Users\All Users\Application Data\VMware
2012-11-08 07:00 - 2010-04-29 08:51 - 00000000 ____D C:\users\David
2012-11-08 06:59 - 2010-09-26 17:04 - 00000000 ____D C:\Users\All Users\Kodak
2012-11-08 06:59 - 2010-09-26 17:04 - 00000000 ____D C:\Users\All Users\Application Data\Kodak
2012-11-08 06:59 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-07 22:52 - 2010-04-12 18:10 - 00000000 ____D C:\Users\All Users\McAfee
2012-11-07 22:52 - 2010-04-12 18:10 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-11-07 22:52 - 2010-04-12 18:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-07 22:48 - 2012-01-10 21:27 - 00000000 __SHD C:\Users\David\Local Settings\Application Data\{7344f193-4334-372f-9d01-f84f59d8b2d4}
2012-11-07 22:48 - 2012-01-10 21:27 - 00000000 __SHD C:\Users\David\Local Settings\{7344f193-4334-372f-9d01-f84f59d8b2d4}
2012-11-07 22:48 - 2012-01-10 21:27 - 00000000 __SHD C:\Users\David\AppData\Local\{7344f193-4334-372f-9d01-f84f59d8b2d4}
2012-11-07 22:48 - 2010-04-12 19:27 - 01067536 ____A C:\Windows\PFRO.log
2012-11-07 22:02 - 2012-11-07 22:02 - 00000000 ____D C:\Users\David\Application Data\Avira
2012-11-07 22:02 - 2012-11-07 22:02 - 00000000 ____D C:\Users\David\AppData\Roaming\Avira
2012-11-07 21:56 - 2012-11-07 21:56 - 00002028 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-11-07 21:56 - 2012-11-07 21:56 - 00002028 ____A C:\Users\All Users\Desktop\Avira Control Center.lnk
2012-11-07 21:56 - 2012-11-07 21:56 - 00000000 ____D C:\Users\All Users\Avira
2012-11-07 21:56 - 2012-11-07 21:56 - 00000000 ____D C:\Users\All Users\Application Data\Avira
2012-11-07 21:56 - 2012-11-07 21:56 - 00000000 ____D C:\Program Files (x86)\Avira
2012-11-07 21:35 - 2012-11-07 21:35 - 00000000 ____D C:\Users\David\Application Data\Runscanner.net
2012-11-07 21:35 - 2012-11-07 21:35 - 00000000 ____D C:\Users\David\AppData\Roaming\Runscanner.net
2012-11-07 02:49 - 2011-04-11 21:51 - 00007609 ____A C:\Users\David\Local Settings\Resmon.ResmonCfg
2012-11-07 02:49 - 2011-04-11 21:51 - 00007609 ____A C:\Users\David\Local Settings\Application Data\Resmon.ResmonCfg
2012-11-07 02:49 - 2011-04-11 21:51 - 00007609 ____A C:\Users\David\AppData\Local\Resmon.ResmonCfg
2012-11-07 02:14 - 2012-08-16 16:08 - 00000000 ____D C:\Users\David\Desktop\BOOKS
2012-11-07 02:13 - 2012-08-16 16:07 - 00000000 ____D C:\Users\David\Desktop\MOVIES
2012-11-04 18:47 - 2012-11-04 18:47 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-11-04 18:47 - 2012-11-04 18:47 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan
2012-11-04 18:47 - 2012-02-02 19:05 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-11-02 02:15 - 2012-11-02 02:15 - 00000000 ____D C:\Users\David\Desktop\rkill
2012-11-01 17:25 - 2009-07-13 23:08 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-01 13:12 - 2011-06-16 22:11 - 00000000 ____D C:\Users\David\Application Data\BitTorrent
2012-11-01 13:12 - 2011-06-16 22:11 - 00000000 ____D C:\Users\David\AppData\Roaming\BitTorrent
2012-11-01 12:13 - 2012-10-03 01:10 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-01 12:13 - 2012-10-03 01:10 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-01 12:13 - 2012-10-03 01:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-31 20:34 - 2012-10-31 20:33 - 03905297 ____A C:\Users\David\Downloads\08_Chapter3-5(1).pptx
2012-10-31 20:33 - 2012-10-31 20:33 - 03296402 ____A C:\Users\David\Downloads\10_Chapter4-2(1).pptx
2012-10-31 20:33 - 2012-10-31 20:33 - 00326234 ____A C:\Users\David\Downloads\Midterm2_Review(1).pptx


ZeroAccess:
C:\Users\David\AppData\Local\{7344f193-4334-372f-9d01-f84f59d8b2d4}
C:\Users\David\AppData\Local\{7344f193-4334-372f-9d01-f84f59d8b2d4}\@
C:\Users\David\AppData\Local\{7344f193-4334-372f-9d01-f84f59d8b2d4}\L
C:\Users\David\AppData\Local\{7344f193-4334-372f-9d01-f84f59d8b2d4}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4056.36 MB
Available physical RAM: 3437.52 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3415.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:32.85 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (USB DISK) (Removable) (Total:14.43 GB) (Free:11.19 GB) FAT32
4 Drive f: (Rhineland (2007) NOGRP DVDRiP PA) (CDROM) (Total:1.27 GB) (Free:0 GB) UDF
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E USB DISK FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-11-16 10:58

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-11-23 20:49:00
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\system64\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 17:19] - [2009-07-13 19:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 24 November 2012 - 04:51 AM

Hello nymets1104,

Welcome to the forum.

We will remove the infection, boot normally and bring the system back to full functionality. Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\David\...\Run: [nhasvc] "C:\Windows\System32\rundll32.exe" ,Number_Subtract [45568 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
2 bthenum; C:\Windows\System32\Epiusb.dll [x]
NETSVC: bthenum -> C:\Windows\system32\Epiusb.dll ==> No File.
2012-11-07 22:48 - 2012-01-10 21:27 - 00000000 __SHD C:\Users\David\Local Settings\Application Data\{7344f193-4334-372f-9d01-f84f59d8b2d4}
2012-11-07 22:48 - 2012-01-10 21:27 - 00000000 __SHD C:\Users\David\Local Settings\{7344f193-4334-372f-9d01-f84f59d8b2d4}
2012-11-07 22:48 - 2012-01-10 21:27 - 00000000 __SHD C:\Users\David\AppData\Local\{7344f193-4334-372f-9d01-f84f59d8b2d4}
end

Now please enter System Recovery Options and select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#3 nymets1104

nymets1104
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 24 November 2012 - 05:15 AM

Thank you for quick reply sir.

Full Start Up has been restored!

Thank You, I included the fixLog as well.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-11-23 23:05:38 Run:1
Running from G:\

==============================================

HKEY_USERS\David\Software\Microsoft\Windows\CurrentVersion\Run\\nhasvc Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
bthenum service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs bthenum Deleted successfully.
C:\Users\David\Local Settings\Application Data\{7344f193-4334-372f-9d01-f84f59d8b2d4} moved successfully.
C:\Users\David\Local Settings\{7344f193-4334-372f-9d01-f84f59d8b2d4} not found.
C:\Users\David\AppData\Local\{7344f193-4334-372f-9d01-f84f59d8b2d4} not found.

==== End of Fixlog ====

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 24 November 2012 - 05:23 AM

Great. :thumbup2:

This infection alters and damages some system functions we need to restore. We check for any leftover and next round check the state of the system.

Open your Malwarebytes' Anti-Malware.
  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#5 nymets1104

nymets1104
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 24 November 2012 - 06:16 AM

The scan completed without finding any malicious files.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: MCCARRAN-PC [administrator]

11/23/2012 5:33:35 AM
mbam-log-2012-11-23 (05-33-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256569
Time elapsed: 35 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 24 November 2012 - 06:19 AM

That is good.

Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List Winsock Entries
  • List installed programs.
  • List Devices (only check the box and let the default radio button as it is).
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

#7 nymets1104

nymets1104
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 24 November 2012 - 06:45 AM

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by David (administrator) on 23-11-2012 at 06:28:34
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)

=========================== Installed Programs ============================

Aces High (remove only)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Ad-Aware (Version: 9.0.6)
Adobe Acrobat 9 Pro - English, Franšais, Deutsch (Version: 9.5.2)
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR (Version: 3.4.0.2710)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.4.980)
Adobe Creative Suite 4 Design Premium (Version: 4.0)
Adobe Creative Suite 5.5 Production Premium (Version: 5.5)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Digital Editions
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Fonts All (Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 1.8)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Adobe SING CS4 (Version: 2.0)
Adobe Story (Version: 1.0.571)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced Audio FX Engine (Version: 1.12.05)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 6.2.3.10)
aioscnnr (Version: 7.3.4.0)
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2437)
Avira Free Antivirus (Version: 13.0.0.2761)
B17 - The Mighty Eighth
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2™
Battlefield Vietnam™
Battlefield Vietnam: WW2 Mod
Battlestations: Pacific (Version: 1.00.0000)
Bing Bar (Version: 7.0.756.0)
Bing Maps 3D (Version: 4.0.903.16005)
BitTorrent (Version: 7.2.1)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bus Driver (Version: 2.2.0.95)
C4USelfUpdater (Version: 1.00.0000)
center (Version: 6.2.5.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Combined Community Codec Pack 2011-06-26 (Version: 2011.06.26.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
Cozi (Version: 1.0.4323.24051)
Crimson Editor SVN286M (Version: SVN286M)
Darkest Hour Server
Darkest Hour: Europe '44-'45
Deer Hunter: The 2005 Season
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Touchpad (Version: 7.1107.115.102)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Download Manager 2.3.10 (Version: 2.3.10)
EA.com Update
EaseUS Data Recovery Wizard Free Edition 5.5.1
EAW 1.28d 1024
essentials (Version: 6.0.14.0)
European Air War
FileZilla Client 3.5.3 (Version: 3.5.3)
Forgotten Hope 0.70 (Version: 0.70)
GameShadow (Version: 2.03.0000)
GameSpy Arcade
Google Chrome (Version: 23.0.1271.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
HFSExplorer 0.21 (Version: 0.21)
IconEdit32
IE WebDeveloper V2.4.1 (Version: 2.4.1)
Intel® Graphics Media Accelerator Driver
Intel« Matrix Storage Manager
IrfanView (remove only) (Version: 4.28)
iSkysoft Video Converter(Build 3.2.2.0)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ SE Development Kit 6 Update 24 (Version: 1.6.0.240)
Java™ SE Development Kit 6 Update 29 (64-bit) (Version: 1.6.0.290)
Junk Mail filter update (Version: 14.0.8089.726)
Kodak AIO Printer (Version: 7.5.0.0)
KODAK AiO Software (Version: 7.5.9.60)
ksDIP (Version: 3.20.0000.0001)
kuler (Version: 2.0)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
LoJack Factory Installer (Version: 1.0.0)
MacDrive 9 Standard (Version: 9.0.3.35)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mare Nostrum
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.0.0)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE (Version: 2.0.675.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.673.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Suite Activation Assistant (Version: 1.2.1)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mobile Broadband Drivers (Version: 2.01.07.10)
Mount&Blade Warband
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyITLab (Version: 1.50.1)
MyITLab ActiveX Installer 2, 9, 8, 65535
MySQL Server 5.1 (Version: 5.1.59)
MySQL Tools for 5.0 (Version: 5.0.17)
ocr (Version: 6.2.3.50)
OpenOffice.org 3.3 (Version: 3.3.9567)
OverDrive Media Console (Version: 3.2.5)
PANTECH UM175 Driver (Version: 3.3.3524.918)
PDF Settings CS4 (Version: 9.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
PowerDVD DX (Version: 8.3.6029)
PreReq (Version: 6.2.4.0)
PunkBuster for Battlefield 1942
PunkBuster for Battlefield Vietnam
PunkBuster Services (Version: 0.992)
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.71.80.42)
Red Orchestra 2: Heroes of Stalingrad
Red Orchestra: Ostfront 41-45
RedOrchestra SDK Beta
RO:Ostfront Contest Maps 1.0
Roxio Burn (Version: 1.01)
Silent Hunter 4 Wolves of the Pacific (Version: 1.03.0000)
Spotify (Version: 0.8.5.1333.g822e0de8)
Steam (Version: 1.0.0.0)
Sub Command
Suite Shared Configuration CS4 (Version: 1.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.4.24.0)
Tank-o-Box (Version: 2.2.0.95)
tools-freebsd (Version: 8.8.4.744019)
tools-linux (Version: 8.8.4.744019)
tools-netware (Version: 8.8.4.744019)
tools-solaris (Version: 8.8.4.744019)
tools-windows (Version: 8.8.4.744019)
tools-winPre2k (Version: 8.8.4.744019)
Update Installer for WildTangent Games App
VmciSockets (Version: 9.1.54.1)
VMware Workstation (Version: 8.0.4.30409)
VZAccess Manager (Version: 7.2.1.2)
War Thunder Launcher 1.0.1.74
WildTangent Games (Version: 1.0.1.5)
WildTangent Games App (Dell Games) (Version: 4.0.3.58)
WildTangent Games App (Version: 4.0.4.12)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Wondershare Photo Recovery (build 3.0.3)
World at War Minimod (Version: 2.0.3.2)
Worms 4 Mayhem (remove only)
Worms 4 Mayhem Demo (Version: 1.00.0000)
XWW2_BF2_1.0
yuPlay client 0.7.30

========================= Devices: ================================

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


**** End of log ****

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 24 November 2012 - 06:54 AM

FYI: When we are both online and you remain viewing the topic, to see my reply you have to use F5 key to refresh the web page otherwise you continue to see your own reply until you exit viewing the topic. The site doesn't automatically refreshes the page when a reply is posted.

We need to restore the damaged winsock entries.

  • Please download Attached File  regfix.reg   768bytes   9 downloads
    Double-click it and confirm the prompt to allow to merge.
  • Important: Restart.
  • Download the attached file and save it to the desktop: Attached File  winsock.bat   94bytes   7 downloads
    Run it as administrator. To do that:
    Right-click it and select "Run as Administrator". Double-click the file to run it. It makes a log. Please post the content.
  • Important: Restart.
  • Run MiniToolBox again, check only "List Winsock Entries", click Go and post the log it makes.


#9 nymets1104

nymets1104
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 24 November 2012 - 02:59 PM

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by David (administrator) on 23-11-2012 at 14:59:06
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 24 November 2012 - 07:32 PM

That part is taken care of.

Let's check the services that might be damaged.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#11 nymets1104

nymets1104
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 24 November 2012 - 10:39 PM

Farbar Service Scanner Version: 09-11-2012
Ran by David (administrator) on 23-11-2012 at 22:38:52
Running from "C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0UMM8IP"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 25 November 2012 - 06:43 AM

You are running the tools from temporary internet directory. You can better save them to your desktop and then run them from there.

  • Please download ServicesRepair and save it to your desktop.

    • Double-click ServicesRepair.exe.
    • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
    • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • After restart wait a couple of minutes until the system is settled down then run Farbar Service Scanner again and post the log.


#13 nymets1104

nymets1104
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 25 November 2012 - 05:40 PM

Farbar Service Scanner Version: 09-11-2012
Ran by David (administrator) on 24-11-2012 at 17:39:52
Running from "C:\Users\David\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:54 AM

Posted 25 November 2012 - 05:45 PM

Those services are restored. :thumbup2:

Please download AdwCleaner and save it to your desktop.
  • Close all open programs.
  • Double click on AdwCleaner.exe to run it.
  • Click on Delete and confirm the prompt.
  • After it is finished the computer will be restarted. A text file will open after the restart.
  • Please post the content of that log to your reply.
  • A copy of the log will be saved at C:\AdwCleaner[S1].txt.


#15 nymets1104

nymets1104
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 25 November 2012 - 11:44 PM

# AdwCleaner v2.009 - Logfile created 11/24/2012 at 23:23:14
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : David - MCCARRAN-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\David\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\David\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\David\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\David\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tngp1eez.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.44] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.47] : keyword = "isearch.avg.com",
Deleted [l.50] : search_url = "hxxps://isearch.avg.com/search?cid={8A699377-2E80-4664-9737-89A5BC84CD64}&mid=6[...]

*************************

AdwCleaner[S1].txt - [1659 octets] - [24/11/2012 23:23:14]

########## EOF - C:\AdwCleaner[S1].txt - [1719 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users