Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Care Antivirus - Removal


  • Please log in to reply
9 replies to this topic

#1 tom2013

tom2013

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 April 2013 - 04:53 PM

Hi

 

I am running MS Vista with Firefox and some how I downloaded this malware.

 

I am running in safe mode with networking

 

I have read posts on how to remove but when I try to download a fix the maleware rejects the download and I can not continue.

 

How do I start the process of downloading a fix for this infection???

 

Thanks

Tom



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:34 AM

Posted 29 April 2013 - 07:13 PM

Hi Tom.
You will need to download the tools on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.


Then run RKill and MBAM after you Reboot into Safe Mode
 How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.
 
 
Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)?Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.

A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
If nothing happens or if the tool does not run, please let me know in your next reply.
 
 
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Edited by boopme, 29 April 2013 - 07:17 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 tom2013

tom2013
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 30 April 2013 - 04:21 PM

I downloaded Rkill and  Malwarebytes Anti-Malware

 

I ran both and it found 10 things which were deleted

 

here is RKill log

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/30/2013 08:04:09 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
     * HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\L\00000004.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\L\201d3dde [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\n [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\U\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\U\00000001.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\U\80000000.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$cd57322c81d706cfe6ea2c8fbc7c0115\U\800000cb.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-21-1374785435-2051615930-1600987067-1000\$cd57322c81d706cfe6ea2c8fbc7c0115\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-21-1374785435-2051615930-1600987067-1000\$cd57322c81d706cfe6ea2c8fbc7c0115\@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-21-1374785435-2051615930-1600987067-1000\$cd57322c81d706cfe6ea2c8fbc7c0115\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-21-1374785435-2051615930-1600987067-1000\$cd57322c81d706cfe6ea2c8fbc7c0115\n [ZA File]
     * C:\$Recycle.Bin\S-1-5-21-1374785435-2051615930-1600987067-1000\$cd57322c81d706cfe6ea2c8fbc7c0115\U\ [ZA Dir]

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * COM+ Event System (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * BITS [Missing ImagePath]
 * MpsSvc [Missing ImagePath]
 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 04/30/2013 08:04:25 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
 

I don't know where my MBAM log went? It ran twice because it want to reboot my computer.

 

now in regular mode and no trace of system care virus

 

Do you want me to redo something or am I ok now?

 

Thanks

Tom



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:34 AM

Posted 30 April 2013 - 07:02 PM

OK, you are OK.

Now to be sure we all of it...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 tom2013

tom2013
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 June 2013 - 11:36 AM

Hi,

 

I think I am clean.I have run the 3 different suggestions above and will post the logs below. My main issue is that since I got infected by this virus I have been unable to physically download and thing from the internet or my email. The download starts and seems to complete but it goes into my Library where I can see the file but when I try to open or see it, it can't be openned. One of this virus's defenses is to prevent workable downloads???? Is it a configuration issue at this point?

 

MiniToolBox Log

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Tom (administrator) on 29-06-2013 at 08:47:24
Running from "H:\"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 5100 = Wireless Network Connection (Connected)
Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.0.168 metric=1


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tom-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : vlan1.phub.net.cable.rogers.com

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : vlan1.phub.net.cable.rogers.com
   Description . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
   Physical Address. . . . . . . . . : 00-16-EA-4E-47-D4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a00e:54c3:2d44:5783%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, June 29, 2013 8:28:35 AM
   Lease Expires . . . . . . . . . . : Sunday, June 30, 2013 8:28:35 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 318772970
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-37-B0-37-00-1D-BA-1C-51-8B
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cara.caraoperations.com
   Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-1D-BA-1C-51-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{A0D2398C-1EF6-4D5B-BA40-30D3238C1EFF}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.phub.net.cable.rogers.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.cara.caraoperations.com
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{A0D2398C-1EF6-4D5B-BA40-30D3238C1EFF}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  vlan1.phub.net.cable.rogers.com
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:400b:80b::1000
      24.156.153.44
      24.156.153.20
      24.156.153.54
      24.156.153.24
      24.156.153.55
      24.156.153.34
      24.156.153.39
      24.156.153.49
      24.156.153.59
      24.156.153.29
      24.156.153.40
      24.156.153.35
      24.156.153.50
      24.156.153.30
      24.156.153.45
      24.156.153.25



Pinging google.com [24.156.153.25] with 32 bytes of data:

Reply from 24.156.153.25: bytes=32 time=10ms TTL=58

Reply from 24.156.153.25: bytes=32 time=13ms TTL=58



Ping statistics for 24.156.153.25:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 10ms, Maximum = 13ms, Average = 11ms

Server:  vlan1.phub.net.cable.rogers.com
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=72ms TTL=51

Reply from 206.190.36.45: bytes=32 time=79ms TTL=51



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 72ms, Maximum = 79ms, Average = 75ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 16 ea 4e 47 d4 ...... Intel® Wireless WiFi Link 5100
 10 ...00 1d ba 1c 51 8b ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.{A0D2398C-1EF6-4D5B-BA40-30D3238C1EFF}
 18 ...00 00 00 00 00 00 00 e0  isatap.phub.net.cable.rogers.com
 16 ...00 00 00 00 00 00 00 e0  isatap.cara.caraoperations.com
 19 ...00 00 00 00 00 00 00 e0  isatap.{A0D2398C-1EF6-4D5B-BA40-30D3238C1EFF}
 17 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.15     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0    192.168.0.168     192.168.0.15     26
      192.168.0.0    255.255.255.0         On-link      192.168.0.15    281
     192.168.0.15  255.255.255.255         On-link      192.168.0.15    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.15    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.15    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.15    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0    192.168.0.168       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::a00e:54c3:2d44:5783/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 12 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 13 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 14 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 15 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 16 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 17 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 18 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 19 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 20 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 21 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 22 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 23 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 24 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 25 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 26 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 27 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 28 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 29 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 30 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 31 mswsock.dll [File not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/29/2013 08:28:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2013 08:28:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2013 08:28:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2013 08:28:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2013 08:28:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2013 08:28:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2013 08:28:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2013 08:28:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 08:28:21 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/29/2013 08:26:31 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (06/29/2013 08:29:05 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/29/2013 08:28:33 AM) (Source: Service Control Manager) (User: )
Description: DMICall
Lbd
spldr
Wanarpv6

Error: (06/29/2013 08:28:33 AM) (Source: Service Control Manager) (User: )
Description: VAIO Entertainment File Import ServiceVAIO Entertainment Database Service%%1068

Error: (06/29/2013 08:28:33 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (06/29/2013 08:28:33 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (06/29/2013 08:28:33 AM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (06/29/2013 08:28:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\IWMSSvc.dll21

Error: (06/29/2013 08:28:21 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/29/2013 08:28:13 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2013 07:59:44 AM) (Source: PlugPlayManager) (User: )
Description: The device 'USB Mass Storage Device' (USB\VID_054C&PID_0377\F7600001AD6A) disappeared from the system without first being prepared for removal.


Microsoft Office Sessions:
=========================
Error: (06/29/2013 08:28:58 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (06/29/2013 08:28:58 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe

Error: (06/29/2013 08:28:57 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (06/29/2013 08:28:57 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe

Error: (06/29/2013 08:28:56 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe

Error: (06/29/2013 08:28:56 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe

Error: (06/29/2013 08:28:56 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe

Error: (06/29/2013 08:28:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 08:28:21 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/29/2013 08:26:31 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


CodeIntegrity Errors:
===================================
  Date: 2013-04-30 10:11:02.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:02.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:01.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:01.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:01.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:01.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:01.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:01.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:00.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 10:11:00.719
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Adobe Common File Installer (Version: 1.00.002)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Premiere Elements 4.0 (Version: 4.0)
Adobe Premiere Elements 4.0 Templates (Version: 4.0.0)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AGEIA PhysX v7.09.13 (Version: 7.09.13)
Ahead Nero Burning ROM
Alps Pointing-device for VAIO
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects
ArcSoft WebCam Companion 2
ATI Catalyst Install Manager (Version: 3.0.664.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Full Existing (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Full New (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Light (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Previews Common (Version: 2008.0312.1659.28426)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Czech (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Danish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Dutch (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Finnish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization French (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization German (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Greek (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Hungarian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Italian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Japanese (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Korean (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Norwegian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Polish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Portuguese (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Russian (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Spanish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Swedish (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Thai (Version: 2008.0312.1659.28426)
Catalyst Control Center Localization Turkish (Version: 2008.0312.1659.28426)
CCC Help Chinese Standard (Version: 2008.0312.1658.28426)
CCC Help Chinese Traditional (Version: 2008.0312.1658.28426)
CCC Help Czech (Version: 2008.0312.1658.28426)
CCC Help Danish (Version: 2008.0312.1658.28426)
CCC Help Dutch (Version: 2008.0312.1658.28426)
CCC Help English (Version: 2008.0312.1658.28426)
CCC Help Finnish (Version: 2008.0312.1658.28426)
CCC Help French (Version: 2008.0312.1658.28426)
CCC Help German (Version: 2008.0312.1658.28426)
CCC Help Greek (Version: 2008.0312.1658.28426)
CCC Help Hungarian (Version: 2008.0312.1658.28426)
CCC Help Italian (Version: 2008.0312.1658.28426)
CCC Help Japanese (Version: 2008.0312.1658.28426)
CCC Help Korean (Version: 2008.0312.1658.28426)
CCC Help Norwegian (Version: 2008.0312.1658.28426)
CCC Help Polish (Version: 2008.0312.1658.28426)
CCC Help Portuguese (Version: 2008.0312.1658.28426)
CCC Help Russian (Version: 2008.0312.1658.28426)
CCC Help Spanish (Version: 2008.0312.1658.28426)
CCC Help Swedish (Version: 2008.0312.1658.28426)
CCC Help Thai (Version: 2008.0312.1658.28426)
CCC Help Turkish (Version: 2008.0312.1658.28426)
ccc-core-static (Version: 2008.0312.1659.28426)
ccc-utility (Version: 2008.0312.1659.28426)
Citrix Presentation Server Client - Web Only (Version: 10.100.55836)
Click to Disc (Version: 1.1.00.14140)
Click to Disc Editor (Version: 1.1.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dolby Control Center (Version: 1.1.0402)
DOOM 3: BFG Edition
Dropbox (Version: 1.4.7)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-Cloner V8.00 Build 1001 (Version: 8.00.0.1001)
FlipShare (Version: 4.1.4.50640)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Homestead SiteBuilder
iCloud (Version: 2.1.0.39)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 12.00.0004)
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton Security Scan (Version: 3.5.1.6)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenMG Secure Module 5.0.00 (Version: 5.0.00.11280)
QuickTime (Version: 7.73.80.64)
RAGE
Realtek High Definition Audio Driver (Version: 6.0.1.5610)
Rogers Connection Manager (Version: 1.0.0.1)
Roxio Central Audio (Version: 3.7.0)
Roxio Central Copy (Version: 3.7.0)
Roxio Central Core (Version: 3.7.0)
Roxio Central Data (Version: 3.7.0)
Roxio Central Tools (Version: 3.7.0)
Roxio Easy Media Creator 10 LJ (Version: 10.1)
Roxio Easy Media Creator Home (Version: 1.1.082)
Setting Utility Series (Version: 4.0.00.17250)
Skins (Version: 2008.0312.1659.28426)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.1 (Version: 6.1.129)
Sony Video Shared Library (Version: 3.3.00)
Spybot - Search & Destroy (Version: 1.6.0)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Unity Web Player (Version: 2.6.1f3_31223)
Unreal Tournament 3 (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VAIO Content Folder Setting (Version: 2.0.00.14220)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.0.01.03032)
VAIO Content Metadata Manager Setting (Version: 3.0.00.02040)
VAIO Content Metadata XML Interface Library (Version: 3.0.01.03030)
VAIO Control Center (Version: 3.0.00.16210)
VAIO Data Restore Tool (Version: 1.0.04.01170)
VAIO DVD Menu Data Basic (Version: 1.0.00.08130)
VAIO Edit Components 6.4 (Version: 6.4)
VAIO Entertainment Platform (Version: 3.1.00.16020)
VAIO Event Service (Version: 4.0.00.17150)
VAIO Help and Support (Version: 5.30.0613.ENCA)
VAIO Launcher (Version: 2.0.00.15260)
VAIO Media plus (Version: 1.0.00.15100)
VAIO Movie Story (Version: 1.2.00.14130)
VAIO Movie Story Template Data (Version: 1.2.00.13220)
VAIO MusicBox (Version: 2.0.00.14180)
VAIO MusicBox Sample Music (Version: 1.1.00.14140)
VAIO OOBE and Welcome Center (Version: 5.10.0502.ENCA)
VAIO Original Function Setting (Version: 1.3.00.14230)
VAIO Power Management (Version: 3.0.00.05270)
VAIO Presentation Support (Version: 1.0.00.04240)
VAIO Update 3 (Version: 3.1.00.13220)
VAIO Wallpaper Contents (Version: 1.1.00.12140)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.0.5 (Version: 2.0.5)
WIDCOMM Bluetooth Software 6.1.0.2200 (Version: 6.1.0.2200)
WinDVD BD for VAIO (Version: 8.0-B9.431)

========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 3069.12 MB
Available physical RAM: 2598.29 MB
Total Pagefile: 6339.23 MB
Available Pagefile: 6079.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:288.55 GB) (Free:95.81 GB) NTFS
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive h: () (Removable) (Total:1.9 GB) (Free:0.18 GB) FAT

========================= Users: ========================================

User accounts for \\TOM-PC

Administrator            Guest                    Tom                      


**** End of log ****
 

ADWCleaner Log

 

# AdwCleaner v2.303 - Logfile created 06/29/2013 at 09:01:57
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Tom - TOM-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Tom\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Tom\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\wmk4g6jp.default-1348965378348\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1562 octets] - [29/06/2013 09:00:50]
AdwCleaner[S1].txt - [1350 octets] - [29/06/2013 09:01:57]

########## EOF - C:\AdwCleaner[S1].txt - [1410 octets] ##########
 

ESET OnlineScan

 

This scan came up clean with no resulting log produced

 

Thanks

Tom

 



#6 tom2013

tom2013
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 June 2013 - 01:58 PM

Farbar Service Scanner Version: 27-06-2013
Ran by Tom (administrator) on 29-06-2013 at 14:48:53
Running from "C:\Users\Tom\Desktop\Program Stuff\Spyware_Cleaners"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of BITS. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#7 tom2013

tom2013
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 June 2013 - 01:59 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-29 14:49:56
-----------------------------
14:49:56.493    OS Version: Windows 6.0.6002 Service Pack 2
14:49:56.494    Number of processors: 2 586 0x1706
14:49:56.496    ComputerName: TOM-PC  UserName: Tom
14:49:58.921    Initialize success
14:50:32.097    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:50:32.102    Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3
14:50:32.108    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000062
14:50:32.113    Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
14:50:32.119    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000063
14:50:32.125    Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
14:50:32.239    Disk 0 MBR read successfully
14:50:32.246    Disk 0 MBR scan
14:50:32.253    Disk 0 Windows VISTA default MBR code
14:50:32.265    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9771 MB offset 2048
14:50:32.286    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       295472 MB offset 20013056
14:50:32.297    Disk 0 scanning sectors +625140400
14:50:32.475    Disk 0 scanning C:\Windows\system32\drivers
14:50:43.016    Service scanning
14:51:10.734    Modules scanning
14:51:21.408    Disk 0 trace - called modules:
14:51:21.496    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
14:51:21.509    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868a3168]
14:51:21.520    3 CLASSPNP.SYS[8b3a88b3] -> nt!IofCallDriver -> [0x862e7cb8]
14:51:21.531    5 acpi.sys[8aa916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x862e8028]
14:51:21.543    Scan finished successfully
14:51:38.140    Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\Program Stuff\Spyware_Cleaners\MBR.dat"
14:51:38.166    The log file has been saved successfully to "C:\Users\Tom\Desktop\Program Stuff\Spyware_Cleaners\aswMBR.txt"

 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:34 AM

Posted 29 June 2013 - 08:00 PM

Hello, we got a bit of a mess, Lets see if we can get it.

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


DOwnload

http://kb.eset.com/library/ESET/KB Team Only/Malware/ServicesRepair.exe

Run it,restart the PC

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 tom2013

tom2013
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 30 June 2013 - 07:58 PM

Farbar Service Scanner Version: 27-06-2013
Ran by Tom (administrator) on 30-06-2013 at 20:51:46
Running from "C:\Users\Tom\Desktop\Program Stuff\Spyware_Cleaners"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of BITS. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/30/2013 08:56:06 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\RtkAudioService.exe (PID: 1492) [WD-HEUR]
 * C:\Windows\System32\SupportAppXL\AutoDect.exe (PID: 692) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtMon.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpRtPlug.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSigDwn.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSoftEx.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MsMpRes.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * BITS [Missing ImagePath]
 * MpsSvc [Missing ImagePath]
 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 06/30/2013 08:57:25 PM
Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s)
 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:34 AM

Posted 01 July 2013 - 08:46 PM

OK, we have a zeroaccess rootkit that needs special treatment.
 
 
Please follow this Preparation Guide and post in a new topic.
Let me know if all went well
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users