Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransom virus wont let me into safe mode


  • This topic is locked This topic is locked
2 replies to this topic

#1 pylestone

pylestone

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 27 August 2013 - 08:13 PM

I am working on my nephews computer, I have gotten all of the virus off except one (I think).  I cannot get into safe mode, it will start to then about 3 seconds into letting you sign in it restarts.  her are the logs I have;

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/27/2013 10:18:58 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Program Files (x86)\Google\Desktop\Install\{86a5dcb2-4eed-f936-9d27-e77b70010620}\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{86a5dcb2-4eed-f936-9d27-e77b70010620}\   \ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{86a5dcb2-4eed-f936-9d27-e77b70010620}\   \...\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{86a5dcb2-4eed-f936-9d27-e77b70010620}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{86a5dcb2-4eed-f936-9d27-e77b70010620}\   \...\ﯹ๛\{86a5dcb2-4eed-f936-9d27-e77b70010620}\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{86a5dcb2-4eed-f936-9d27-e77b70010620}\   \...\ﯹ๛\{86a5dcb2-4eed-f936-9d27-e77b70010620}\L\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{86a5dcb2-4eed-f936-9d27-e77b70010620}\   \...\ﯹ๛\{86a5dcb2-4eed-f936-9d27-e77b70010620}\U\ [ZA Dir]

 

Farbar Service Scanner Version: 18-08-2013
Ran by no virus (administrator) on 27-08-2013 at 16:24:34
Running from "F:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 03
Ran by no virus at 2013-08-27 16:33:44
Running from F:\
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
AC3Filter 1.63b (x32 Version: 1.63b)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X MUI (x32 Version: 10.0.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Alps Pointing-device for VAIO
Application Manager for VAIO (x32)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.142)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.392)
Autodesk Design Review 2012 (x32 Version: 12.0.0.93)
Autodesk Inventor Content Center Libraries 2012 (Desktop Content) (Version: 16.0.16000.0000)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion for Inventor 2012 Add-in (Version: 1.0.0.18)
Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack (Version: 1.0.0.18)
Autodesk Inventor Professional 2012 (Version: 16.0.16000.0000)
Autodesk Inventor Professional 2012 English (Version: 16.0.16000.0000)
Autodesk Inventor Professional 2012 English Language Pack (Version: 16.0.16000.0000)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Low Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Vault 2012 (Client) (Version: 16.0.56.200)
Autodesk Vault 2012 (Client) (x32 Version: 16.0.56.200)
Autodesk Vault 2012 (Client) English Language Pack (Version: 16.0.56.200)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
Bing Bar (x32 Version: 7.0.610.0)
BuzzSocialPoints_DNS version 1.0 (x32 Version: 1.0)
BuzzSocialPoints_DNS_IE (x32 Version: 1.0.0.0)
Conexant HD Audio (Version: 8.54.18.51)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diablo II (x32)
Diablo III (x32 Version: 1.0.7.15295)
DWG TrueView 2012 (Version: 18.2.51.0)
Eco Materials Adviser (x64) (Version: 1.32.0.0)
GameSpy Arcade (x32)
GetSavin (x32 Version: 1.1365636018)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Hero Editor V0.96 (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2291)
Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046)
InternetHelper3.1 Toolbar (x32 Version: 6.15.0.27)
Java Auto Updater (x32 Version: 2.0.2.4)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 22 (x32 Version: 6.0.220)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Master of Orion 3 (x32)
Media Gallery (Version: 1.5.0.16020)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MotoHelper 2.0.45 Driver 5.0.0 (x32 Version: 2.0.45)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MyPC Backup  (Version: )
Norton Internet Security (x32 Version: 18.7.2.3)
odesk Inventor Fusion 2012 (Version: 1.0.0.79)
OOBE (x32 Version: 11.2.1.10)
PC Optimizer Pro (Version: 6.2.4.2)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (x32 Version: 5.5.02.12220)
PMB VAIO Edition Plug-in (Version: 1.5.01.04010)
PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250)
Quick Uninstall Tool for Autodesk Inventor 2012 (Version: 16.0.16000.0000)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.77)
Remote Keyboard (x32 Version: 1.1.1.03020)
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070)
Rinse (uninstall) (x32)
Rinse (x32 Version: 1.255)
Rinse (x32 Version: 1.912)
SaveValet IE - Stop overpaying!  Instantly get the lowest price and best deals right as you shop. (x32 Version: 1.7.9.52)
Skype Click to Call (x32 Version: 5.6.8442)
Skype™ 6.0 (x32 Version: 6.0.126)
Solid Edge V20 (x32 Version: 20.00.0096)
Sony Corporation (Version: 1.0.0)
SSLx64 (Version: 1.0.0)
SSLx86 (x32 Version: 1.0.0)
swMSM (x32 Version: 12.0.0.1)
ubi.com (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
US Job Search Toolbar (x32 Version: 1.0.0.0)
VAIO - Media Gallery (x32 Version: 1.5.0.16020)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.02250)
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.5.01.04060)
VAIO - Remote Keyboard (x32 Version: 1.0.1.03020)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070)
VAIO Care (x32 Version: 6.4.0.15030)
VAIO Control Center (x32 Version: 4.5.0.03040)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140)
VAIO Easy Connect (x32 Version: 1.0.0.03050)
VAIO Event Service (x32 Version: 5.5.0.03040)
VAIO Gate (x32 Version: 2.3.0.11090)
VAIO Gate Default (x32 Version: 2.4.0.03240)
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280)
VAIO Help and Support (x32 Version: 14.00.0125)
VAIO Improvement (x32 Version: 1.0.0.14150)
VAIO Manual (x32 Version: 2.0.0.02250)
VAIO Quick Web Access (x32 Version: 1.4.5.3)
VAIO Sample Contents (x32 Version: 1.4.0.09010)
VAIO Satisfaction Survey. (x32 Version: 3.0)
VAIO Smart Network (x32 Version: 3.5.0.02280)
VAIO Transfer Support (x32 Version: 1.4.0.14230)
VAIO Update (x32 Version: 5.4.0.15300)
VBA (2627.01) (x32 Version: 6.03.00.9402)
VCCx86 (x32 Version: 1.0.0)
VESx64 (Version: 1.0.0)
VESx86 (x32 Version: 1.0.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VIx64 (Version: 1.0.0)
VIx86 (x32 Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VWSTx86 (x32 Version: 1.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
World of Tanks (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Yontoo 1.10.03 (Version: 1.10.03)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05420569-931F-4714-8542-4FAC331089DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: {0FFC0F0F-B613-4862-B955-D290B548C6A0} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe No File
Task: {10AE8868-FECB-478A-BA55-05A076D6682D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2011-03-30] (Sony Corporation)
Task: {11709C8B-D4CC-4FBA-BD30-9F65338CC2A8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {26D584D8-0BDF-40B7-A58E-5C7575A47741} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-01] (Google Inc.)
Task: {28BD0F9D-7B60-4B1A-951D-B27084FCBD80} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {290C29B6-7F3B-47C7-802F-A327BDB78EA7} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe No File
Task: {2A9E1915-81F5-4757-A2B3-FFD750293566} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {2C80EFF1-A755-4276-9759-C556663A6E22} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {33D8D9FA-A12B-4D7F-9ACE-B62A6D6FD5E7} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient No File
Task: {36ADDC14-9813-4141-A3A4-7F4158174659} - System32\Tasks\User_Feed_Synchronization-{D9F0EE87-C6D6-4767-9395-30A637A88F06} => C:\Windows\system32\msfeedssync.exe [2013-06-19] (Microsoft Corporation)
Task: {48D7670D-B29E-47D6-BDB9-D1345CC0E266} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03] (Adobe Systems Incorporated)
Task: {701C6A62-DAEB-4C70-B3E8-5E124E605B30} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {7A0E38A1-B59E-46AE-9282-243543AC7B83} - System32\Tasks\User_Feed_Synchronization-{17660485-7011-4653-8BA2-30FADB45EBE7} => C:\Windows\system32\msfeedssync.exe [2013-06-19] (Microsoft Corporation)
Task: {7B4CB21C-A261-412F-97F8-F6604804AF7D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {880E1D0C-83C2-405A-97E2-64515FF98CA1} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {8AA130FF-612D-45F2-9AB7-05617A7438BB} - System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} => C:\Windows\system32\msfeedssync.exe [2013-06-19] (Microsoft Corporation)
Task: {9376EC8D-69FF-446D-B204-411B0CC9B9EF} - System32\Tasks\{48861952-4EE5-4D55-80EC-1BC4B2BC0033} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-07-25] (Microsoft Corporation)
Task: {A36B33E9-E83C-4893-90BE-9F1D8D5AC58A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {AA3E98DF-5AA6-47CE-A4AB-AC043DB25D4D} - System32\Tasks\WPD\SqmUpload_S-1-5-21-213646585-4064336114-1231107739-1005 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {C42A9701-43AC-4ABE-A901-4E41EB2CE9E1} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {D0072EB7-CF83-4F1C-8133-44E203CAD89F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {D65F8448-AFB5-4F7E-9EC7-FA48CB76CC37} - System32\Tasks\DealPly => C:\Users\Corey\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {E2241A71-9A8D-477F-A10D-365FB1C8C3EF} - System32\Tasks\RunAsStdUser Task => C:\Users\Corey\AppData\Local\teeveewatchSA\bin\1.0.10.0\TeeveeWatchSA.exe No File
Task: {E93338AF-F805-4CD7-ACF1-F09EC85BC80F} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {F6ED581E-AC07-45C2-B06E-07BAF9912CDC} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {FC93F4EE-AE31-4F72-BC91-976E706D4D9B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {FC98C552-482A-4BA9-BA67-11F0CA18D86C} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:D346F792

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 04:23:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 03:55:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 03:54:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 10:26:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 10:18:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 09:46:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 09:45:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 03:35:00 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Configuration, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/27/2013 03:35:00 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Data.SqlXml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/27/2013 03:35:00 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Xml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

System errors:
=============
Error: (08/27/2013 04:24:10 PM) (Source: Service Control Manager) (User: )
Description: The Yahoo! Updater service hung on starting.

Error: (08/27/2013 04:22:48 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/27/2013 04:21:23 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/27/2013 03:59:45 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (08/27/2013 03:56:43 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (08/27/2013 03:56:43 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:
%%1056

Error: (08/27/2013 03:56:43 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
%%1056

Error: (08/27/2013 03:55:43 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error:
%%1056

Error: (08/27/2013 03:54:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (08/27/2013 03:54:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (08/27/2013 04:23:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 03:55:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 03:54:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 10:26:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 10:18:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 09:46:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 09:45:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2013 03:35:00 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Configuration, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/27/2013 03:35:00 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Data.SqlXml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/27/2013 03:35:00 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Xml, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 4043.86 MB
Available physical RAM: 2494.27 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 6275.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.34 GB) (Free:349.59 GB) NTFS
Drive d: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A338678A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

 

 

Any help would be great, this is going to be the death of me LoL.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 PM

Posted 01 September 2013 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 PM

Posted 08 September 2013 - 08:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users