C:\Windows\svchost.exe (Trojan.Agent)

Solved
By DeadmanC95
Dec 24, 2012
Topic Status:
Not open for further replies.
  1. Hi, I've had this trojan for a while now and I finally decided to restore my computer back to factory settings since Malwarebytes couldnt remove it. but after restoring my computer, I redownloaded Malwarebytes and the same trojan appeared. I read that you guys can help and I went through the 4 preliminary steps and obtained the 3 logs. Please help, thank you!
  2. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    Database version: v2012.12.24.07

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Justin Mui :: JUSTINMUI-VAIO [administrator]

    Protection: Enabled

    12/24/2012 2:56:04 PM
    mbam-log-2012-12-24 (14-56-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223501
    Time elapsed: 1 minute(s), 48 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 2400 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  3. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16385
    Run by Justin Mui at 18:08:43 on 2012-12-24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.2076 [GMT -6:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
    C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
    C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    -netsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Care\VCSpt.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.dll
    BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\CoIEPlg.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{994D5544-368A-44F0-994E-3D04155D3896} : DHCPNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Justin Mui\AppData\Roaming\Mozilla\Firefox\Profiles\5g2mpbjc.default\
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - ExtSQL: 2012-12-24 17:41; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
    FF - ExtSQL: 2012-12-24 17:41; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
    FF - ExtSQL: 2012-12-24 17:54; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Justin Mui\AppData\Roaming\Mozilla\Firefox\Profiles\5g2mpbjc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1401000.018\SymDS64.sys [2012-12-24 493216]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1401000.018\SymEFA64.sys [2012-12-24 1132192]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [2012-12-24 1385120]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1401000.018\ccSetx64.sys [2012-12-24 168096]
    R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-12-24 168096]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys [2012-12-24 512672]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1401000.018\Ironx64.sys [2012-12-24 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1401000.018\symnets.sys [2012-12-24 432800]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-24 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-24 676936]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe [2012-12-24 143928]
    R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-12-24 143928]
    R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]
    R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-12-24 252416]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2012-12-24 104960]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-24 2320920]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-12-24 575856]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-12-24 19968]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-24 138912]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-3 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-24 25928]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-12-24 342056]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-12-24 39464]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-12-24 332272]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
    S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-12-24 1250160]
    .
    =============== Created Last 30 ================
    .
    2012-12-24 23:48:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-12-24 23:41:02 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-12-24 23:41:02 -------- d-----w- C:\Program Files\Symantec
    2012-12-24 23:41:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-12-24 23:40:44 776352 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\srtsp64.sys
    2012-12-24 23:40:44 493216 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\SymDS64.sys
    2012-12-24 23:40:44 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\symnets.sys
    2012-12-24 23:40:44 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\srtspx64.sys
    2012-12-24 23:40:44 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\SymELAM.sys
    2012-12-24 23:40:44 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\Ironx64.sys
    2012-12-24 23:40:44 1132192 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\SymEFA64.sys
    2012-12-24 23:40:43 168096 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\ccSetx64.sys
    2012-12-24 23:40:26 -------- d-----w- C:\Windows\System32\drivers\N360x64\1401000.018
    2012-12-24 23:40:26 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2012-12-24 23:40:25 -------- d-----w- C:\Program Files (x86)\Norton 360
    2012-12-24 23:36:54 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys
    2012-12-24 23:36:51 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD02000.012
    2012-12-24 23:36:51 -------- d-----w- C:\Windows\System32\drivers\NSTx64
    2012-12-24 23:36:51 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
    2012-12-24 23:24:30 -------- dc-h--w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
    2012-12-24 23:16:54 -------- d-----w- C:\ProgramData\PCSettings
    2012-12-24 22:59:10 -------- d-----w- C:\Users\Justin Mui\AppData\Local\Google
    2012-12-24 22:43:23 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDCA874F-CB8A-469C-9924-D86266BA98F2}\mpengine.dll
    2012-12-24 22:43:23 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-12-24 21:38:23 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2012-12-24 21:38:23 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2012-12-24 21:37:40 -------- d-----w- C:\Program Files (x86)\Microsoft
    2012-12-24 21:37:25 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
    2012-12-24 21:36:58 -------- d-----w- C:\Windows\PCHEALTH
    2012-12-24 21:36:52 4927864 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9c394ca1cde21e\Silverlight.2.0.exe
    2012-12-24 21:36:44 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c50cb1ce1cde21e\DSETUP.dll
    2012-12-24 21:36:44 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c50cb1ce1cde21e\DXSETUP.exe
    2012-12-24 21:36:44 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c50cb1ce1cde21e\dsetup32.dll
    2012-12-24 21:36:14 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc8A26.tmp
    2012-12-24 21:36:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2012-12-24 21:34:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-12-24 21:32:52 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\QuickScan
    2012-12-24 21:27:24 -------- d-----w- C:\VAIO Sample Contents
    2012-12-24 21:11:38 -------- d--h--w- C:\SPLASH.000
    2012-12-24 21:11:24 -------- d--h--w- C:\SPLASH.SYS
    2012-12-24 21:11:11 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
    2012-12-24 20:54:19 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-12-24 20:54:17 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
    2012-12-24 20:50:17 499712 ----a-r- C:\Windows\SysWow64\msvcp71.dll
    2012-12-24 20:50:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-12-24 20:50:17 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
    2012-12-24 20:50:17 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
    2012-12-24 20:50:16 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
    2012-12-24 20:50:16 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
    2012-12-24 20:50:14 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-12-24 20:50:14 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-12-24 20:50:14 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-12-24 20:50:14 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-12-24 20:50:14 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-12-24 20:48:30 -------- d-----w- C:\Program Files (x86)\Evernote
    2012-12-24 20:48:26 -------- d-----w- C:\ProgramData\Evernote
    2012-12-24 20:48:11 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\Malwarebytes
    2012-12-24 20:48:01 -------- d-----w- C:\Documentation
    2012-12-24 20:48:01 -------- d-----w- C:\_FS_SWRINFO
    2012-12-24 20:47:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2012-12-24 20:47:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-24 20:47:57 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-24 20:47:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-24 20:47:26 114688 ----a-w- C:\Program Files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
    2012-12-24 20:47:24 114688 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
    2012-12-24 20:44:50 -------- d-----w- C:\ProgramData\BOINC
    2012-12-24 20:44:50 -------- d-----w- C:\Program Files (x86)\BOINC
    2012-12-24 20:44:47 -------- d-----w- C:\Windows\Downloaded Installations
    2012-12-24 20:41:02 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\Intel Corporation
    2012-12-24 20:40:56 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\Intel
    2012-12-24 20:40:06 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-12-24 20:40:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-12-24 20:40:06 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-12-24 20:40:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-12-24 20:37:23 -------- d-----w- C:\Program Files (x86)\Sony
    2012-12-24 20:36:18 -------- d-----r- C:\Program Files (x86)\Skype
    2012-12-24 20:35:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-12-24 20:35:08 -------- d---a-w- C:\Program Files\Shutterfly
    2012-12-24 20:33:09 -------- d-----w- C:\Program Files\PlayReady
    2012-12-24 20:31:53 -------- d---a-w- C:\Nobu_Icon
    2012-12-24 20:30:27 -------- d-----w- C:\ProgramData\Norton
    2012-12-24 20:30:07 -------- d-----w- C:\ProgramData\NortonInstaller
    2012-12-24 20:30:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-12-24 20:24:39 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-24 20:22:48 455680 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-12-24 20:21:13 -------- d-----w- C:\Program Files (x86)\Intel Corporation
    2012-12-24 20:21:13 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
    2012-12-24 20:19:02 -------- d-----w- C:\ProgramData\Partner
    2012-12-24 20:18:20 -------- d-----w- C:\Windows\Sonysys
    2012-12-24 20:16:50 -------- d-----w- C:\Program Files (x86)\AccuWeather.com Cirrus
    2012-12-24 20:14:32 -------- d-----w- C:\Program Files\Common Files\Sony Shared
    2012-12-24 20:14:32 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
    2012-12-24 20:13:59 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2012-12-24 20:13:59 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2012-12-24 20:13:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2012-12-24 20:13:59 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2012-12-24 20:13:59 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2012-12-24 20:13:59 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2012-12-24 20:13:59 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2012-12-24 20:10:41 213888 ----a-w- C:\Windows\System32\drivers\rdyboost.sys
    2012-12-24 20:07:37 -------- d-----w- C:\Program Files (x86)\Cisco
    2012-12-24 20:07:28 -------- d-----w- C:\Program Files\Apoint
    2012-12-24 20:05:35 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2012-12-24 20:03:06 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
    2012-12-24 20:03:06 342056 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
    2012-12-24 20:03:06 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
    2012-12-24 20:03:06 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
    2012-12-24 20:03:06 102952 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
    2012-12-24 20:02:33 -------- d-----w- C:\Program Files\WIDCOMM
    2012-12-24 19:57:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-24 19:57:59 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-24 19:55:58 -------- d-----w- C:\ProgramData\DDNi
    2012-12-24 19:55:58 -------- d-----w- C:\Program Files (x86)\DDNi
    2012-12-24 19:55:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-12-24 19:55:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-12-24 19:55:51 -------- d-sh--w- C:\Windows\Installer
    2012-12-24 19:51:35 20480 ------w- C:\Windows\svchost.exe
    2012-12-24 19:50:47 -------- d-----w- C:\Program Files\Sony
    2012-12-24 19:48:56 14336 ----a-w- C:\Windows\System32\drivers\en-US\fvevol.sys.mui
    .
    ==================== Find3M ====================
    .
    2012-12-24 19:48:46 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
    2012-12-24 19:48:41 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
    2012-12-24 19:48:41 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
    2012-12-24 19:48:34 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
    2012-12-24 19:48:32 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
    2012-12-24 19:48:29 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
    .
    ============= FINISH: 18:09:34.08 ===============
  4. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/24/2012 2:34:18 PM
    System Uptime: 12/24/2012 6:03:06 PM (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | N/A | 1190/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 430.419 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 12/24/2012 2:34:38 PM - Windows Update
    RP2: 12/24/2012 2:41:03 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    AccuWeather.com Cirrus
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Alps Pointing-device for VAIO
    Application Manager for VAIO
    ArcSoft Magic-I Visual Effects 2
    ArcSoft WebCam Companion 3
    Evernote
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Intel(R) Wireless Display
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 20 (64-bit)
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.1.1000
    Media Gallery
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser
    Norton 360
    Norton Identity Safe
    Oasis2Service
    OOBE
    PlayReady PC Runtime amd64
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition plug-in (Click to Disc)
    PMB VAIO Edition plug-in (VAIO Image Optimizer)
    PMB VAIO Edition plug-in (VAIO Movie Story)
    Realtek High Definition Audio Driver
    Remote Keyboard with PlayStation 3
    Remote Play with PlayStation 3
    Remote Play with PlayStation®3
    Skype™ 4.2
    SmartWi Connection Utility
    VAIO - Media Gallery
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition plug-in (Click to Disc)
    VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
    VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
    VAIO Care
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Help and Support
    VAIO Manual
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Messenger
    VAIO Movie Story Template Data
    VAIO Quick Web Access
    VAIO Sample Contents
    VAIO Survey
    VAIO Transfer Support
    VAIO Update
    WIDCOMM Bluetooth Software
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/24/2012 5:33:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
    12/24/2012 5:33:18 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/24/2012 5:33:09 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
    12/24/2012 3:55:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    12/24/2012 3:38:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/24/2012 3:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/24/2012 3:38:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/24/2012 3:38:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/24/2012 3:37:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:29:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/24/2012 3:29:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    12/24/2012 3:29:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    .
    ==== End Of File ===========================
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.



    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  6. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    Hi DragonMaster Jay. Thank you for helping me. I have a question about the change parameters section. I have four options in the objects to scan. System memory, Services and drivers, Boot sectors, and loaded modules. all of them but the loaded modules are checked. should I check this options? Also, just to clarify, I should leave the Verify file digital signatures and Detect TDLFS files systems unchecked, correct? Thank you again for the help.
  7. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    When I try to check the box, a message appears saying, "Reboot is required. Extended monitoring driver is required for this option. Press "Reboot now" button to install driver and reboot, or "Cancel" to continue."
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Check all but the one that needs reboot, we shouldn't need the monitoring driver.
  9. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    Here is the log it gave. After the program cured the malware, an alert came up from norton saying that it blocked an action from tdsskiller saying it was a threat. this was all before the reboot but I believe it didnt have any impact

    Attached Files:

  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Run through TDSSKiller again, please, and delete the TDSS file system. Then, do the following:

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  11. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-27 13:23:46
    -----------------------------
    13:23:46.855 OS Version: Windows x64 6.1.7600
    13:23:46.855 Number of processors: 4 586 0x2505
    13:23:46.855 ComputerName: JUSTINMUI-VAIO UserName: Justin Mui
    13:23:48.275 Initialize success
    13:23:54.560 AVAST engine defs: 12122701
    13:24:11.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    13:24:11.135 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
    13:24:11.150 Disk 0 MBR read successfully
    13:24:11.150 Disk 0 MBR scan
    13:24:11.155 Disk 0 Windows 7 default MBR code
    13:24:11.170 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10565 MB offset 2048
    13:24:11.195 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21639168
    13:24:11.210 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466273 MB offset 21843968
    13:24:11.240 Disk 0 scanning C:\Windows\system32\drivers
    13:24:21.100 Service scanning
    13:24:53.040 Modules scanning
    13:24:54.440 AVAST engine scan C:\Windows
    13:24:57.125 AVAST engine scan C:\Windows\system32
    13:28:23.755 AVAST engine scan C:\Windows\system32\drivers
    13:28:36.875 AVAST engine scan C:\Users\Justin Mui
    13:29:14.430 AVAST engine scan C:\ProgramData
    13:31:32.365 Scan finished successfully
    13:33:27.641 Disk 0 MBR has been saved successfully to "C:\Users\Justin Mui\Desktop\MBR.dat"
    13:33:27.646 The log file has been saved successfully to "C:\Users\Justin Mui\Desktop\aswMBR.txt"

    Attached Files:

  12. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    The program asked to download the avast antivirus defs so I did and then it had the option of scans so I just went with the default of quickscan
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How did the TDSS File System deletion go?
     
  14. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    I believe it worked. Norton did the same thing and said it blocked the action but it said the deletion was complete
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  16. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    C:\TDSSKiller_Quarantine\26.12.2012_15.56.44\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\26.12.2012_15.56.44\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\26.12.2012_15.56.44\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\27.12.2012_13.05.43\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\27.12.2012_13.05.43\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\27.12.2012_13.05.43\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
  17. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    Before I reset my computer, my computer was fairly slow on start up, svchost.exe ran at 100% or close to every once in a while, taking up a lot of my cpu, and I would get a system crash/blue screen every time I tried to put my computer to hibernate. None of these have occurred since I reset my computer but I also never tried to put it to hibernate
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  19. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    Results of screen317's Security Check version 0.99.56
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 20
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (17.0.1)
    Google Chrome 23.0.1271.97
    Google Chrome 5.0.375.55
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  20. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    Thank you so much for everything
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  22. DeadmanC95

    DeadmanC95 Newcomer, in training Topic Starter

    Alright I did everything and thanks again for everything
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Topic solved. :D
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.