Solved C:\Windows\svchost.exe (Trojan.Agent)

Status
Not open for further replies.
D

DeadmanC95

Posts: 15   +0
Hi, I've had this trojan for a while now and I finally decided to restore my computer back to factory settings since Malwarebytes couldnt remove it. but after restoring my computer, I redownloaded Malwarebytes and the same trojan appeared. I read that you guys can help and I went through the 4 preliminary steps and obtained the 3 logs. Please help, thank you!
 
Database version: v2012.12.24.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Justin Mui :: JUSTINMUI-VAIO [administrator]

Protection: Enabled

12/24/2012 2:56:04 PM
mbam-log-2012-12-24 (14-56-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223501
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2400 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Justin Mui at 18:08:43 on 2012-12-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.2076 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\CoIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{994D5544-368A-44F0-994E-3D04155D3896} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justin Mui\AppData\Roaming\Mozilla\Firefox\Profiles\5g2mpbjc.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2012-12-24 17:41; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2012-12-24 17:41; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2012-12-24 17:54; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Justin Mui\AppData\Roaming\Mozilla\Firefox\Profiles\5g2mpbjc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1401000.018\SymDS64.sys [2012-12-24 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1401000.018\SymEFA64.sys [2012-12-24 1132192]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [2012-12-24 1385120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1401000.018\ccSetx64.sys [2012-12-24 168096]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-12-24 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys [2012-12-24 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1401000.018\Ironx64.sys [2012-12-24 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1401000.018\symnets.sys [2012-12-24 432800]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-24 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-24 676936]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe [2012-12-24 143928]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-12-24 143928]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-12-24 252416]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2012-12-24 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-24 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-12-24 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-12-24 19968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-24 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-24 25928]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2012-12-24 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-12-24 39464]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2012-12-24 332272]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-12-24 1250160]
.
=============== Created Last 30 ================
.
2012-12-24 23:48:48 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-12-24 23:41:02 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-12-24 23:41:02 -------- d-----w- C:\Program Files\Symantec
2012-12-24 23:41:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-12-24 23:40:44 776352 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\srtsp64.sys
2012-12-24 23:40:44 493216 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\SymDS64.sys
2012-12-24 23:40:44 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\symnets.sys
2012-12-24 23:40:44 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\srtspx64.sys
2012-12-24 23:40:44 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\SymELAM.sys
2012-12-24 23:40:44 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\Ironx64.sys
2012-12-24 23:40:44 1132192 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\SymEFA64.sys
2012-12-24 23:40:43 168096 ----a-r- C:\Windows\System32\drivers\N360x64\1401000.018\ccSetx64.sys
2012-12-24 23:40:26 -------- d-----w- C:\Windows\System32\drivers\N360x64\1401000.018
2012-12-24 23:40:26 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-12-24 23:40:25 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-12-24 23:36:54 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys
2012-12-24 23:36:51 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD02000.012
2012-12-24 23:36:51 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2012-12-24 23:36:51 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
2012-12-24 23:24:30 -------- dc-h--w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2012-12-24 23:16:54 -------- d-----w- C:\ProgramData\PCSettings
2012-12-24 22:59:10 -------- d-----w- C:\Users\Justin Mui\AppData\Local\Google
2012-12-24 22:43:23 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDCA874F-CB8A-469C-9924-D86266BA98F2}\mpengine.dll
2012-12-24 22:43:23 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-12-24 21:38:23 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-12-24 21:38:23 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-12-24 21:37:40 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-12-24 21:37:25 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-12-24 21:36:58 -------- d-----w- C:\Windows\PCHEALTH
2012-12-24 21:36:52 4927864 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c9c394ca1cde21e\Silverlight.2.0.exe
2012-12-24 21:36:44 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c50cb1ce1cde21e\DSETUP.dll
2012-12-24 21:36:44 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c50cb1ce1cde21e\DXSETUP.exe
2012-12-24 21:36:44 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c50cb1ce1cde21e\dsetup32.dll
2012-12-24 21:36:14 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc8A26.tmp
2012-12-24 21:36:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-12-24 21:34:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-12-24 21:32:52 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\QuickScan
2012-12-24 21:27:24 -------- d-----w- C:\VAIO Sample Contents
2012-12-24 21:11:38 -------- d--h--w- C:\SPLASH.000
2012-12-24 21:11:24 -------- d--h--w- C:\SPLASH.SYS
2012-12-24 21:11:11 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
2012-12-24 20:54:19 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-12-24 20:54:17 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2012-12-24 20:50:17 499712 ----a-r- C:\Windows\SysWow64\msvcp71.dll
2012-12-24 20:50:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-12-24 20:50:17 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-12-24 20:50:17 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2012-12-24 20:50:16 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2012-12-24 20:50:16 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2012-12-24 20:50:14 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-12-24 20:50:14 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-12-24 20:50:14 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-12-24 20:50:14 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-12-24 20:50:14 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-12-24 20:48:30 -------- d-----w- C:\Program Files (x86)\Evernote
2012-12-24 20:48:26 -------- d-----w- C:\ProgramData\Evernote
2012-12-24 20:48:11 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\Malwarebytes
2012-12-24 20:48:01 -------- d-----w- C:\Documentation
2012-12-24 20:48:01 -------- d-----w- C:\_FS_SWRINFO
2012-12-24 20:47:58 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-12-24 20:47:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-24 20:47:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-24 20:47:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-24 20:47:26 114688 ----a-w- C:\Program Files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-12-24 20:47:24 114688 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2012-12-24 20:44:50 -------- d-----w- C:\ProgramData\BOINC
2012-12-24 20:44:50 -------- d-----w- C:\Program Files (x86)\BOINC
2012-12-24 20:44:47 -------- d-----w- C:\Windows\Downloaded Installations
2012-12-24 20:41:02 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\Intel Corporation
2012-12-24 20:40:56 -------- d-----w- C:\Users\Justin Mui\AppData\Roaming\Intel
2012-12-24 20:40:06 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-12-24 20:40:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-12-24 20:40:06 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-12-24 20:40:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-12-24 20:37:23 -------- d-----w- C:\Program Files (x86)\Sony
2012-12-24 20:36:18 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-24 20:35:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-12-24 20:35:08 -------- d---a-w- C:\Program Files\Shutterfly
2012-12-24 20:33:09 -------- d-----w- C:\Program Files\PlayReady
2012-12-24 20:31:53 -------- d---a-w- C:\Nobu_Icon
2012-12-24 20:30:27 -------- d-----w- C:\ProgramData\Norton
2012-12-24 20:30:07 -------- d-----w- C:\ProgramData\NortonInstaller
2012-12-24 20:30:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-12-24 20:24:39 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-24 20:22:48 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-24 20:21:13 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-12-24 20:21:13 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-12-24 20:19:02 -------- d-----w- C:\ProgramData\Partner
2012-12-24 20:18:20 -------- d-----w- C:\Windows\Sonysys
2012-12-24 20:16:50 -------- d-----w- C:\Program Files (x86)\AccuWeather.com Cirrus
2012-12-24 20:14:32 -------- d-----w- C:\Program Files\Common Files\Sony Shared
2012-12-24 20:14:32 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2012-12-24 20:13:59 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-12-24 20:13:59 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-12-24 20:13:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-12-24 20:13:59 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-12-24 20:13:59 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-12-24 20:13:59 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-12-24 20:13:59 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-12-24 20:10:41 213888 ----a-w- C:\Windows\System32\drivers\rdyboost.sys
2012-12-24 20:07:37 -------- d-----w- C:\Program Files (x86)\Cisco
2012-12-24 20:07:28 -------- d-----w- C:\Program Files\Apoint
2012-12-24 20:05:35 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-12-24 20:03:06 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-12-24 20:03:06 342056 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-12-24 20:03:06 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-12-24 20:03:06 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-12-24 20:03:06 102952 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-12-24 20:02:33 -------- d-----w- C:\Program Files\WIDCOMM
2012-12-24 19:57:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-24 19:57:59 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-24 19:55:58 -------- d-----w- C:\ProgramData\DDNi
2012-12-24 19:55:58 -------- d-----w- C:\Program Files (x86)\DDNi
2012-12-24 19:55:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-12-24 19:55:55 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-12-24 19:55:51 -------- d-sh--w- C:\Windows\Installer
2012-12-24 19:51:35 20480 ------w- C:\Windows\svchost.exe
2012-12-24 19:50:47 -------- d-----w- C:\Program Files\Sony
2012-12-24 19:48:56 14336 ----a-w- C:\Windows\System32\drivers\en-US\fvevol.sys.mui
.
==================== Find3M ====================
.
2012-12-24 19:48:46 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2012-12-24 19:48:41 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2012-12-24 19:48:41 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2012-12-24 19:48:34 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-12-24 19:48:32 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-12-24 19:48:29 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
============= FINISH: 18:09:34.08 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/24/2012 2:34:18 PM
System Uptime: 12/24/2012 6:03:06 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | N/A | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 430.419 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 12/24/2012 2:34:38 PM - Windows Update
RP2: 12/24/2012 2:41:03 PM - Windows Update
.
==== Installed Programs ======================
.
AccuWeather.com Cirrus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Alps Pointing-device for VAIO
Application Manager for VAIO
ArcSoft Magic-I Visual Effects 2
ArcSoft WebCam Companion 3
Evernote
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 20 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
Media Gallery
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
Norton 360
Norton Identity Safe
Oasis2Service
OOBE
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
Realtek High Definition Audio Driver
Remote Keyboard with PlayStation 3
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Skype™ 4.2
SmartWi Connection Utility
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition plug-in (Click to Disc)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story Template Data
VAIO Quick Web Access
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
12/24/2012 5:33:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
12/24/2012 5:33:18 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2012 5:33:09 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
12/24/2012 3:55:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/24/2012 3:38:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/24/2012 3:38:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/24/2012 3:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/24/2012 3:38:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/24/2012 3:38:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:38:01 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/24/2012 3:38:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/24/2012 3:37:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:29:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2012 3:29:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
12/24/2012 3:29:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.



TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
Hi DragonMaster Jay. Thank you for helping me. I have a question about the change parameters section. I have four options in the objects to scan. System memory, Services and drivers, Boot sectors, and loaded modules. all of them but the loaded modules are checked. should I check this options? Also, just to clarify, I should leave the Verify file digital signatures and Detect TDLFS files systems unchecked, correct? Thank you again for the help.
 
When I try to check the box, a message appears saying, "Reboot is required. Extended monitoring driver is required for this option. Press "Reboot now" button to install driver and reboot, or "Cancel" to continue."
 
Here is the log it gave. After the program cured the malware, an alert came up from norton saying that it blocked an action from tdsskiller saying it was a threat. this was all before the reboot but I believe it didnt have any impact
 

Attachments

  • TDSSKiller.2.8.15.0_26.12.2012_15.56.43_log.txt
    138.7 KB · Views: 1
Run through TDSSKiller again, please, and delete the TDSS file system. Then, do the following:

avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 13:23:46
-----------------------------
13:23:46.855 OS Version: Windows x64 6.1.7600
13:23:46.855 Number of processors: 4 586 0x2505
13:23:46.855 ComputerName: JUSTINMUI-VAIO UserName: Justin Mui
13:23:48.275 Initialize success
13:23:54.560 AVAST engine defs: 12122701
13:24:11.130 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:24:11.135 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
13:24:11.150 Disk 0 MBR read successfully
13:24:11.150 Disk 0 MBR scan
13:24:11.155 Disk 0 Windows 7 default MBR code
13:24:11.170 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10565 MB offset 2048
13:24:11.195 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21639168
13:24:11.210 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466273 MB offset 21843968
13:24:11.240 Disk 0 scanning C:\Windows\system32\drivers
13:24:21.100 Service scanning
13:24:53.040 Modules scanning
13:24:54.440 AVAST engine scan C:\Windows
13:24:57.125 AVAST engine scan C:\Windows\system32
13:28:23.755 AVAST engine scan C:\Windows\system32\drivers
13:28:36.875 AVAST engine scan C:\Users\Justin Mui
13:29:14.430 AVAST engine scan C:\ProgramData
13:31:32.365 Scan finished successfully
13:33:27.641 Disk 0 MBR has been saved successfully to "C:\Users\Justin Mui\Desktop\MBR.dat"
13:33:27.646 The log file has been saved successfully to "C:\Users\Justin Mui\Desktop\aswMBR.txt"
 

Attachments

  • MBRscan.txt
    512 bytes · Views: 0
The program asked to download the avast antivirus defs so I did and then it had the option of scans so I just went with the default of quickscan
 
I believe it worked. Norton did the same thing and said it blocked the action but it said the deletion was complete
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
C:\TDSSKiller_Quarantine\26.12.2012_15.56.44\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.12.2012_15.56.44\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.12.2012_15.56.44\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_13.05.43\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_13.05.43\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.12.2012_13.05.43\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan cleaned by deleting - quarantined
 
Before I reset my computer, my computer was fairly slow on start up, svchost.exe ran at 100% or close to every once in a while, taking up a lot of my cpu, and I would get a system crash/blue screen every time I tried to put my computer to hibernate. None of these have occurred since I reset my computer but I also never tried to put it to hibernate
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create


Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.56
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 20
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Google Chrome 23.0.1271.97
Google Chrome 5.0.375.55
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems


Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
D
Solved Malwarebyte pop-up at random times showing "Website blocked due to Trojan" Type: Outbound, c/windows/syswows64/dllhost.exe
2
Replies
25
Views
5K
allant
A
ZoeJ2022
Inactive HELP: Removing Virus using Farbar
2
Replies
32
Views
5K
Broni
Broni

Latest posts

Back