Jump to content

bigguns193

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. bigguns193
    the scan went fine its not showing any sign of the trojan at all i just have one last question if you know of a good free program that will help speed up my computer a little bit? thank you for all of your help.
  2. bigguns193
    oh and the log was taken before i removed checked malware
  3. bigguns193
    Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.26.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Chris :: CHRIS-PC [administrator] 6/26/2012 1:29:41 PM mbam-log-2012-06-26 (13-42-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230164 Time elapsed: 7 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\{6F098504-CDB1-420f-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> No action taken. HKCU\Software\IEBarProperties (Adware.Mirar) -> No action taken. HKCU\Software\AppDataLow\Software\MarketPrecision (Adware.Adparatus) -> No action taken. HKLM\SOFTWARE\SpaceQuery (Adware.SpaceQuery) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) seems like its working better should i try scanning again with norton?
  4. bigguns193
    ok here's combofix ComboFix 12-06-26.01 - Chris 06/26/2012 11:12:46.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.353 [GMT -4:00] Running from: c:\users\Chris\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\Object c:\program files\Object\config.ini c:\program files\Object\facetheme_uninstall.exe c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\SpaceQuery c:\programdata\SpaceQuery c:\users\Chris\2009_DTV_S4_firmware.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 ))))))))))))))))))))))))))))))) . . 2012-06-26 15:23 . 2012-06-26 15:23 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-06-26 15:23 . 2012-06-26 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-26 14:46 . 2012-06-26 14:46 -------- d-----w- c:\program files\Norton Safe Web Lite 2012-06-26 14:46 . 2012-06-26 14:46 -------- d-----w- c:\windows\system32\drivers\NST 2012-06-25 17:43 . 2012-01-12 13:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-06-25 05:17 . 2012-06-25 05:17 -------- d-----w- C:\NBRT 2012-06-25 00:02 . 2009-06-12 11:18 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-06-24 21:45 . 2012-06-25 19:27 -------- d-----w- c:\users\Chris\AppData\Local\NPE 2012-06-24 02:53 . 2012-06-24 02:53 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-24 02:40 . 2012-06-24 02:40 -------- d-----w- C:\8c4ca1840b0adb2948de88d897 2012-06-24 02:37 . 2012-06-26 14:48 -------- d-----w- c:\program files\NortonInstaller 2012-06-24 02:36 . 2012-06-24 02:36 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\281673281cd51b202\MeshBetaRemover.exe 2012-06-22 17:53 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAA53A37-F609-44D7-892C-9B0265851F01}\mpengine.dll 2012-06-08 20:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-08 20:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-08 20:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-08 20:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-08 20:26 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-08 20:26 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-08 20:26 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-08 20:26 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-08 20:26 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-24 02:28 . 2012-01-15 09:38 7021336 ----a-w- c:\users\Mcx1\AppData\Roaming\wruninstall.exe 2012-05-05 08:02 . 2012-03-31 17:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 08:02 . 2012-03-31 17:01 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-03 08:16 . 2012-05-12 06:25 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:25 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36 . 2012-05-12 06:25 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39 . 2012-05-11 17:20 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}] 2010-12-12 14:56 242176 ----a-w- c:\program files\RegTweaker\key.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-30 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "lxbmmon.exe"="c:\program files\Lexmark 4200 Series\lxbmmon.exe" [2007-01-30 230320] "Lexmark 4200 Series Fax Server"="c:\program files\Lexmark 4200 Series\fm3032.exe" [2007-01-30 160688] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-12-04 00:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] 2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-02-13 17:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2007-02-28 20:10 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-01-31 23:40 151552 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] 2006-12-08 00:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-01-31 23:40 131072 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-01-07 21:07 1394000 ------w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] NDSTray.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-01-31 23:40 126976 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-02-07 01:50 4374528 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2007-01-19 06:24 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-01-30 18:03 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-02-02 21:36 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2006-12-20 07:16 411768 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:02] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:07] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:07] . 2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{68D25D97-0AED-49A8-AED6-E5352684C986}.job - c:\windows\system32\msfeedssync.exe [2011-07-25 17:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file) WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file) HKCU-Run-uTorrent - c:\users\Chris\Desktop\Wallpapers\uTorrent.exe SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-Defender Pro Antiphishing Helper - c:\program files\Defender Pro\Defender Pro\IEShow.exe MSConfigStartUp-DPAgent - c:\program files\Defender Pro\Defender Pro\bdagent.exe MSConfigStartUp-iolo Startup - c:\program files\iolo\Common\Lib\ioloLManager.exe MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-26 11:23 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NSL] "ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52, 34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{5B291E6C-9A74-4034-971B-A4B007A0B315}"=hex:51,66,7a,6c,4c,1d,38,12,02,1d,3a, 5f,46,d4,5a,05,e8,0d,e7,f0,02,fe,f7,01 "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{97AB88EF-346B-4179-A0B1-7445896547A5}"=hex:51,66,7a,6c,4c,1d,38,12,81,8b,b8, 93,59,7a,17,04,df,a7,37,05,8c,3b,03,b1 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{02F0243C-2E71-4A1A-A790-6C30888119D0}"=hex:51,66,7a,6c,4c,1d,38,12,52,27,e3, 06,43,60,74,0f,d8,86,2f,70,8d,df,5d,c4 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c, 24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AEB04B5E-C981-47A9-B847-33EE4C92F6B9}"=hex:51,66,7a,6c,4c,1d,38,12,30,48,a3, aa,b3,87,c7,02,c7,51,70,ae,49,cc,b2,ad "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{C8D5D964-2BE8-4C5B-8CF5-6E975AA88504}"=hex:51,66,7a,6c,4c,1d,38,12,0a,da,c6, cc,da,65,35,09,f3,e3,2d,d7,5f,f6,c1,10 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d, dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02 "{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}"=hex:51,66,7a,6c,4c,1d,38,12,d8,ab,4f, ee,ae,d5,fa,0c,d8,b7,d7,3b,69,3d,5f,f3 "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d "{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd, b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:a9,0b,dc,7f,59,4b,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,3f,28,28,ab,f8,97,49,ac,d1,7d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,42,3f,28,28,ab,f8,97,49,ac,d1,7d,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(604) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infra.dll . Completion time: 2012-06-26 11:29:05 ComboFix-quarantined-files.txt 2012-06-26 15:29 ComboFix2.txt 2010-05-13 03:52 . Pre-Run: 49,687,576,576 bytes free Post-Run: 49,989,111,808 bytes free . - - End Of File - - 26418E08A29E33EC8A0EAA69DEA43CF6
  5. bigguns193
    ok here is the report from kaspersky TDSSKiller.2.7.42.0_26.06.2012_07.36.55_log.txt
  6. bigguns193
    here is the attach. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/31/2010 1:58:15 AM System Uptime: 6/25/2012 3:48:41 PM (8 hours ago) . Motherboard: Intel Corporation | | CAPELL VALLEY(NAPA) CRB Processor: Intel® Core2 CPU T5300 @ 1.73GHz | U2E1 | 1067/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 110 GiB total, 40.035 GiB free. D: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP908: 6/22/2012 12:00:09 AM - Scheduled Checkpoint RP909: 6/22/2012 3:00:16 AM - Windows Update RP910: 6/23/2012 12:00:09 AM - Scheduled Checkpoint RP911: 6/23/2012 3:00:16 AM - Windows Update RP913: 6/23/2012 10:37:25 PM - Windows Live Essentials RP914: 6/24/2012 3:00:21 AM - Windows Update RP915: 6/24/2012 7:02:21 PM - Scheduled Checkpoint RP916: 6/25/2012 3:00:26 AM - Windows Update RP917: 6/25/2012 1:38:40 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later. RP919: 6/25/2012 2:43:09 PM - StopZILLA! Restore Point. RP920: 6/25/2012 3:24:17 PM - Norton_Power_Eraser_20120625152415305 RP921: 6/25/2012 3:26:29 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later. RP922: 6/25/2012 3:55:48 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later. RP923: 6/25/2012 4:44:19 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent ABBYY FineReader 6.0 Sprint Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.0 Adobe Shockwave Player Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card Ask Toolbar Bejeweled 2 Deluxe Bing Bar Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Bluetooth Stack for Windows by Toshiba Bonjour Camera Assistant Software for Toshiba CCScore CD/DVD Drive Acoustic Silencer Chuzzle Deluxe Coupon Printer for Windows D3DX10 Desktop Dialer Driver Mender DVD MovieFactory for TOSHIBA ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt FATE FaxRedist ffdshow [rev 2527] [2008-12-19] FrostWire 4.21.8 FrostWire 5.3.3 Google Chrome Google Desktop Google Toolbar for Internet Explorer Google Update Helper Graboid Video 3.1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Internet Offers iTunes Java SE Runtime Environment 6 JEOPARDY Junk Mail filter update Kodak EasyShare software Lexmark 4200 Series LG Android Drivers LG USB Modem driver Logitech Vid HD LuckyWire 1.0.0.0 Malwarebytes' Anti-Malware Marvell Miniport Driver Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft XML Parser MobileMe Control Panel MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB973688) netbrdg Norton AntiVirus Norton Bootable Recovery Tool Wizard OfotoXMI OGA Notifier 2.0.0048.0 Penguins! Polar Bowler Polar Golfer Protector Suite QL 5.6 QuickTime RadioBar Toolbar Realtek High Definition Audio Driver RegTweaker version 3.2.2 Safari SCRABBLE Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI SFR SHASTA skin0001 SKINXSDK staticcr Synaptics Pointing Device Driver System Requirements Lab for Intel Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI TomTom HOME 2.7.6.2056 TomTom HOME Visual Studio Merge Modules TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Game Console TOSHIBA Hardware Setup TOSHIBA Media Center Game Console Toshiba Registration TOSHIBA SD Memory Utilities TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Verizon V CAST Media Manager Visual C++ 8.0 CRT (x86) WinSXS MSM VLC media player 1.0.1 VPRINTOL VZAccess Manager Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series WinDVD for TOSHIBA WIRELESS WModem Driver Installer Xvid 1.2.1 final uninstall Yahoo! Messenger Yahoo! Music Jukebox Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 6/25/2012 7:33:55 PM, Error: PlugPlayManager [11] - The device Root\LEGACY_SMR300\0000 disappeared from the system without first being prepared for removal. 6/25/2012 4:47:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service. 6/25/2012 4:47:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service. 6/25/2012 3:58:22 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 6/25/2012 3:50:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv 6/25/2012 3:50:41 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 6/25/2012 3:50:41 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified. 6/25/2012 3:33:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2709162). 6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Update for Windows Vista (KB2677070). 6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Windows Vista (KB2685939). 6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2686833). 6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656374). 6/25/2012 3:33:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071aa7: Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2699988). 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2709162_client~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2709162_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2699988_RTM~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833_client~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2677070_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374_client~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374_client_2~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_9_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2709162~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2677070~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:25:55 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state 6/25/2012 3:25:43 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2686833~31bf3856ad364e35~x86~~6.0.1.0 () into Resolved(Resolved) state 6/25/2012 3:25:31 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2699988~31bf3856ad364e35~x86~~9.1.1.0 () into Absent(Absent) state 6/25/2012 3:25:19 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2656374~31bf3856ad364e35~x86~~6.0.2.0 () into Resolved(Resolved) state 6/25/2012 3:25:07 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2685939~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state 6/25/2012 3:24:51 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2709162~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state 6/25/2012 3:19:43 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The file cannot be opened transactionally, because its identity depends on the outcome of an unresolved transaction. 6/25/2012 3:06:20 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting. 6/25/2012 3:03:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 6/25/2012 2:52:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 6/25/2012 2:49:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NAV eeCtrl IDSVix86 is3srv spldr SRTSPX SymIRON SYMTDIv Wanarpv6 6/25/2012 2:49:11 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/25/2012 2:49:11 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/25/2012 2:49:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/25/2012 2:48:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/25/2012 2:48:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/25/2012 2:48:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 6/25/2012 2:48:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/25/2012 2:48:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/25/2012 2:48:04 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode . 6/25/2012 2:48:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 6/25/2012 2:47:54 PM, Error: EventLog [6008] - The previous system shutdown at 2:46:23 PM on 6/25/2012 was unexpected. 6/25/2012 2:45:32 PM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting. 6/25/2012 2:34:25 PM, Error: EventLog [6008] - The previous system shutdown at 2:32:27 PM on 6/25/2012 was unexpected. 6/25/2012 2:05:51 AM, Error: EventLog [6008] - The previous system shutdown at 9:07:52 PM on 6/24/2012 was unexpected. 6/25/2012 11:15:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NAV eeCtrl IDSVix86 spldr SRTSPX SymIRON SYMTDIv szkg5 szkgfs Wanarpv6 6/25/2012 11:14:28 AM, Error: EventLog [6008] - The previous system shutdown at 11:11:48 AM on 6/25/2012 was unexpected. 6/25/2012 1:36:37 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/25/2012 1:36:28 PM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s). 6/25/2012 1:36:28 PM, Error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s). 6/25/2012 1:36:27 PM, Error: Service Control Manager [7034] - The lxbm_device service terminated unexpectedly. It has done this 1 time(s). 6/25/2012 1:34:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs 6/25/2012 1:33:43 PM, Error: EventLog [6008] - The previous system shutdown at 1:31:04 PM on 6/25/2012 was unexpected. 6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~en-US~7.6.7600.256 () into Staged(Staged) state 6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux~31bf3856ad364e35~x86~~7.6.7600.256 () into Staged(Staged) state 6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256 () into Staged(Staged) state 6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-MiniLP~31bf3856ad364e35~x86~en-US~7.6.7600.256 () into Staged(Staged) state 6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~en-US~7.6.7600.256 () into Staged(Staged) state 6/23/2012 3:24:13 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.6.7600.256 () into Staged(Staged) state 6/23/2012 10:39:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 6/23/2012 10:39:43 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/23/2012 10:39:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/18/2012 9:02:38 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance. 6/18/2012 9:02:23 AM, Error: EventLog [6008] - The previous system shutdown at 8:58:45 AM on 6/18/2012 was unexpected. 6/18/2012 10:06:11 AM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File =========================== and here is dds . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Chris at 23:15:29 on 2012-06-25 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.225 [GMT -4:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Protector Suite QL\upeksvr.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\system32\lxbmcoms.exe C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe C:\Toshiba\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Lexmark 4200 Series\LXBMmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Logitech\Vid HD\Vid.exe C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local mSearchAssistant = about:blank BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\programdata\wrdata\pkg\LPBar.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [uTorrent] "c:\users\chris\desktop\wallpapers\uTorrent.exe" uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode uRun: [HLBackupScheduler] "c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe" uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe" uRun: [spybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe" mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [RtHDVCpl] "RtHDVCpl.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe" mRun: [lxbmmon.exe] "c:\program files\lexmark 4200 series\lxbmmon.exe" mRun: [Lexmark 4200 Series Fax Server] "c:\program files\lexmark 4200 series\fm3032.exe" /s mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BD2E4F3D-4BBA-4F70-B0A5-480269A763ED} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{FA920D65-0A50-47BD-A597-5344759D964F} : DhcpNameServer = 192.168.1.1 Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - Notify: igfxcui - igfxdev.dll Notify: psfus - c:\windows\system32\psqlpwd.dll AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll LSA: Notification Packages = scecli psqlpwd . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\symds.sys [2012-6-24 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010.005\symefa.sys [2012-6-24 905336] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920] R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.005\ccsetx86.sys [2012-6-24 132744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20120623.002\IDSvix86.sys [2012-6-25 382624] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005\ironx86.sys [2012-6-24 149624] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1307010.005\symtdiv.sys [2012-6-24 345208] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-23 106656] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-17 4247552] RUnknown szkg5;szkg5; [x] RUnknown szkgfs;szkgfs; [x] S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-4-23 1347584] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272] S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408] S3 SVRPEDRV;SVRPEDRV;d:\bin\PEDRV.SYS [2006-12-11 8704] SUnknown is3srv;is3srv; [x] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-06-25 19:55:09 -------- d-----w- c:\users\chris\appdata\local\{736DC6CD-3AB6-471B-A612-4EF07C4A5042} 2012-06-25 19:05:00 -------- d-----w- c:\users\chris\appdata\local\{BC75FE65-AEDE-46E0-A9DF-D49CF291ACEA} 2012-06-25 19:04:30 -------- d-----w- c:\users\chris\appdata\local\{EF75D9BD-1912-4757-902E-E0B499327231} 2012-06-25 18:40:22 -------- d-----w- c:\users\chris\appdata\local\{75BC24EF-0A51-4E31-B1EA-ED88DBE96BC5} 2012-06-25 18:39:41 -------- d-----w- c:\users\chris\appdata\local\{324072B5-8439-4A79-979A-27D6D40B894E} 2012-06-25 17:43:16 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys 2012-06-25 17:37:02 -------- d-----w- c:\users\chris\appdata\local\{20F6F2EA-9EAA-4365-AB30-0154509A11A7} 2012-06-25 17:36:36 -------- d-----w- c:\users\chris\appdata\local\{6CE580CF-A494-4067-9A45-C6D62448E2F2} 2012-06-25 12:41:19 -------- d-----w- c:\users\chris\appdata\local\{5081642E-56E9-4F5B-B883-73F5E253ED2D} 2012-06-25 12:40:30 -------- d-----w- c:\users\chris\appdata\local\{F607885F-A324-4D29-8E70-ED01DC54FAFF} 2012-06-25 06:08:21 -------- d-----w- c:\users\chris\appdata\local\{1929EF9D-92B3-49E3-B433-1C067B24CEF2} 2012-06-25 06:07:59 -------- d-----w- c:\users\chris\appdata\local\{DEED0B03-011A-4DAB-A281-B2B5493B75C6} 2012-06-25 05:17:52 -------- d-----w- C:\NBRT 2012-06-25 00:55:17 -------- d-----w- c:\users\chris\appdata\local\{FD5B8FF7-790F-4542-A771-98033BA0E247} 2012-06-25 00:54:55 -------- d-----w- c:\users\chris\appdata\local\{ABFF4058-E8FC-45D8-83D6-FF0D2C5274D1} 2012-06-25 00:02:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-06-25 00:00:15 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0405000.022 2012-06-25 00:00:15 -------- d-----w- c:\windows\system32\drivers\NBRTWizard 2012-06-25 00:00:04 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard 2012-06-24 21:54:49 -------- d-----w- c:\users\chris\appdata\local\{37DFED87-31AC-4CF5-AD86-C69F6F36F710} 2012-06-24 21:54:25 -------- d-----w- c:\users\chris\appdata\local\{D19B635A-DB83-4F37-8776-DBCD40C727E0} 2012-06-24 21:45:31 -------- d-----w- c:\users\chris\appdata\local\NPE 2012-06-24 15:35:37 -------- d-----w- c:\users\chris\appdata\local\{799DA83F-EDBF-4B01-9849-CECBC29868C5} 2012-06-24 15:34:03 -------- d-----w- c:\users\chris\appdata\local\{78E559B1-9E74-40FE-8C26-DA5D63E6AD47} 2012-06-24 15:33:32 -------- d-----w- c:\users\chris\appdata\local\{C12D4145-8298-41EC-8AEE-75DCF5B87BE9} 2012-06-24 05:02:38 345208 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdiv.sys 2012-06-24 05:02:38 318584 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symnets.sys 2012-06-24 05:02:37 905336 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symefa.sys 2012-06-24 05:02:37 340088 ----a-r- c:\windows\system32\drivers\nav\1307010.005\symds.sys 2012-06-24 05:02:37 32888 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtspx.sys 2012-06-24 05:02:36 574072 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtsp.sys 2012-06-24 05:02:36 149624 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ironx86.sys 2012-06-24 05:02:36 132744 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ccsetx86.sys 2012-06-24 05:01:33 -------- d-----w- c:\windows\system32\drivers\nav\1307010.005 2012-06-24 02:53:02 19736 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll 2012-06-24 02:50:41 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-06-24 02:50:39 -------- d-----w- c:\program files\Symantec 2012-06-24 02:50:39 -------- d-----w- c:\program files\common files\Symantec Shared 2012-06-24 02:45:17 -------- d-----w- c:\windows\system32\drivers\NAV 2012-06-24 02:44:59 -------- d-----w- c:\program files\Norton AntiVirus 2012-06-24 02:40:27 -------- d-----w- C:\8c4ca1840b0adb2948de88d897 2012-06-24 02:37:36 -------- d-----w- c:\program files\NortonInstaller 2012-06-24 02:36:29 15712 ----a-w- c:\program files\common files\windows live\.cache\281673281cd51b202\MeshBetaRemover.exe 2012-06-24 02:34:49 -------- d-----w- c:\users\chris\appdata\local\{86994268-5031-4005-92B8-5B53C2243C81} 2012-06-24 02:34:37 -------- d-----w- c:\users\chris\appdata\local\{88AB8C42-7571-40B6-A09D-CBC8E16386A9} 2012-06-23 13:29:05 -------- d-----w- c:\users\chris\appdata\local\{07760BA6-AFF7-4A91-86BE-5A27336FFA60} 2012-06-23 13:28:43 -------- d-----w- c:\users\chris\appdata\local\{5E9F4217-A246-4438-AE4A-78D6FA805A87} 2012-06-22 17:53:20 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{caa53a37-f609-44d7-892c-9b0265851f01}\mpengine.dll 2012-06-22 13:41:32 -------- d-----w- c:\users\chris\appdata\local\{81FD36CE-A93C-4577-99DE-4E9C9AFAAB6D} 2012-06-22 13:41:09 -------- d-----w- c:\users\chris\appdata\local\{3D309185-1832-435A-A39C-48DA851554F9} 2012-06-21 16:52:49 -------- d-----w- c:\users\chris\appdata\local\{9E7AD089-0A15-48A2-9175-F5BB244E12C0} 2012-06-21 16:52:27 -------- d-----w- c:\users\chris\appdata\local\{4858FDAE-B031-4CEC-AA45-74D088F6D8DE} 2012-06-20 19:19:30 -------- d-----w- c:\users\chris\appdata\local\{1FCC03F8-52B5-4B37-BECE-A3D5328251FF} 2012-06-20 19:19:05 -------- d-----w- c:\users\chris\appdata\local\{E59CC56C-7714-4380-8BB0-E18FD5626E4F} 2012-06-19 13:44:05 -------- d-----w- c:\users\chris\appdata\local\{CA6BD617-D00B-4D4A-9DDB-8091ECA81C01} 2012-06-19 13:43:30 -------- d-----w- c:\users\chris\appdata\local\{2913FFAD-F463-4767-8D1B-6FE11250E690} 2012-06-17 14:51:56 -------- d-----w- c:\users\chris\appdata\local\{0426EA5F-A2B4-48A9-B9F9-45DDE8E338C0} 2012-06-16 19:47:55 -------- d-----w- c:\users\chris\appdata\local\{8F25C88E-C37A-49DF-B461-A2235696E2D9} 2012-06-15 13:17:27 -------- d-----w- c:\users\chris\appdata\local\{2A34B73F-3929-4462-BF4A-69DB45EA5631} 2012-06-14 14:34:00 -------- d-----w- c:\users\chris\appdata\local\{F8FD97A8-2776-4048-8AF1-CFF589AB7F6C} 2012-06-14 14:33:41 -------- d-----w- c:\users\chris\appdata\local\{46A531E4-05AA-465F-B344-9DA52706CB45} 2012-06-14 13:39:52 -------- d-----w- c:\users\chris\appdata\local\{88F81013-A7F8-4176-AD71-9AAF802B962E} 2012-06-14 13:39:29 -------- d-----w- c:\users\chris\appdata\local\{00ADB113-8FDD-44B6-A3C6-0D18B9E746F5} 2012-06-08 20:27:23 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-08 20:26:48 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-08 20:26:21 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-08 20:26:21 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 18:37:01 -------- d-----w- c:\users\chris\appdata\local\{9BEF466B-5F0F-4CEB-AB9A-9EBD0DCDAD63} 2012-06-02 18:36:38 -------- d-----w- c:\users\chris\appdata\local\{9A447711-4B28-46C7-AD98-EB721F85B411} 2012-05-29 22:34:30 -------- d-----w- c:\users\chris\appdata\local\{9804722D-872A-4A84-85DD-99CC7ABA2164} 2012-05-29 22:33:59 -------- d-----w- c:\users\chris\appdata\local\{10566D96-64CE-43A2-BEEE-781DB553E5CC} . ==================== Find3M ==================== . 2012-05-05 08:02:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 08:02:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys . ============= FINISH: 23:19:00.44 =============== and this is from Roguekiller RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Chris [Admin rights] Mode: Scan -- Date: 06/25/2012 23:27:33 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\Chris\Desktop\Wallpapers\uTorrent.exe") -> FOUND [sUSP PATH] HKUS\S-1-5-21-2864384524-2689584164-734915261-1000[...]\Run : uTorrent ("C:\Users\Chris\Desktop\Wallpapers\uTorrent.exe") -> FOUND [sUSP PATH] Uninstall Webroot RunOnce.lnk @Mcx1 : C:\Users\Mcx1\AppData\Roaming\wruninstall.exe -> FOUND [sCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Chris\Desktop\dds.scr) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x82AA75C3 -> HOOKED (Unknown @ 0x96C1D5B8) SSDT[14] : NtAlertThread @ 0x82A20255 -> HOOKED (Unknown @ 0x96C1D678) SSDT[18] : NtAllocateVirtualMemory @ 0x82A5C4FB -> HOOKED (Unknown @ 0x949190E8) SSDT[21] : NtAlpcConnectPort @ 0x829FE887 -> HOOKED (Unknown @ 0x9487E4D0) SSDT[42] : NtAssignProcessToJobObject @ 0x829D1B43 -> HOOKED (Unknown @ 0x9492D008) SSDT[67] : NtCreateMutant @ 0x82A34812 -> HOOKED (Unknown @ 0x96C19B20) SSDT[77] : NtCreateSymbolicLinkObject @ 0x829D435A -> HOOKED (Unknown @ 0x965FEC20) SSDT[78] : NtCreateThread @ 0x82AA5BE0 -> HOOKED (Unknown @ 0x94922090) SSDT[116] : NtDebugActiveProcess @ 0x82A78D22 -> HOOKED (Unknown @ 0x949294E8) SSDT[129] : NtDuplicateObject @ 0x82A0C551 -> HOOKED (Unknown @ 0x969C50D0) SSDT[147] : NtFreeVirtualMemory @ 0x82898F1D -> HOOKED (Unknown @ 0x9644CCF0) SSDT[156] : NtImpersonateAnonymousToken @ 0x829CEF12 -> HOOKED (Unknown @ 0x94913CF0) SSDT[158] : NtImpersonateThread @ 0x829E454F -> HOOKED (Unknown @ 0x94930B48) SSDT[165] : NtLoadDriver @ 0x8297FDEE -> HOOKED (Unknown @ 0x9487E788) SSDT[177] : NtMapViewOfSection @ 0x82A2489A -> HOOKED (Unknown @ 0x949F2588) SSDT[184] : NtOpenEvent @ 0x82A0DDCF -> HOOKED (Unknown @ 0x949000C0) SSDT[194] : NtOpenProcess @ 0x82A34FAE -> HOOKED (Unknown @ 0x9491FAD0) SSDT[195] : NtOpenProcessToken @ 0x82A15A2E -> HOOKED (Unknown @ 0x9491E288) SSDT[197] : NtOpenSection @ 0x82A2566D -> HOOKED (Unknown @ 0x94927890) SSDT[201] : NtOpenThread @ 0x82A304FF -> HOOKED (Unknown @ 0x969C51A0) SSDT[210] : NtProtectVirtualMemory @ 0x82A2E2E2 -> HOOKED (Unknown @ 0x94903B68) SSDT[282] : NtResumeThread @ 0x82A2FB4A -> HOOKED (Unknown @ 0x94930638) SSDT[289] : NtSetContextThread @ 0x82AA706F -> HOOKED (Unknown @ 0x9651EB58) SSDT[305] : NtSetInformationProcess @ 0x82A288C8 -> HOOKED (Unknown @ 0x9651EC18) SSDT[317] : NtSetSystemInformation @ 0x829FAEEB -> HOOKED (Unknown @ 0x949F2290) SSDT[330] : NtSuspendProcess @ 0x82AA74FF -> HOOKED (Unknown @ 0x94914A18) SSDT[331] : NtSuspendThread @ 0x829AE92B -> HOOKED (Unknown @ 0x949F90F8) SSDT[334] : NtTerminateProcess @ 0x82A05143 -> HOOKED (Unknown @ 0x94922170) SSDT[335] : NtTerminateThread @ 0x82A30534 -> HOOKED (Unknown @ 0x967F9D48) SSDT[348] : NtUnmapViewOfSection @ 0x82A24B5D -> HOOKED (Unknown @ 0x9490C8D8) SSDT[358] : NtWriteVirtualMemory @ 0x82A2192D -> HOOKED (Unknown @ 0x9644CDC0) SSDT[382] : NtCreateThreadEx @ 0x82A2FFE9 -> HOOKED (Unknown @ 0x967FA3A0) S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x96C67928) S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x96D89070) S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x96C7A600) S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x986AC0F8) S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x96CA1858) S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x96C73E30) S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x96CA1510) S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x96CA7DC0) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x96CD0B40) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x96CC1250) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++ --- User --- [MBR] a635ea7d8a69e8c995d58a70ece15e75 [bSP] e9d40177ccf5189658c3cb696f865b6d : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 112972 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  7. bigguns193
    Hi i just recently purchased norton antivirus 2012 and its showing the virus trojan.gen.2 so after trying all of the tools they provide nothing is getting rid of this virus and when i scanned with malwarebytes its not showing it at all so what else can i do to get rid of this virus? Any and all help would be greatly appreciated thank you very much.
  8. bigguns193
    HI i just recently bought norton antivirus 2012 and its saying that i have the virus trojan.gen.2 and getting rid of it failed, so i tried all of their extra tools to get rid of it to no success and when i scanned my computer again it showed back up so i scanned again with malwarebytes and its not showing anything so what else can i do to get rid of this virus, thank you very much for any and all help you can give me.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.