Jump to content

kwawny

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Everything posted by kwawny

  1. kwawny
    Thank you so much for your help. I really appreciate it. You can close this thread now. Good day.
  2. kwawny
    I apologize for the double post (not sure how to edit posts or if that's possible?) but I have one final question after the above question: I'm a very paranoid person and I was wondering if I should visit a computer specialist after this malware attack?
  3. kwawny
    Hello. Thank you so much for your help/advice. I changed the default password when I first got the router but I was wondering if it should be changed if one has a malware scare?
  4. kwawny
    Thank you so much for your help and your advice. I will check out the internet/pc safety links soon. I have a few more questions/concerns: 1. When turning my laptop on before I ran the ComboFix script it took a really long time to get to the Windows screen, so I decided to manually restart it. Then it went into Startup Repair mode. After scanning it said something like: Root Cause Found: System volume on disk is corrupt. Repair action: File system repair (chkdsk) Result: Completed Successfully. Error Code = 0x0 Also, when I unplug my laptop, it immediately shuts off. My laptop can only run when plugged in. (My adapter is fairly new. Got it in June 2013). I think there's something internally wrong with my computer but I'm not sure what it is. Do you know what I should do about that? 2. When I used Rogue Killer some days ago, immediately after the "Deleting Finished" info showed in the status box, the following happened: A pop-up (it looked legit and I think it is) said something like "Windows Report, Internet Explorer Restored." (I'm not sure exactly what was written because it appeared and disappeared rather quickly) Then, the desktop briefly disappeared (the icons and such disappeared) before reappearing again. I'm not sure if that's a normal part of the Rogue Killer process or not. 3. The Internet Explorer Icon/Logo which is located on my desktop is titled “The Internet.” I can’t remember if I’ve seen this before. I’m not sure if this is normal. 4. I have a folder called “backups” on my desktop that contains alleged backup files, but I don’t know how it came to be. Most of the files have a “blank page” icon and just have the words “backup,” a date (August 6, 2013), and some seemingly random numbers (One of the files has the name “Secunia PSI Tray.”) Do you think I should delete the folder? 5. Should I change my router passwords as well?
  5. kwawny
    Hello. I have read your message. I cannot fully respond at this time. I will be able to respond by tomorrow. Please keep this thread open. Thank you.
  6. kwawny
    I gave up on the ESET scanner and decided to do the F-Secure Online Scan. It did not find anything.
  7. kwawny
    So, here's my update: I re-started the ESET scan at 6:40 PM and it's been scanning for nearly 3 hours. It's still on 20%....
  8. kwawny
    I accidentally hit "Stop" thinking that was the pause button and the scan ended. I will have to start the scan over. ;_; I will update you as soon as possible.
  9. kwawny
    Thank you. I have been running the ESET scan for almost 8 hours and it is only on 20%. Is that normal? Should I restart it?
  10. kwawny
    Hello. Sorry for the late response. I did the first step (remove unneeded start-up entries) and my computer is running much faster. Thank you. About the ESET scanner: Is it safe to run the online scanner while Norton 360's real time scanner is off?
  11. kwawny
    Hello. Sorry for the late response. I didn't have any problems doing the requested activities. Currently (besides the issues mentioned in my previous posts), my computer seems to be doing fine. Below are the reports: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.04.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Lapreasha :: LAPREASHA-PC [administrator] 8/4/2013 5:51:12 PM mbam-log-2013-08-04 (17-51-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM | P2P Scan options disabled: Heuristics/Shuriken Objects scanned: 225777 Time elapsed: 9 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:31:48 PM, on 8/4/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16496) Boot mode: Normal Running processes: C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Lapreasha\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- End of file - 8456 bytes
  12. kwawny
    Hello. Things that may need to be addressed: 1. When turning my laptop on for the first time today (before I ran the ComboFix script) it took a really long time to get to the Windows screen, so I decided to manually restart it. Then it went into Startup Repair mode. After scanning it said something like: Root Cause Found: System volume on disk is corrupt. Repair action: File system repair (chkdsk) Result: Completed Successfully. Error Code = 0x0 Also, when I unplug my laptop, it immediately shuts off. My laptop can only run when plugged in. (My adapter is fairly new. Got it in June 2013). I think there's something internally wrong with my computer but I'm not sure what it is. 2. Yesterday, while using Rogue Killer, immediately after the "Deleting Finished" info showed in the status box, the following happened: A pop-up (it looked legit and I think it is) said something like "Windows Report, Internet Explorer Restored." (I'm not sure exactly what was written because it appeared and disappeared rather quickly) Then, the desktop briefly disappeared (the icons and such disappeared) before reappearing again. I'm not sure if that's a normal part of the Rogue Killer process or not. 3. Yesterday, after I did the Rogue Killer scan, there was a Rogue Killer Quarantine folder on my desktop that was filled with quarantined items. Today, the folder only has something called “Rogue Killer Configuration Settings” in it. I'm not sure if that’s normal or not. 4. The Internet Explorer Icon/Logo which is located on my desktop is titled “The Internet.” I can’t remember if I’ve seen this before. I’m not sure if this is normal. That’s about it. Aside from the above mentioned issues, the laptop is working fine. No overt weirdness. Below is the ComboFix Report. As I was running Combofix, it asked me if I wanted to update it and so I updated it. (Then, I did the scan) I hope that’s okay? After running the ComboFix script, my laptop appears to be doing fine. ComboFix 13-08-02.03 - Lapreasha 08/03/2013 16:03:26.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1669 [GMT -4:00]Running from: c:\users\Lapreasha\Desktop\ComboFix.exeCommand switches used :: c:\users\Lapreasha\Desktop\CFScript.txtAV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))..2013-08-03 20:17 . 2013-08-03 20:17 -------- d-----w- c:\users\Lapreasha\AppData\Local\temp2013-08-03 20:17 . 2013-08-03 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-03 15:35 . 2013-08-03 15:35 -------- d-----w- C:\found.0032013-08-01 22:35 . 2013-08-01 22:35 -------- d-----w- c:\windows\ERUNT2013-07-31 09:59 . 2013-07-31 09:59 -------- d-----w- C:\found.0022013-07-31 07:19 . 2013-07-31 07:26 -------- d-----w- c:\windows\system32\MRT2013-07-31 06:02 . 2013-07-31 06:02 -------- d-----w- c:\program files\OpenOffice 42013-07-29 20:41 . 2013-07-29 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-07-29 20:41 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-29 18:31 . 2013-07-29 19:09 -------- d-----w- c:\users\Lapreasha\AppData\Local\NPE2013-07-28 21:17 . 2013-07-28 21:21 -------- d-----w- c:\program files\Norton PC Checkup 3.02013-07-11 09:07 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-19 02:37 . 2012-10-14 18:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-19 02:37 . 2011-08-27 04:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys2013-06-29 22:26 . 2013-06-29 22:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\offreg.dll2013-06-17 22:29 . 2011-06-29 05:47 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-06-17 06:10 . 2013-06-29 22:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\mpengine.dll2013-05-23 05:25 . 2013-06-15 07:39 934488 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symefa.sys2013-05-21 05:02 . 2013-06-15 07:39 367704 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symds.sys2013-05-16 05:02 . 2013-06-15 07:39 603224 ----a-w- c:\windows\system32\drivers\N360\1404000.028\srtsp.sys2013-05-09 08:58 . 2013-06-29 22:34 229648 ----a-w- c:\windows\system32\aswBoot.exe2013-05-08 03:40 . 2013-06-12 19:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-08 01:58 . 2013-06-12 19:40 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]"Skytel"="Skytel.exe" [2007-11-21 1826816]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-31 23:10 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 02:37].2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06].2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06]..------- Supplementary Scan -------.uStart Page = uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Lapreasha\AppData\Roaming\Mozilla\Firefox\Profiles\n52indrg.default\FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.SafeBoot-39190515.sys...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-08-03 16:17Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2013-08-03 16:21:04ComboFix-quarantined-files.txt 2013-08-03 20:20.Pre-Run: 186,865,541,120 bytes freePost-Run: 186,896,818,176 bytes free.- - End Of File - - 3B264BA87770ED844301C5D45B68124A5B5E648D12FCADC244C1EC30318E1EB9
  13. kwawny
    Hello. Here are my questions and updates: After clicking "Change parameters" while using TDSSKiller, I literally checked all of the boxes (including the Additional options "Verify file digital signatures" and "Detect TDLFS file system"). Is that okay? Also, while using Rogue Killer, immediately after the "Deleting Finished" info showed in the status box, the following happened: A pop-up (it looked legit and I think it is) said something like "Windows Report, Internet Explorer Restored." (I'm not sure exactly what was written because it appeared and disappeared rather quickly) Then, the desktop briefly disappeared (the icons and such disappeared) before reappearing again. I'm not sure if that's a normal part of the Rogue Killer process or not. Otherwise, my computer seems to be fine. Nothing else besides the above mentioned incident has happened. I have attached the TDSSKiller report because I had trouble posting it. Posted below is the Rogue Killer report. PLEASE NOTE: I could not find RKreport[2]. I could only find RKreport[0]. I hope that is fine. RogueKiller V8.6.4 [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Lapreasha [Admin rights] Mode : Scan -- Date : 08/02/2013 20:45:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] explorer.exe -- C:\Users\Lapreasha\Desktop\7-Zip\7-zip.dll [x] -> UNLOADED ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][ROGUE ST] 4793 : wscript.exe - C:\Users\LAPREA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [Tr.Karagany][Folder] plugs : C:\Users\Lapreasha\AppData\Roaming\Adobe\plugs [-] --> FOUND [Tr.Karagany][Folder] shed : C:\Users\Lapreasha\AppData\Roaming\Adobe\shed [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x8509F7FF -> HOOKED (Unknown @ 0x89AC18A0) [Address] SSDT[14] : NtAlertThread @ 0x85018357 -> HOOKED (Unknown @ 0x89AC1980) [Address] SSDT[18] : NtAllocateVirtualMemory @ 0x850546AD -> HOOKED (Unknown @ 0x89AC32F0) [Address] SSDT[21] : NtAlpcConnectPort @ 0x84FF689D -> HOOKED (Unknown @ 0x898A14E8) [Address] SSDT[42] : NtAssignProcessToJobObject @ 0x84FC9B2E -> HOOKED (Unknown @ 0x89AC1048) [Address] SSDT[67] : NtCreateMutant @ 0x8502C9A3 -> HOOKED (Unknown @ 0x89AC15F0) [Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x84FCC345 -> HOOKED (Unknown @ 0x89ABFD70) [Address] SSDT[78] : NtCreateThread @ 0x8509DE14 -> HOOKED (Unknown @ 0x89AC3738) [Address] SSDT[116] : NtDebugActiveProcess @ 0x85070F04 -> HOOKED (Unknown @ 0x89AC1128) [Address] SSDT[129] : NtDuplicateObject @ 0x85004581 -> HOOKED (Unknown @ 0x89AC3480) [Address] SSDT[147] : NtFreeVirtualMemory @ 0x84E90E15 -> HOOKED (Unknown @ 0x89AC30E8) [Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x84FC6F3B -> HOOKED (Unknown @ 0x89AC16E0) [Address] SSDT[158] : NtImpersonateThread @ 0x84FDC580 -> HOOKED (Unknown @ 0x89AC17C0) [Address] SSDT[165] : NtLoadDriver @ 0x84F77E12 -> HOOKED (Unknown @ 0x8989F2F8) [Address] SSDT[177] : NtMapViewOfSection @ 0x8501C99C -> HOOKED (Unknown @ 0x89AC1FB0) [Address] SSDT[184] : NtOpenEvent @ 0x85005DFF -> HOOKED (Unknown @ 0x89AC1510) [Address] SSDT[194] : NtOpenProcess @ 0x8502D13F -> HOOKED (Unknown @ 0x89AC3620) [Address] SSDT[195] : NtOpenProcessToken @ 0x8500DA60 -> HOOKED (Unknown @ 0x89AC33C0) [Address] SSDT[197] : NtOpenSection @ 0x8501D794 -> HOOKED (Unknown @ 0x89AC1350) [Address] SSDT[201] : NtOpenThread @ 0x8502863B -> HOOKED (Unknown @ 0x89AC3550) [Address] SSDT[210] : NtProtectVirtualMemory @ 0x850263F2 -> HOOKED (Unknown @ 0x89ABFF60) [Address] SSDT[282] : NtResumeThread @ 0x85027C5A -> HOOKED (Unknown @ 0x89AC1A60) [Address] SSDT[289] : NtSetContextThread @ 0x8509F2AB -> HOOKED (Unknown @ 0x89AC1D00) [Address] SSDT[305] : NtSetInformationProcess @ 0x850209EE -> HOOKED (Unknown @ 0x89AC1DE0) [Address] SSDT[317] : NtSetSystemInformation @ 0x84FF2F14 -> HOOKED (Unknown @ 0x89AC1208) [Address] SSDT[330] : NtSuspendProcess @ 0x8509F73B -> HOOKED (Unknown @ 0x89AC1430) [Address] SSDT[331] : NtSuspendThread @ 0x84FA6943 -> HOOKED (Unknown @ 0x89AC1B40) [Address] SSDT[335] : unknown @ 0x85028670 -> HOOKED (Unknown @ 0x89AC1C20) [Address] SSDT[348] : NtUnmapViewOfSection @ 0x8501CC5F -> HOOKED (Unknown @ 0x89AC1ED0) [Address] SSDT[358] : NtWriteVirtualMemory @ 0x85019A2F -> HOOKED (Unknown @ 0x89AC31D8) [Address] SSDT[382] : NtCreateThreadEx @ 0x85028125 -> HOOKED (Unknown @ 0x89ABFE60) [Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x890157B8) [Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89A670E0) [Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8B4442E0) [Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89ABB180) [Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89A67248) [Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A68008) [Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x8B444210) [Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8B444120) [Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89ABB4E0) [Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8B457128) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVS-26VAT0 ATA Device +++++ --- User --- [MBR] 7234b6c29d9aff6cf6a65b7846751187 [bSP] 6d7f06fc31fcf694dff506027a434f45 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 230934 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 476026880 | Size: 6040 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08022013_204529.txt >> TDSSKiller.2.8.16.0_02.08.2013_19.15.23_log.txt
  14. kwawny
    Hello. Here's a problem that I had: Even though I disabled Norton 360's "Smart Firewall" and "Antivirus Auto-Protect" for five hours, Combofix said "Combofix has detected the following real time scanners to be active: norton." I decided to just run Combofix anyway. I hope that's okay? Current Computer Status: My CPU Usage gets as high as 100% sometimes, but that's about it. The computer seems to be working fine. Here is my Combofix Log: ComboFix 13-08-01.01 - Lapreasha 08/01/2013 23:57:34.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1786 [GMT -4:00]Running from: c:\users\Lapreasha\Desktop\ComboFix.exeAV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))..2013-08-02 04:12 . 2013-08-02 04:12 -------- d-----w- c:\users\Lapreasha\AppData\Local\temp2013-08-02 04:12 . 2013-08-02 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-01 22:35 . 2013-08-01 22:35 -------- d-----w- c:\windows\ERUNT2013-07-31 09:59 . 2013-07-31 09:59 -------- d-----w- C:\found.0022013-07-31 07:19 . 2013-07-31 07:26 -------- d-----w- c:\windows\system32\MRT2013-07-31 06:02 . 2013-07-31 06:02 -------- d-----w- c:\program files\OpenOffice 42013-07-29 20:41 . 2013-07-29 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-07-29 20:41 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-29 18:31 . 2013-07-29 19:09 -------- d-----w- c:\users\Lapreasha\AppData\Local\NPE2013-07-28 21:17 . 2013-07-28 21:21 -------- d-----w- c:\program files\Norton PC Checkup 3.02013-07-11 09:07 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-19 02:37 . 2012-10-14 18:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-19 02:37 . 2011-08-27 04:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-29 22:26 . 2013-06-29 22:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\offreg.dll2013-06-17 22:29 . 2011-06-29 05:47 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-06-17 06:10 . 2013-06-29 22:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\mpengine.dll2013-05-23 05:25 . 2013-06-15 07:39 934488 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symefa.sys2013-05-21 05:02 . 2013-06-15 07:39 367704 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symds.sys2013-05-16 05:02 . 2013-06-15 07:39 603224 ----a-w- c:\windows\system32\drivers\N360\1404000.028\srtsp.sys2013-05-09 08:58 . 2013-06-29 22:34 229648 ----a-w- c:\windows\system32\aswBoot.exe2013-05-08 03:40 . 2013-06-12 19:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-08 01:58 . 2013-06-12 19:40 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]"Skytel"="Skytel.exe" [2007-11-21 1826816]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-31 23:10 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 02:37].2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06].2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06]..------- Supplementary Scan -------.uStart Page = uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Lapreasha\AppData\Roaming\Mozilla\Firefox\Profiles\n52indrg.default\FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{E49D8D56-543D-4B71-BA78-150D6DD38374} - (no file)SafeBoot-WudfPfSafeBoot-WudfRd...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-08-02 00:13Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2013-08-02 00:17:40ComboFix-quarantined-files.txt 2013-08-02 04:17.Pre-Run: 180,137,779,200 bytes freePost-Run: 187,039,059,968 bytes free.- - End Of File - - E0129562CF77BBDC738B1F7A2161E26D5B5E648D12FCADC244C1EC30318E1EB9
  15. kwawny
    Finally figured out what to do. My computer seems to be running normally. (Except "Start-up" seems faster than it used to be.) Here are my logs (adwcleaner and JWT respectively): # AdwCleaner v2.306 - Logfile created 08/01/2013 at 18:24:10# Updated 19/07/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Lapreasha - LAPREASHA-PC# Boot Mode : Normal# Running from : C:\Users\Lapreasha\Desktop\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\.autoregFile Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xmlFile Deleted : C:\user.jsFolder Deleted : C:\Program Files\AutocompleteProFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\WeCareReminderFolder Deleted : C:\Users\Lapreasha\AppData\Local\BabylonFolder Deleted : C:\Users\Lapreasha\AppData\Local\ConduitFolder Deleted : C:\Users\Lapreasha\AppData\Local\Zoom_DownloaderFolder Deleted : C:\Users\Lapreasha\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AutocompleteProBHOKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\ZugoKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dllKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\SOFTWARE\SoftwareKey Deleted : HKLM\Software\Tarma InstallerKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Lapreasha\AppData\Roaming\Mozilla\Firefox\Profiles\n52indrg.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Lapreasha\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [339 octets] - [01/08/2013 18:24:06]AdwCleaner[s2].txt - [3896 octets] - [01/08/2013 18:24:10] ########## EOF - C:\AdwCleaner[s2].txt - [3956 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.2.9 (07.30.2013:1)OS: Windows Vista Home Premium x86Ran by Lapreasha on Thu 08/01/2013 at 18:35:47.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FDCBB2B1-A29C-492F-B25C-B71A7B5CB529} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Lapreasha\AppData\Roaming\pccustubinstaller"Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Lapreasha\AppData\Roaming\mozilla\firefox\profiles\n52indrg.default\minidumps [16 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 08/01/2013 at 18:43:13.29End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  16. kwawny
    Hello. Thank you for your quick and thorough response. I have a few questions. 1. How do I shut down my protection software? I currently have Norton 360 (paid), Superantispyware (free), and Malwarebytes (free). 2. If I do shut all of my protection software down, is it safe for me to post on the internet after using the Junkware Removal Tool? I'm currently using the "infected" laptop. Do I turn my protection software back on after using the Junkware Removal Tool and before posting on the internet? Or am I supposed to use another computer? Thank you and good day.
  17. kwawny
    Hello. I've been doing free Malwarebytes scans (quick and full scans) in safe mode since July 29, 2013 and I have found some PUPs (specifically, pup.optional.babylon.a and pup.optional.tarma.a) and trojan.banker. They were quarantined and deleted. (Well, that's what the "Logs" said. The malware is in the "Quarantine" section of Malwarebytes as well.) Today, I did a Malwarebytes full scan in safe mode and no threats were found. I also did some quick scans (in "regular" mode i.e. not in safe mode) using Norton 360 and SuperAntiSpyware and no threats were found. I'm concerned about the state of my computer and I'm wondering whether I have any more malware on my laptop. I'm also curious about what to do after finding the trojan.banker, which I've read is really bad news. I'll definitely be changing my passwords, but I was wondering if I have to change my router passwords as well? Any advice on how to prevent malware attacks in the future? Any help would be immensely appreciated. Thanks and good day. Below is the dds.txt and attach.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16496 Run by Lapreasha at 19:48:37 on 2013-07-31 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1137 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe C:\TOSHIBA\IVP\ISM\pinger.exe C:\Program Files\Secunia\PSI\PSIA.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe C:\Windows\system32\taskeng.exe C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\DllHost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe mRun: [skytel] Skytel.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001013-0002-0013-ABCDEFFEDCBC} - <orphaned> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.0.1 TCP: Interfaces\{C2855BE1-397D-4868-A2A8-74543FB04624} : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lapreasha\appdata\roaming\mozilla\firefox\profiles\n52indrg.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll FF - plugin: c:\users\lapreasha\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\lapreasha\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-15 367704] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-15 934488] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-18 1002072] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-15 134744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130730.001\IDSvix86.sys [2013-7-30 386720] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-20 20384] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-15 175264] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-15 352344] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056] R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2013-7-28 132056] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-7-31 106656] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-20 954368] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856] . =============== Created Last 30 ================ . 2013-07-31 09:59:07 -------- d-sh--w- C:\found.002 2013-07-31 07:19:07 -------- d-----w- c:\windows\system32\MRT 2013-07-31 06:02:16 -------- d-----w- c:\program files\OpenOffice 4 2013-07-29 20:41:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-29 20:41:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-29 19:06:18 -------- d-----w- c:\windows\pss 2013-07-29 18:31:20 -------- d-----w- c:\users\lapreasha\appdata\local\NPE 2013-07-28 21:36:59 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe 2013-07-28 21:36:59 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2013-07-28 21:36:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2013-07-28 21:36:59 3407256 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2013-07-28 21:36:59 279448 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2013-07-28 21:36:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2013-07-28 21:36:58 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2013-07-28 21:36:58 1090952 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll 2013-07-28 21:36:56 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-07-28 21:36:56 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll 2013-07-28 21:36:56 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2013-07-28 21:17:55 -------- d-----w- c:\program files\Norton PC Checkup 3.0 2013-07-28 21:05:44 -------- d-----w- c:\users\lapreasha\appdata\roaming\PCCUStubInstaller 2013-07-11 09:07:30 2049024 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2013-07-19 02:37:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-19 02:37:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-17 22:29:41 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll 2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-23 05:25:28 934488 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symefa.sys 2013-05-21 05:02:00 367704 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symds.sys 2013-05-16 05:02:14 603224 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys 2013-05-08 04:04:52 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-05-08 03:40:36 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-08 01:58:22 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ============= FINISH: 19:49:48.63 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/20/2009 8:44:13 PM System Uptime: 7/31/2013 4:51:09 PM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD Turion X2 Dual-Core Mobile RM-70 | Socket M2/S1G1 | 500/1800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 226 GiB total, 168.299 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: Realtek High Definition Audio Device ID: ROOT\MEDIA\0000 Manufacturer: Realtek Name: Realtek High Definition Audio PNP Device ID: ROOT\MEDIA\0000 Service: IntcAzAudAddService . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system 7-Zip 9.28 alpha Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program Atheros Wi-Fi Protected Setup Library ATI Catalyst Install Manager Audacity 2.0 Bonjour Camera Assistant Software for Toshiba Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CD/DVD Drive Acoustic Silencer Citrix Presentation Server Client Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition ESET Online Scanner v3 GearDrvs Google Chrome Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Inkscape 0.48.4 iTunes Malwarebytes Anti-Malware version 1.75.0.1300 Memeo AutoBackup Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Access 2010 Microsoft Fix it Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Move Media Player Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Norton 360 Norton PC Checkup OGA Notifier 2.0.0048.0 OpenOffice 4.0.0 QuickBooks Financial Center QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Skins Skype Toolbars SUPERAntiSpyware swMSM Synaptics Pointing Device Driver TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Games TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WinZip 14.0 Yahoo! Detect . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.