Jump to content

jjdonohue

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. all the things you have marked for deletion are legitament programs so i dont want to delete those. i know what they are also all this cleaning is destroying good files. i had an issue with symantec and fixed that. i also lost corel instantviewer and i dont know how to get that back. that was a legit program as well. what will tfc do?
  2. here is the eset log. i thought i posted this before but it didnt copy for some reason C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2preghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\CrExtP2p.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll.vir Win32/Toolbar.MyWebSearch.T application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zauxstb.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zimpipe.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zPlugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zreghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskplay.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll.vir Win32/Toolbar.MyWebSearch.T application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll.vir Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll.vir Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application C:\AdwCleaner\Quarantine\C\Users\jjdonohue\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\0B72751B.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application C:\Users\jjdonohue\Desktop\Johns Technology folder\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\jjdonohue\Desktop\Johns Technology folder\GingersnapRootUtilityForWindows\Gingersnap\gingersnap Android/Exploit.Lotoor.DJ trojan C:\Users\jjdonohue\Downloads\7zip_installer_d162812.exe a variant of Win32/InstallIQ.A application C:\Users\jjdonohue\Downloads\cbsidlm-tr1_13-DiskAid-ORG-197766.exe Win32/DownloadAdmin.G application C:\Users\jjdonohue\Downloads\google earth setup.exe a variant of Win32/Soft32Downloader.D application
  3. here is eset C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2preghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\CrExtP2p.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll.vir Win32/Toolbar.MyWebSearch.T application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zauxstb.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zimpipe.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zPlugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zreghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskplay.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe.vir a variant of Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll.vir Win32/Toolbar.MyWebSearch.T application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application C:\AdwCleaner\Quarantine\C\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EIPlug.dll.vir Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\39EZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q application C:\AdwCleaner\Quarantine\C\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISb.dll.vir Win32/Toolbar.MyWebSearch application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application C:\AdwCleaner\Quarantine\C\Users\jjdonohue\AppData\LocalLow\MapsGalaxy_39EI\Installr\Cache\0B72751B.exe.vir a variant of Win32/Toolbar.MyWebSearch.O application
  4. Ok, shouldn't I also post the eset logs? It's just scanning, not set to clean.
  5. I am running eset now. Seems to be taking a long time.
  6. here is the ADW Cleaner log # AdwCleaner v3.003 - Report created 11/09/2013 at 20:46:36 # Updated 07/09/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : jjdonohue - HOMECOMPUTER # Running from : C:\Users\jjdonohue\Desktop\Johns Technology folder\JRT AND ADWS\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\jjdonohue\AppData\Roaming\Mozilla\Firefox\Profiles\sez1qwa1.default\searchplugins\my-web-search.xml Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Folder Found C:\Program Files\PC Optimizer Pro Folder Found C:\Users\jjdonohue\AppData\Local\CouponXplorer_5z Folder Found C:\Users\JoanneDonohue\AppData\LocalLow\FreeOnlineRadioPlayerRecorder ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder Key Found : HKCU\Software\Splashtop Inc. Key Found : [x64] HKCU\Software\Splashtop Inc. Key Found : HKLM\Software\FreeOnlineRadioPlayerRecorder Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Splashtop Software Updater Key Found : HKLM\Software\Splashtop Inc. ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 -\\ Mozilla Firefox v17.0.1 (en-US) [ File : C:\Users\jjdonohue\AppData\Roaming\Mozilla\Firefox\Profiles\sez1qwa1.default\prefs.js ] Line Found : user_pref("browser.search.defaultenginename", "My Web Search"); Line Found : user_pref("browser.search.selectedEngine", "My Web Search"); Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true); Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.hp.enabled", true); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.initialized", true); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.contextKey", ""); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.installDate", "2013091120"); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerId", "^AFA^xdm123^YY^us"); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerSubId", ""); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.success", true); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.installation.toolbarId", "A762911C-D0BF-45B5-B7F7-C109E14CB2DF"); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.lastActivePing", "1378953797253"); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.options.defaultSearch", true); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.options.homePageEnabled", true); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.options.keywordEnabled", true); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.options.tabEnabled", true); Line Found : user_pref("extensions.toolbar.mindspark._5zMembers_.weather.location", "80201"); Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true); Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "couponxplorer@mindspark.com"); Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponxplorer@mindspark.com"); -\\ Google Chrome v [ File : C:\Users\jjdonohue\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [46901 octets] - [29/08/2013 17:42:35] AdwCleaner[R1].txt - [4461 octets] - [11/09/2013 20:46:36] AdwCleaner[s0].txt - [28645 octets] - [29/08/2013 18:44:35] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4582 octets] ##########
  7. here is the jrt log OS: Windows 7 Professional x64 Ran by jjdonohue on Wed 09/11/2013 at 20:37:18.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\starapp" Successfully deleted: [Folder] "C:\Users\jjdonohue\appdata\local\couponxplorer_5z" ~~~ FireFox Successfully deleted: [File] C:\Users\jjdonohue\AppData\Roaming\mozilla\firefox\profiles\sez1qwa1.default\searchplugins\my-web-search.xml Successfully deleted the following from C:\Users\jjdonohue\AppData\Roaming\mozilla\firefox\profiles\sez1qwa1.default\prefs.js user_pref("browser.search.defaultenginename", "My Web Search"); user_pref("browser.search.selectedEngine", "My Web Search"); user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); user_pref("extensions.mywebsearch.prevKwdEnabled", true); user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); user_pref("extensions.toolbar.mindspark._5zMembers_.hp.enabled", true); user_pref("extensions.toolbar.mindspark._5zMembers_.initialized", true); user_pref("extensions.toolbar.mindspark._5zMembers_.installation.contextKey", ""); user_pref("extensions.toolbar.mindspark._5zMembers_.installation.installDate", "2013090518"); user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerId", "^AFA^xdm123^YY^us"); user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerSubId", ""); user_pref("extensions.toolbar.mindspark._5zMembers_.installation.success", true); user_pref("extensions.toolbar.mindspark._5zMembers_.installation.toolbarId", "A762911C-D0BF-45B5-B7F7-C109E14CB2DF"); user_pref("extensions.toolbar.mindspark._5zMembers_.lastActivePing", "1378863978549"); user_pref("extensions.toolbar.mindspark._5zMembers_.options.defaultSearch", true); user_pref("extensions.toolbar.mindspark._5zMembers_.options.homePageEnabled", true); user_pref("extensions.toolbar.mindspark._5zMembers_.options.keywordEnabled", true); user_pref("extensions.toolbar.mindspark._5zMembers_.options.tabEnabled", true); user_pref("extensions.toolbar.mindspark._5zMembers_.weather.location", "80201"); user_pref("extensions.toolbar.mindspark.hp.enabled", true); user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "couponxplorer@mindspark.com"); user_pref("extensions.toolbar.mindspark.lastInstalled", "couponxplorer@mindspark.com"); Emptied folder: C:\Users\jjdonohue\AppData\Roaming\mozilla\firefox\profiles\sez1qwa1.default\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 09/11/2013 at 20:40:53.74 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. ok heres the mbar logs you asked for. i will run JRT in the meantime next warebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.11.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 jjdonohue :: HOMECOMPUTER [administrator] 9/10/2013 10:51:43 PM mbar-log-2013-09-10 (22-51-43).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 304132 Time elapsed: 14 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) system log --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_35 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 3.325000 GHz Memory total: 6298877952, free: 4160012288 Downloaded database version: v2013.09.11.01 Downloaded database version: v2013.08.06.01 ======================================= Initializing... ------------ Kernel report ------------ 09/10/2013 22:51:40 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\SRTSP64.SYS \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130910.016\EX64.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130910.016\ENG64.SYS \SystemRoot\System32\Drivers\SRTSPX64.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \??\C:\Windows\system32\drivers\wpsdrvnt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\drivers\HCW85BDA.sys \SystemRoot\system32\drivers\BdaSup.SYS \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\SysWOW64\drivers\Afc.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\teefer2.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\hcw85cir3.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\hidir.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\dot4usb.sys \SystemRoot\system32\DRIVERS\Dot4.sys \SystemRoot\system32\DRIVERS\Dot4Prt.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\lvbflt64.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\lvrs64.sys \SystemRoot\system32\DRIVERS\lvuvc64.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \??\C:\Windows\system32\drivers\WpsHelper.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\Drivers\PROCEXP113.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\nsi.dll \Windows\System32\kernel32.dll \Windows\System32\user32.dll \Windows\System32\urlmon.dll \Windows\System32\clbcatq.dll \Windows\System32\psapi.dll \Windows\System32\wininet.dll \Windows\System32\comdlg32.dll \Windows\System32\shell32.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\ole32.dll \Windows\System32\oleaut32.dll \Windows\System32\sechost.dll \Windows\System32\lpk.dll \Windows\System32\difxapi.dll \Windows\System32\normaliz.dll \Windows\System32\msctf.dll \Windows\System32\gdi32.dll \Windows\System32\setupapi.dll \Windows\System32\imm32.dll \Windows\System32\Wldap32.dll \Windows\System32\iertutil.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll \Windows\System32\msvcrt.dll \Windows\System32\shlwapi.dll \Windows\System32\imagehlp.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa800992f790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a3\ Lower Device Object: 0xfffffa800963db60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa800992c790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a2\ Lower Device Object: 0xfffffa8009636b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8009929790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a1\ Lower Device Object: 0xfffffa800960fb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8009926790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a0\ Lower Device Object: 0xfffffa800961bb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8009817790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000009e\ Lower Device Object: 0xfffffa80095ecb60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8009795790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000093\ Lower Device Object: 0xfffffa80095c7b60 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006313060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8005fc8050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006313060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006313b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006313060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005fc8050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8454D051 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1438427136 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1438633984 Numsec = 26511360 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8009795790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80095b9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009795790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80095c7b60, DeviceName: \Device\00000093\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2544D32F Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8009817790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009619b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009817790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80095ecb60, DeviceName: \Device\0000009e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8009926790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80099262c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009926790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800961bb60, DeviceName: \Device\000000a0\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8009929790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80099292c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009929790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800960fb60, DeviceName: \Device\000000a1\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa800992c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800992c2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800992c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009636b60, DeviceName: \Device\000000a2\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa800992f790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800992f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800992f790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800963db60, DeviceName: \Device\000000a3\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished
  9. nevermind - i ran an uninstall on that feature and reinstalled it and its ok now. its late here so i need to look at this tomorrow and start in on step 4, although i am kind of wondering if i need it since the antiroot kit was totally clean.
  10. i ran the malwarebytes antiroot kit and it was totally clean found nothing. Something that did happen will it was running though was that symantecs proactive threat protection got shut down. I cant get it restarted. I tried repairing symantec and downloading new updates through live update and restarted the computer to no avail. The proactive threat will not load. The other functions are working however, antivirus/antispyware protection and network threat proteaction are on. I dont want to go any further til we fix this. maybe something got damaged during the combo run, i dont know.
  11. i also ran a check with malware bytes and it doesnt see that zero access trojan anymore. in fact it doesnt see anything bad at all.
  12. just for the heck of it i also ran another scan with rogue killer. the zero access entries seemed to be gone from the combo fix run. Theres some other entries (6 in the registry) in there but i dont know what htey are or if they matter. Do they? RogueKiller V8.6.10 _x64_ [sep 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : jjdonohue [Admin rights] Mode : Scan -- Date : 09/10/2013 22:11:01 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [DNS] HKLM\[...]\CS001\[...]\{6390DA39-7966-4DDF-82B7-315DB3ED7155} : NameServer (216.146.35.240,216.146.36.240,192.168.0.1,205.171.3.25) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] Symantec Help (relaunch) : C:\Users\jjdonohue\AppData\Local\Temp\STSFX19E7\SymDiag.exe - -relaunch "C:\Users\jjdonohue\AppData\Local\Temp\HOMECOMPUTER__2013_09_10__00_10_42.SdDb" [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721075CLA332 +++++ --- User --- [MBR] 5b8a824b7f35c776990992ef606356a4 [bSP] cf3cd43742a158bea9654d093c7db3fa : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 702357 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1438633984 | Size: 12945 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Hitachi HDS721075CLA332 +++++ --- User --- [MBR] 3c97f74b632c03f3aafc0a9fb8750bce [bSP] 8e9a6e344c69a32be8d87b148b0ae0f2 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Hitachi HDS721075CLA332 +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_09102013_221101.txt >>
  13. ok it completed. things seem ok for the moment - phew! here is the log. omboFix 13-09-10.03 - jjdonohue 09/10/2013 21:37:06.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6007.4188 [GMT -6:00] Running from: c:\users\jjdonohue\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\Google\Desktop\Install c:\program files (x86)\Google\Desktop\Install\{606d6c62-145f-c615-8d5d-55efb7063390}\9519~1\A535~1\E628~1\{606d6c62-145f-c615-8d5d-55efb7063390}\@ c:\program files (x86)\Google\Desktop\Install\{606d6c62-145f-c615-8d5d-55efb7063390}\9519~1\A535~1\E628~1\{606d6c62-145f-c615-8d5d-55efb7063390}\U\00000001.@ c:\program files (x86)\Google\Desktop\Install\{606d6c62-145f-c615-8d5d-55efb7063390}\9519~1\A535~1\E628~1\{606d6c62-145f-c615-8d5d-55efb7063390}\U\00000002.@ c:\programdata\0230F9D3B5.sys c:\programdata\Printers c:\programdata\PrintingModule c:\users\jjdonohue\AppData\Local\assembly\tmp c:\windows\PFRO.log c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2013-08-11 to 2013-09-11 ))))))))))))))))))))))))))))))) . . 2013-09-11 03:47 . 2013-09-11 03:47 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2013-09-11 03:47 . 2013-09-11 03:47 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2013-09-11 03:47 . 2013-09-11 03:47 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2013-09-11 03:47 . 2013-09-11 03:47 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2013-09-11 03:47 . 2013-09-11 03:47 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2013-09-11 03:45 . 2013-09-11 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-10 06:02 . 2013-09-10 06:02 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2013-09-10 03:40 . 2013-09-10 03:40 -------- d-----w- c:\users\jjdonohue\AppData\Local\WinZip Courier 2013-09-10 03:39 . 2013-09-11 03:44 -------- d-----w- c:\users\jjdonohue\AppData\Local\assembly 2013-09-08 22:44 . 2013-09-08 22:44 1805736 ----a-w- C:\FixZeroAccess.exe 2013-09-08 20:39 . 2013-09-08 20:39 -------- d-----w- c:\programdata\Nikon 2013-09-08 20:05 . 2013-09-08 20:05 -------- d-----w- c:\programdata\ZoomBrowser 2013-09-08 20:04 . 2013-09-08 20:04 -------- d-----w- c:\programdata\Canon_Inc_IC 2013-09-07 23:25 . 2013-09-07 23:25 -------- d-----w- c:\users\jjdonohue\AppData\Roaming\Nikon 2013-09-07 23:25 . 2013-09-07 23:25 -------- d-----w- c:\users\jjdonohue\AppData\Local\Nikon 2013-09-07 23:24 . 2013-09-07 23:24 61440 ----a-r- c:\users\jjdonohue\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe 2013-09-07 23:23 . 2013-09-07 23:23 -------- d-----w- c:\windows\Downloaded Installations 2013-09-07 23:23 . 2013-09-07 23:23 -------- d-----w- c:\program files (x86)\Common Files\Nikon 2013-09-07 23:23 . 2013-09-07 23:23 -------- d-----w- c:\programdata\Light Machine 2013-09-07 23:22 . 2013-09-07 23:24 -------- d-----w- c:\program files\Common Files\Nikon 2013-09-07 23:22 . 2013-09-07 23:24 -------- d-----w- c:\program files (x86)\Nikon 2013-09-07 23:22 . 2013-09-07 23:22 -------- d-----w- c:\program files\Nikon 2013-09-07 23:22 . 2013-09-07 23:22 -------- d-----w- c:\programdata\MIDI Drivers 2013-09-07 23:22 . 2013-09-07 23:22 -------- d-----w- c:\programdata\Keyboard Layouts 2013-09-07 23:21 . 2013-09-07 23:23 -------- d-----w- c:\programdata\Ultima_T15 2013-09-07 23:21 . 2013-09-07 23:23 -------- d-----w- c:\programdata\EnterNHelp 2013-09-07 23:21 . 2013-09-07 23:21 -------- d-----w- c:\programdata\Specifications 2013-09-06 04:42 . 2013-09-06 04:43 -------- d-----w- c:\programdata\WinZip 2013-09-06 04:42 . 2013-09-06 04:42 -------- d-----w- c:\program files\WinZip 2013-09-06 00:11 . 2013-09-06 00:11 -------- d-----w- c:\users\jjdonohue\AppData\Local\CouponXplorer_5z 2013-08-30 01:25 . 2013-08-30 01:25 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-08-30 01:25 . 2013-08-30 01:25 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-08-30 00:59 . 2013-08-30 00:59 -------- d-----w- c:\windows\ERUNT 2013-08-29 23:42 . 2013-08-30 00:44 -------- d-----w- C:\AdwCleaner 2013-08-29 15:11 . 2013-08-29 15:11 -------- d-----w- c:\users\JoanneDonohue\AppData\Roaming\Malwarebytes 2013-08-29 15:10 . 2013-09-05 23:52 -------- d-----w- c:\users\JoanneDonohue\AppData\Local\Htc 2013-08-29 15:10 . 2013-08-29 15:10 -------- d-----w- c:\users\JoanneDonohue\AppData\Roaming\HTC 2013-08-29 14:57 . 2013-08-29 14:57 -------- d-----w- c:\programdata\unwvq 2013-08-29 11:44 . 2013-08-29 14:54 -------- d-----w- c:\programdata\asby 2013-08-29 00:05 . 2013-08-29 00:05 -------- d-----w- c:\users\jjdonohue\AppData\Roaming\Hopster 2013-08-15 09:07 . 2013-08-15 09:09 -------- d-----w- c:\windows\system32\MRT 2013-08-15 09:00 . 2013-07-25 03:54 17830400 ----a-w- c:\windows\system32\mshtml.dll 2013-08-15 09:00 . 2013-07-25 03:35 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-08-14 21:25 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 21:25 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 21:25 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 21:25 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 21:25 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-14 21:25 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-08-14 21:25 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-14 21:25 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-10 19:33 . 2012-09-07 18:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-09-10 19:33 . 2011-06-01 20:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-10 19:33 . 2013-06-11 21:34 9430408 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-09-06 01:13 . 2010-12-10 03:53 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-09-03 00:35 . 2010-12-08 05:21 3766 --sha-w- c:\programdata\KGyGaAvL.sys 2013-08-05 22:14 . 2011-01-21 01:25 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-09 04:45 . 2013-08-14 21:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-01 19:28 . 2012-09-22 17:48 325920 ----a-w- c:\windows\SysWow64\Sendori.dll 2013-06-29 21:34 . 2013-06-29 21:35 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-29 21:34 . 2012-09-07 19:20 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-06-29 21:34 . 2011-05-30 21:52 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] "AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-26 39408] "iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-20 812544] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] . c:\users\jjdonohue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-6-17 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 CouponXplorer_5zService;CouponXplorerService;c:\progra~2\COUPON~4\bar\1.bin\5zbarsvc.exe;c:\progra~2\COUPON~4\bar\1.bin\5zbarsvc.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x] R2 sprtlisten;SupportSoft Listener Service;c:\program files (x86)\Common Files\supportsoft\bin\sprtlisten.exe;c:\program files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [x] R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x] R3 CXPLRCAP;EVC2010;c:\windows\system32\drivers\elvidcap.sys;c:\windows\SYSNATIVE\drivers\elvidcap.sys [x] R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys;c:\program files (x86)\iDisplay\idisplay.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 19:33] . 2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 05:17] . 2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 05:17] . 2013-09-08 c:\windows\Tasks\HPCeeScheduleForjjdonohue.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\jjdonohue\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 FF - ProfilePath - c:\users\jjdonohue\AppData\Roaming\Mozilla\Firefox\Profiles\sez1qwa1.default\ FF - prefs.js: browser.search.selectedEngine - My Web Search FF - ExtSQL: !HIDDEN! 2010-12-12 19:25; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-{65c72339-fb1d-4155-84e1-9afacee02d6f} - c:\program files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll SafeBoot-Symantec Antvirus HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) AddRemove-Coupon Printer for Windows5.0.0.2 - c:\program files (x86)\Coupons\uninstall.exe AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe AddRemove-Splashtop Software Updater - c:\program files (x86)\Splashtop\Splashtop Software Updater\uninst.exe AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE} AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c3,a0,16,93,ee,48,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,e0,10,5a,61,51,13,4d,92,8a,7d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,e0,10,5a,61,51,13,4d,92,8a,7d,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,d0,4d,2e,97,ba,7f,4a,99,5b,da,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe c:\program files (x86)\iDisplay\iDisplay.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe c:\program files (x86)\Sendori\SendoriUp.exe c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-09-10 21:53:57 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-11 03:53 . Pre-Run: 497,924,571,136 bytes free Post-Run: 499,104,542,720 bytes free . - - End Of File - - E3514DF632486B9946BCEBEB156337B3
  14. i told symantec to disable itself and it appeared off by the software indicators but when i ran combofix it kept saying it was still on and the antivirus file protect was on. It gave me a message that if i continued it was at risk so i decided to stop it before it continued. I wont be able to do this if this is going to happen , can I? I guess there must be another way to disable symantec but i dont know what that is unless i have to disable in the start menu or something like that.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.