Jump to content

Ran DDS. here are my logs


Recommended Posts

Hello,

I found this board through a Google search and see others have been having the same issue. My computer has been randomly shutting down, and I've removed several bits of maleware (probably obtained the few times I let my 10 year old use my PC!) but this svchost.exe trojan won't go away, and every time I start up MB tells me it's there. I just started a new job and need to do 40 hours of training on the computer and this sucks, help! (please)!

This is my latest log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.19.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Terri :: GATEWAY [administrator]

Protection: Enabled

12/19/2012 9:44:41 AM

mbam-log-2012-12-19 (09-44-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211285

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

2012/12/19 02:36:24 -0500 GATEWAY (null) MESSAGE Executing scheduled update: Daily

2012/12/19 02:36:28 -0500 GATEWAY (null) MESSAGE Scheduled update executed successfully: database updated from version v2012.12.18.07 to version v2012.12.19.03

2012/12/19 06:22:23 -0500 GATEWAY Terri MESSAGE Starting protection

2012/12/19 06:22:23 -0500 GATEWAY Terri MESSAGE Protection started successfully

2012/12/19 06:22:23 -0500 GATEWAY Terri MESSAGE Starting IP protection

2012/12/19 06:22:25 -0500 GATEWAY Terri MESSAGE IP Protection started successfully

2012/12/19 06:22:25 -0500 GATEWAY Terri MESSAGE Starting database refresh

2012/12/19 06:22:25 -0500 GATEWAY Terri MESSAGE Stopping IP protection

2012/12/19 06:22:25 -0500 GATEWAY Terri MESSAGE IP Protection stopped successfully

2012/12/19 06:22:27 -0500 GATEWAY Terri MESSAGE Database refreshed successfully

2012/12/19 06:22:27 -0500 GATEWAY Terri MESSAGE Starting IP protection

2012/12/19 06:22:29 -0500 GATEWAY Terri MESSAGE IP Protection started successfully

2012/12/19 07:19:05 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE

2012/12/19 07:19:05 -0500 GATEWAY Terri ERROR Quarantine failed: DeleteFile failed with error code 5

2012/12/19 08:40:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:52:06 -0500 GATEWAY Terri MESSAGE Starting protection

2012/12/19 08:52:06 -0500 GATEWAY Terri MESSAGE Protection started successfully

2012/12/19 08:52:06 -0500 GATEWAY Terri MESSAGE Starting IP protection

2012/12/19 08:52:07 -0500 GATEWAY Terri MESSAGE IP Protection started successfully

2012/12/19 08:52:07 -0500 GATEWAY Terri MESSAGE Starting database refresh

2012/12/19 08:52:07 -0500 GATEWAY Terri MESSAGE Stopping IP protection

2012/12/19 08:52:08 -0500 GATEWAY Terri MESSAGE IP Protection stopped successfully

2012/12/19 08:52:09 -0500 GATEWAY Terri MESSAGE Database refreshed successfully

2012/12/19 08:52:09 -0500 GATEWAY Terri MESSAGE Starting IP protection

2012/12/19 08:52:10 -0500 GATEWAY Terri MESSAGE IP Protection started successfully

2012/12/19 08:52:40 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE

2012/12/19 08:53:26 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:53:38 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:53:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:54:06 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:54:16 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:54:34 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:54:46 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:54:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:55:14 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:55:24 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:55:35 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:55:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:56:10 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:56:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:56:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:56:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:57:01 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:57:19 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:57:23 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:57:31 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:57:43 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:58:01 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:58:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:58:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:58:40 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:58:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:59:00 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:59:18 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:59:28 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:59:38 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 08:59:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:00:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:00:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:00:35 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:00:45 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:00:55 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:01:13 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:01:23 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:01:33 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:01:51 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:02:01 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:02:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:02:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:02:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:02:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:03:08 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:03:18 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:03:28 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:03:46 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:03:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:04:06 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:04:24 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:04:34 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:04:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:05:02 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:05:12 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:05:23 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:05:41 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:05:51 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:06:01 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:06:19 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:06:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:06:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:06:57 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:07:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:07:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:07:37 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:07:48 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:07:59 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:08:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:08:27 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:08:38 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:08:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:09:06 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:09:16 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:09:34 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:09:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:09:54 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:10:12 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:10:22 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:10:33 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:10:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:11:01 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:11:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:11:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:11:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:11:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:12:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:12:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:12:27 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:12:45 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:12:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:13:06 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:13:24 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:13:34 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:13:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:14:02 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:14:12 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:14:22 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:14:40 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:14:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:15:00 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:15:18 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:15:28 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:15:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:15:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:16:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:16:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:16:35 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:16:45 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:16:55 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:17:13 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:17:23 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:17:34 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:17:51 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:18:02 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:18:12 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:18:28 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:18:30 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:18:40 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:18:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:19:08 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:19:19 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:19:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:19:47 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:19:57 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:20:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:20:25 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:20:35 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:30:55 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:31:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:31:31 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:31:41 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:31:59 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:32:09 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:32:19 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:32:37 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:32:47 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:32:58 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:33:15 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:33:26 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:33:36 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:33:54 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:34:04 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:34:15 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:34:33 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:34:43 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:34:53 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:35:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:35:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:35:32 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:35:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:36:00 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:36:10 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:36:28 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:36:38 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:36:48 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:37:06 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:37:16 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:37:26 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:37:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:37:58 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:38:09 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:38:32 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:38:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:38:55 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:39:14 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:39:24 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:39:34 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:39:52 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:40:02 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:40:12 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:40:30 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:40:40 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:40:51 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:41:09 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:41:19 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:41:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:41:47 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:41:57 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:42:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:42:25 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:42:36 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:42:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:43:08 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:43:20 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:43:32 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:43:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:44:00 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:44:10 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:44:28 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:44:38 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:44:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:45:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:45:18 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:45:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:45:47 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:45:58 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:46:10 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:46:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:46:40 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:46:42 -0500 GATEWAY Terri MESSAGE Executing scheduled update: Daily

2012/12/19 09:46:46 -0500 GATEWAY Terri MESSAGE Scheduled update executed successfully: database updated from version v2012.12.19.05 to version v2012.12.19.06

2012/12/19 09:46:46 -0500 GATEWAY Terri MESSAGE Starting database refresh

2012/12/19 09:46:47 -0500 GATEWAY Terri MESSAGE Stopping IP protection

2012/12/19 09:46:48 -0500 GATEWAY Terri MESSAGE IP Protection stopped successfully

2012/12/19 09:47:03 -0500 GATEWAY Terri MESSAGE Database refreshed successfully

2012/12/19 09:47:03 -0500 GATEWAY Terri MESSAGE Starting IP protection

2012/12/19 09:47:05 -0500 GATEWAY Terri MESSAGE IP Protection started successfully

2012/12/19 09:55:01 -0500 GATEWAY Terri MESSAGE Starting protection

2012/12/19 09:55:01 -0500 GATEWAY Terri MESSAGE Protection started successfully

2012/12/19 09:55:01 -0500 GATEWAY Terri MESSAGE Starting IP protection

2012/12/19 09:55:03 -0500 GATEWAY Terri MESSAGE IP Protection started successfully

2012/12/19 09:56:10 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE

2012/12/19 09:56:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:56:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:56:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:57:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:57:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:57:28 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:57:46 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:57:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:58:06 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:58:24 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:58:36 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:58:46 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:59:05 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:59:15 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:59:26 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:59:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 09:59:54 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:00:04 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:00:14 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:00:22 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:00:32 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:00:42 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:01:01 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:01:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:01:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:01:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:01:50 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:02:00 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:02:18 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:02:29 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:02:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:02:57 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:03:07 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:03:18 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:03:36 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:03:46 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:03:56 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:04:14 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:04:24 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:04:34 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:04:52 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:05:02 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:05:12 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:05:30 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:05:43 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:05:53 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:06:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:06:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:06:31 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:06:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:06:59 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:07:09 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:07:27 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:07:37 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:07:47 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:08:05 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:08:15 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:08:26 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:08:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:08:54 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:09:04 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:09:22 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:09:32 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:09:43 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:10:01 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:10:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:10:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:10:39 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:10:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:10:59 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:11:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:11:27 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:11:37 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:11:55 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:12:05 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:12:15 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:12:33 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:12:43 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:12:53 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:13:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:13:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:13:31 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:13:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:13:59 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:14:09 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:14:27 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:14:37 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:14:47 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:15:05 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:15:16 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:15:26 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:15:44 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:15:54 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:16:04 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:16:22 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:16:32 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:16:42 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:17:00 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:17:10 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:17:20 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:17:38 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:17:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:17:59 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:18:17 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:18:27 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:18:37 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:18:55 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:19:05 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:19:15 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:19:33 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:19:43 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:19:53 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:20:11 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:20:21 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:20:31 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:20:49 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

2012/12/19 10:20:59 -0500 GATEWAY Terri DETECTION C:\Windows\svchost.exe Trojan.Agent DENY

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2

Run by Terri at 11:39:13 on 2012-12-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.2150 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Enterprise DDNS Client\ddnsclient.exe

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe

C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\splwow64.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mStart Page = hxxp://www.bing.com/?pc=MAGW

mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll

uRun: [Google Update] "C:\Users\Terri\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: 80

Trusted Zone: 83

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{C8C46544-AA96-4C16-B163-B08D4E8A4E43} : DHCPNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://www.bing.com/?pc=MAGW

x64-mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\p3g5y47c.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Terri\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Terri\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Terri\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\System32\WebClient\npwebclient.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1301000.01C\SymDS64.sys [2012-8-30 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1301000.01C\SymEFA64.sys [2012-8-30 1084536]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys [2012-8-30 167048]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121218.001_bf0\IDSviA64.sys [2012-12-19 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.sys [2012-8-30 189560]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\symnets.sys [2012-8-30 401016]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DDNS Enterprise Client;DDNS Enterprise Client;C:\Program Files (x86)\Enterprise DDNS Client\ddnsclient.exe [2010-12-3 53248]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-21 13336]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-10-21 244624]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-17 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-17 676936]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-7-9 231752]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2012-8-30 138760]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-3 2656280]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-3 138912]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-21 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-17 25928]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-28 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-19 14:56:29 20480 ----a-w- C:\Windows\svchost.exe

2012-12-19 14:42:46 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-18 17:03:15 -------- d-----w- C:\Users\Terri\AppData\Local\assembly

2012-12-17 21:07:48 -------- d-----w- C:\Program Files (x86)\Mueller Services

2012-12-17 21:07:48 -------- d-----w- C:\MuellerPhotos

2012-12-17 21:06:43 -------- d-----w- C:\Program Files (x86)\Mueller Services, Inc

2012-12-17 20:16:47 -------- d-----w- C:\Users\Terri\AppData\Roaming\Malwarebytes

2012-12-17 11:39:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-17 11:39:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-17 11:39:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-16 16:10:06 -------- d-----w- C:\Users\Terri\AppData\Local\{78EE89F5-1CB0-4F47-8F73-80B2F7998F9C}

2012-12-14 17:43:06 -------- d-----w- C:\Program Files (x86)\Citrix

2012-12-13 11:52:50 -------- d-----w- C:\Users\Terri\AppData\Local\{18BFE8CA-9B88-4BED-A869-213A1C4359ED}

2012-12-12 13:09:01 -------- d-----w- C:\Users\Terri\AppData\Local\{F9893AE7-3676-4228-8CAB-A26BF64124F4}

2012-12-04 00:08:45 -------- d-----w- C:\Users\Terri\AppData\Local\Microsoft Help

2012-11-30 01:05:11 -------- d-----w- C:\Users\Terri\AppData\Local\{F7EB3BB0-A8AE-48F9-8A79-D3C0C7E6123E}

2012-11-29 12:55:20 -------- d-----w- C:\Users\Terri\AppData\Local\{3253D530-F9E7-4B42-AC7B-04D0AFBBFA77}

2012-11-27 21:28:55 -------- d-----w- C:\Users\Terri\AppData\Local\{324B5737-39A6-4904-B173-AD61B0AB5340}

.

==================== Find3M ====================

.

2012-12-19 14:42:35 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-17 21:21:00 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-17 21:21:00 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-17 21:15:48 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 20:35:14 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-23 19:09:18 96784 ----a-w- C:\Windows\SysWow64\packet.dll

2012-09-23 19:09:18 369168 ----a-w- C:\Windows\System32\wpcap.dll

2012-09-23 19:09:18 35344 ----a-w- C:\Windows\System32\drivers\npf.sys

2012-09-23 19:09:18 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll

2012-09-23 19:09:18 106000 ----a-w- C:\Windows\System32\packet.dll

.

============= FINISH: 11:39:39.47 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/26/2012 1:45:35 PM

System Uptime: 12/19/2012 9:54:25 AM (2 hours ago)

.

Motherboard: Gateway | | SX2855

Processor: Intel® Pentium® CPU G630 @ 2.70GHz | CPU 1 | 2700/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 917 GiB total, 774.616 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP117: 12/15/2012 3:00:33 AM - Windows Update

RP118: 12/16/2012 7:04:48 AM - Windows Update

RP119: 12/17/2012 3:00:30 AM - Windows Update

RP120: 12/17/2012 4:06:29 PM - Installed Mueller Services Sketch Tool

RP121: 12/17/2012 4:07:37 PM - Installed Mueller Services Photo Uploader

RP122: 12/17/2012 4:15:20 PM - Installed Java 7 Update 10

RP123: 12/18/2012 3:00:26 AM - Windows Update

RP124: 12/18/2012 2:07:14 PM - Windows Update

RP125: 12/19/2012 2:39:52 AM - Windows Update

RP126: 12/19/2012 3:00:30 AM - Windows Update

RP127: 12/19/2012 8:55:40 AM - Windows Update

RP128: 12/19/2012 9:37:34 AM - Removed Java 7 Update 10

RP129: 12/19/2012 9:38:04 AM - Removed JavaFX 2.1.1

RP130: 12/19/2012 9:42:27 AM - Installed Java 7 Update 10

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Adobe SVG Viewer

Agatha Christie - Death on the Nile

Apple Software Update

AUPEO!

Bejeweled 2 Deluxe

Bonjour

Build-a-lot 4 - Power Source

CamStudio OSS Desktop Recorder

Canon MP Navigator EX 1.0

Canon MX310 series

Canon MX310 series User Registration

Canon Utilities Solution Menu

Chronicles of Albian

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Cradle of Rome 2

CyberLink MediaEspresso

CyberLink PowerDVD 10

D3DX10

DDNS Client -- Adams-Land Micro Systems

Dora's World Adventure

eBay Worldwide

Express Zip

Final Drive: Nitro

Fooz Kids

Fooz Kids Platform

Galerie de photos Windows Live

Gateway Games

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Chrome

Google Talk Plugin

GoToMeeting 5.1.0.880

Governor of Poker 2 Premium Edition

HandBrake 0.9.8

Hotkey Utility

Identity Card

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java 7 Update 10

Java Auto Updater

Jewel Match 3

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Research AutoCollage 2008 version 1.1

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mueller Services Photo Uploader

Mueller Services Sketch Tool

Mystery of Mortlake Mansion

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

NETGEAR Genie

Norton Internet Security

Norton Online Backup

Penguins!

Plants vs. Zombies - Game of the Year

Polar Bowler

Polar Golfer

Portforward Static IP Address 1.0.47

Pro Surveillance System(EN)

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Simple Port Forwarding

Simple Port Tester

Times Reader

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Virtual Villagers 5 - New Believers

WebClient

Welcome Center

WildTangent Games App (Gateway Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

12/19/2012 8:56:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

12/19/2012 8:52:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

12/19/2012 8:51:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c6d7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121912-20638-01.

12/19/2012 8:51:26 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

12/19/2012 8:51:26 AM, Error: SRTSP [4] - Error loading virus definitions.

12/19/2012 2:36:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a012990000, 0x0000000000000000, 0xfffff80002d179ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121912-18782-01.

12/16/2012 7:01:40 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/16/2012 7:00:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a013f87000, 0x0000000000000000, 0xfffff80002d299ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-21964-01.

12/14/2012 1:36:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

.

==== End Of File ===========================

Link to post
Share on other sites

That's not the report I want.

This what it looks like:

RogueKiller V8.3.1 [Dec  2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : [url="http://www.geekstogo.com/forum/files/file/413-roguekiller/"]http://www.geekstogo...13-roguekiller/[/url]
Website : [url="http://tigzy.geekstogo.com/roguekiller.php"]http://tigzy.geeksto...roguekiller.php[/url]
Blog : [url="http://tigzyrk.blogspot.com/"]http://tigzyrk.blogspot.com/[/url]

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Symesko [Admin rights]
Mode : Scan -- Date : 12/03/2012 20:07:55

¤¤¤ Bad processes : 6 ¤¤¤
[SUSP PATH] ISUSPM.exe -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -> KILLED [TermProc]
[SUSP PATH] CurseClient.exe -- C:\Users\Symesko\AppData\Local\Apps\2.0\QD78B01T.7NB\7DGPX1JV.XX3\curs..tion_9e9e83ddf3ed3ead_0005.0001_dafeadaaa30c70ac\CurseClient.exe -> KILLED [TermProc]
[SUSP PATH] GoogleCrashHandler.exe -- C:\Users\Symesko\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc]
[SUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Symesko\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]
[Microsoft][HJNAME] SearchFilterHost.exe -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchFilterHost.exe -> KILLED [TermProc]
[RESIDUE] SearchFilterHost.exe -- C:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchFilterHost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM ("C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Run : HPWirelessAssistant (C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3995993713-3184066139-968692001-1001[...]\Run : ISUSPM ("C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10TPVT-65HT5T0 ATA Device +++++
--- User ---
[MBR] 31b28e2877860bc3be221cab898b2753
[BSP] 6b6680a530a1a621391e9ccdb7a1aba5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 931249 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1907607552 | Size: 22317 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12032012_02d2007.txt >>
RKreport[1]_S_12032012_02d2007.txt

Please delete your copy of RogueKiller and download a fresh one:

Please download and run RogueKiller to your desktop.

Reboot into safe mode and run it again...post the report.

MrC

Link to post
Share on other sites

OK I found the report you wanted on my desktop from the old version of RK: d

RogueKiller V8.4.0 [Dec 18 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Terri [Admin rights]

Mode : Scan -- Date : 12/19/2012 12:57:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : Apple (rundll32.exe "C:\Users\Terri\AppData\Local\Conduit\Apple\xqrdpuhu.dll",AllocInstanceDataW) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : Apple (rundll32.exe "C:\Users\Terri\AppData\Local\Conduit\Apple\xqrdpuhu.dll",AllocInstanceDataW) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-9YN162 +++++

--- User ---

[MBR] 52591f4e59080602b83e17aa9029382c

[bSP] 6803b402625d757695699dfd7ca54398 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 48e149f26effaf5937626bbb143fe444

[bSP] 6803b402625d757695699dfd7ca54398 : Windows 7/8 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 48e149f26effaf5937626bbb143fe444

[bSP] 6803b402625d757695699dfd7ca54398 : Windows 7/8 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo

Finished : << RKreport[1]_S_12192012_02d1257.txt >>

RKreport[1]_S_12192012_02d1257.txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : Apple (rundll32.exe "C:\Users\Terri\AppData\Local\Conduit\Apple\xqrdpuhu.dll",AllocInstanceDataW) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : Apple (rundll32.exe "C:\Users\Terri\AppData\Local\Conduit\Apple\xqrdpuhu.dll",AllocInstanceDataW) -> FOUND

Now click Delete on the right hand column under Options

Delete this file if found:

(you may have to enable hidden files to see it:

http://www.howtogeek...-windows-vista/)

C:\Users\Terri\AppData\Local\Conduit\Apple\xqrdpuhu.dll

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

There will be no problem when you run MBAR, it's been run and tested extensively.

It's used thousands of times a day with out causing any problems to the computer.

We have to run MBAR or try this one:

Please read the directions carefully so you don't end up deleting something that is good!!

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Ok I went with the MB Rootkit program. I ran it once, cleaned it, getting ready to run again, here are the first logs:

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2012.12.19.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Terri :: GATEWAY [administrator]

12/19/2012 2:11:31 PM

mbar-log-2012-12-19 (14-11-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 27200

Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_55_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Pihar.c.MBR) -> Delete on reboot.

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_1953524844_user.mbam (Forged physical sector) -> Delete on reboot.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.694000 GHz

Memory total: 4236251136, free: 2160439296

------------ Kernel report ------------

12/19/2012 14:03:20

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\NISx64\1301000.01C\ccSetx64.sys

\SystemRoot\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS

\SystemRoot\system32\drivers\NISx64\1301000.01C\Ironx64.SYS

\SystemRoot\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS

\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121218.020_bdf\EX64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121218.020_bdf\ENG64.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121218.001_bf0\IDSvia64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\e1c62x64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shell32.dll

\Windows\System32\nsi.dll

\Windows\System32\normaliz.dll

\Windows\System32\difxapi.dll

\Windows\System32\usp10.dll

\Windows\System32\clbcatq.dll

\Windows\System32\kernel32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\msctf.dll

\Windows\System32\comdlg32.dll

\Windows\System32\lpk.dll

\Windows\System32\gdi32.dll

\Windows\System32\wininet.dll

\Windows\System32\sechost.dll

\Windows\System32\iertutil.dll

\Windows\System32\ole32.dll

\Windows\System32\advapi32.dll

\Windows\System32\imm32.dll

\Windows\System32\psapi.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\user32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\urlmon.dll

\Windows\System32\ws2_32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\comctl32.dll

\Windows\System32\wintrust.dll

\Windows\System32\KernelBase.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8007ef2590

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000071\

Lower Device Object: 0xfffffa800831fb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8008830790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000070\

Lower Device Object: 0xfffffa8008315b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800649c060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004710050

Lower Device Driver Name: \00000296\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.19.07

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800649c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800649b230, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800649c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004710050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \00000296\

------------ End ----------

Upper DeviceData: 0xfffff8a00ccbdd30, 0xfffffa800649c060, 0xfffffa8009d8c790

Lower DeviceData: 0xfffff8a00e82c1d0, 0xfffffa8004710050, 0xfffffa8008cc73c0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

MBR buffers are not equal

MBR is forged! [5b875a22f8ce39ec096216471c83be3f]

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 634559E9

Partition information:

Partition 0 type is Empty (0x0)

Partition is ACTIVE.

Partition starts at LBA: 55 Numsec = 0

Partition is not bootable

Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]

Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 29360128

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 29362176 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 29566976 Numsec = 1923956144

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-54-1953505168-1953525168)...

Sector 1953524844 --> [Forged physical sector]

Sector 1953524845 --> [Forged physical sector]

Sector 1953524846 --> [Forged physical sector]

Sector 1953524847 --> [Forged physical sector]

Sector 1953524848 --> [Forged physical sector]

Sector 1953524849 --> [Forged physical sector]

Sector 1953524850 --> [Forged physical sector]

Sector 1953524851 --> [Forged physical sector]

Sector 1953524852 --> [Forged physical sector]

Sector 1953524853 --> [Forged physical sector]

Sector 1953524854 --> [Forged physical sector]

Sector 1953524855 --> [Forged physical sector]

Sector 1953524856 --> [Forged physical sector]

Sector 1953524857 --> [Forged physical sector]

Sector 1953524858 --> [Forged physical sector]

Sector 1953524859 --> [Forged physical sector]

Sector 1953524860 --> [Forged physical sector]

Sector 1953524861 --> [Forged physical sector]

Sector 1953524862 --> [Forged physical sector]

Sector 1953524863 --> [Forged physical sector]

Sector 1953524864 --> [Forged physical sector]

Sector 1953524865 --> [Forged physical sector]

Sector 1953524866 --> [Forged physical sector]

Sector 1953524867 --> [Forged physical sector]

Sector 1953524868 --> [Forged physical sector]

Sector 1953524869 --> [Forged physical sector]

Sector 1953524870 --> [Forged physical sector]

Sector 1953524871 --> [Forged physical sector]

Sector 1953524872 --> [Forged physical sector]

Sector 1953524873 --> [Forged physical sector]

Sector 1953524874 --> [Forged physical sector]

Sector 1953524875 --> [Forged physical sector]

Sector 1953524876 --> [Forged physical sector]

Sector 1953524877 --> [Forged physical sector]

Sector 1953524878 --> [Forged physical sector]

Sector 1953524879 --> [Forged physical sector]

Sector 1953524880 --> [Forged physical sector]

Sector 1953524881 --> [Forged physical sector]

Sector 1953524882 --> [Forged physical sector]

Sector 1953524883 --> [Forged physical sector]

Sector 1953524884 --> [Forged physical sector]

Sector 1953524885 --> [Forged physical sector]

Sector 1953524886 --> [Forged physical sector]

Sector 1953524887 --> [Forged physical sector]

Sector 1953524888 --> [Forged physical sector]

Sector 1953524889 --> [Forged physical sector]

Sector 1953524890 --> [Forged physical sector]

Sector 1953524891 --> [Forged physical sector]

Sector 1953524892 --> [Forged physical sector]

Sector 1953524893 --> [Forged physical sector]

Sector 1953524894 --> [Forged physical sector]

Sector 1953524895 --> [Forged physical sector]

Sector 1953524896 --> [Forged physical sector]

Sector 1953524897 --> [Forged physical sector]

Sector 1953524898 --> [Forged physical sector]

Sector 1953524899 --> [Forged physical sector]

Sector 1953524900 --> [Forged physical sector]

Sector 1953524901 --> [Forged physical sector]

Sector 1953524902 --> [Forged physical sector]

Sector 1953524903 --> [Forged physical sector]

Sector 1953524904 --> [Forged physical sector]

Sector 1953524905 --> [Forged physical sector]

Sector 1953524906 --> [Forged physical sector]

Sector 1953524907 --> [Forged physical sector]

Sector 1953524908 --> [Forged physical sector]

Sector 1953524909 --> [Forged physical sector]

Sector 1953524910 --> [Forged physical sector]

Sector 1953524911 --> [Forged physical sector]

Sector 1953524912 --> [Forged physical sector]

Sector 1953524913 --> [Forged physical sector]

Sector 1953524914 --> [Forged physical sector]

Sector 1953524915 --> [Forged physical sector]

Sector 1953524916 --> [Forged physical sector]

Sector 1953524917 --> [Forged physical sector]

Sector 1953524918 --> [Forged physical sector]

Sector 1953524919 --> [Forged physical sector]

Sector 1953524920 --> [Forged physical sector]

Sector 1953524921 --> [Forged physical sector]

Sector 1953524922 --> [Forged physical sector]

Sector 1953524923 --> [Forged physical sector]

Sector 1953524924 --> [Forged physical sector]

Sector 1953524925 --> [Forged physical sector]

Sector 1953524926 --> [Forged physical sector]

Sector 1953524927 --> [Forged physical sector]

Sector 1953524928 --> [Forged physical sector]

Sector 1953524929 --> [Forged physical sector]

Sector 1953524930 --> [Forged physical sector]

Sector 1953524931 --> [Forged physical sector]

Sector 1953524932 --> [Forged physical sector]

Sector 1953524933 --> [Forged physical sector]

Sector 1953524934 --> [Forged physical sector]

Sector 1953524935 --> [Forged physical sector]

Sector 1953524936 --> [Forged physical sector]

Sector 1953524937 --> [Forged physical sector]

Sector 1953524938 --> [Forged physical sector]

Sector 1953524939 --> [Forged physical sector]

Sector 1953524940 --> [Forged physical sector]

Sector 1953524941 --> [Forged physical sector]

Sector 1953524942 --> [Forged physical sector]

Sector 1953524943 --> [Forged physical sector]

Sector 1953524944 --> [Forged physical sector]

Sector 1953524945 --> [Forged physical sector]

Sector 1953524946 --> [Forged physical sector]

Sector 1953524947 --> [Forged physical sector]

Sector 1953524948 --> [Forged physical sector]

Sector 1953524949 --> [Forged physical sector]

Sector 1953524950 --> [Forged physical sector]

Sector 1953524951 --> [Forged physical sector]

Sector 1953524952 --> [Forged physical sector]

Sector 1953524953 --> [Forged physical sector]

Sector 1953524954 --> [Forged physical sector]

Sector 1953524955 --> [Forged physical sector]

Sector 1953524956 --> [Forged physical sector]

Sector 1953524957 --> [Forged physical sector]

Sector 1953524958 --> [Forged physical sector]

Sector 1953524959 --> [Forged physical sector]

Sector 1953524960 --> [Forged physical sector]

Sector 1953524961 --> [Forged physical sector]

Sector 1953524962 --> [Forged physical sector]

Sector 1953524963 --> [Forged physical sector]

Sector 1953524964 --> [Forged physical sector]

Sector 1953524965 --> [Forged physical sector]

Sector 1953524966 --> [Forged physical sector]

Sector 1953524967 --> [Forged physical sector]

Sector 1953524968 --> [Forged physical sector]

Sector 1953524969 --> [Forged physical sector]

Sector 1953524970 --> [Forged physical sector]

Sector 1953524971 --> [Forged physical sector]

Sector 1953524972 --> [Forged physical sector]

Sector 1953524973 --> [Forged physical sector]

Sector 1953524974 --> [Forged physical sector]

Sector 1953524975 --> [Forged physical sector]

Sector 1953524976 --> [Forged physical sector]

Sector 1953524977 --> [Forged physical sector]

Sector 1953524978 --> [Forged physical sector]

Sector 1953524979 --> [Forged physical sector]

Sector 1953524980 --> [Forged physical sector]

Sector 1953524981 --> [Forged physical sector]

Sector 1953524982 --> [Forged physical sector]

Sector 1953524983 --> [Forged physical sector]

Sector 1953524984 --> [Forged physical sector]

Sector 1953524985 --> [Forged physical sector]

Sector 1953524986 --> [Forged physical sector]

Sector 1953524987 --> [Forged physical sector]

Sector 1953524988 --> [Forged physical sector]

Sector 1953524989 --> [Forged physical sector]

Sector 1953524990 --> [Forged physical sector]

Sector 1953524991 --> [Forged physical sector]

Sector 1953524992 --> [Forged physical sector]

Sector 1953524993 --> [Forged physical sector]

Sector 1953524994 --> [Forged physical sector]

Sector 1953524995 --> [Forged physical sector]

Sector 1953524996 --> [Forged physical sector]

Sector 1953524997 --> [Forged physical sector]

Sector 1953524998 --> [Forged physical sector]

Sector 1953524999 --> [Forged physical sector]

Sector 1953525000 --> [Forged physical sector]

Sector 1953525001 --> [Forged physical sector]

Sector 1953525002 --> [Forged physical sector]

Sector 1953525003 --> [Forged physical sector]

Sector 1953525004 --> [Forged physical sector]

Sector 1953525005 --> [Forged physical sector]

Sector 1953525006 --> [Forged physical sector]

Sector 1953525007 --> [Forged physical sector]

Sector 1953525008 --> [Forged physical sector]

Sector 1953525009 --> [Forged physical sector]

Sector 1953525010 --> [Forged physical sector]

Sector 1953525011 --> [Forged physical sector]

Sector 1953525012 --> [Forged physical sector]

Sector 1953525013 --> [Forged physical sector]

Sector 1953525014 --> [Forged physical sector]

Sector 1953525015 --> [Forged physical sector]

Sector 1953525016 --> [Forged physical sector]

Sector 1953525017 --> [Forged physical sector]

Sector 1953525018 --> [Forged physical sector]

Sector 1953525019 --> [Forged physical sector]

Sector 1953525020 --> [Forged physical sector]

Sector 1953525021 --> [Forged physical sector]

Sector 1953525022 --> [Forged physical sector]

Sector 1953525023 --> [Forged physical sector]

Sector 1953525024 --> [Forged physical sector]

Sector 1953525025 --> [Forged physical sector]

Sector 1953525026 --> [Forged physical sector]

Sector 1953525027 --> [Forged physical sector]

Sector 1953525028 --> [Forged physical sector]

Sector 1953525029 --> [Forged physical sector]

Sector 1953525030 --> [Forged physical sector]

Sector 1953525031 --> [Forged physical sector]

Sector 1953525032 --> [Forged physical sector]

Sector 1953525033 --> [Forged physical sector]

Sector 1953525034 --> [Forged physical sector]

Sector 1953525035 --> [Forged physical sector]

Sector 1953525036 --> [Forged physical sector]

Sector 1953525037 --> [Forged physical sector]

Sector 1953525038 --> [Forged physical sector]

Sector 1953525039 --> [Forged physical sector]

Sector 1953525040 --> [Forged physical sector]

Sector 1953525041 --> [Forged physical sector]

Sector 1953525042 --> [Forged physical sector]

Sector 1953525043 --> [Forged physical sector]

Sector 1953525044 --> [Forged physical sector]

Sector 1953525045 --> [Forged physical sector]

Sector 1953525046 --> [Forged physical sector]

Sector 1953525047 --> [Forged physical sector]

Sector 1953525048 --> [Forged physical sector]

Sector 1953525049 --> [Forged physical sector]

Sector 1953525050 --> [Forged physical sector]

Sector 1953525051 --> [Forged physical sector]

Sector 1953525052 --> [Forged physical sector]

Sector 1953525053 --> [Forged physical sector]

Sector 1953525054 --> [Forged physical sector]

Sector 1953525055 --> [Forged physical sector]

Sector 1953525056 --> [Forged physical sector]

Sector 1953525057 --> [Forged physical sector]

Sector 1953525058 --> [Forged physical sector]

Sector 1953525059 --> [Forged physical sector]

Sector 1953525060 --> [Forged physical sector]

Sector 1953525061 --> [Forged physical sector]

Sector 1953525062 --> [Forged physical sector]

Sector 1953525063 --> [Forged physical sector]

Sector 1953525064 --> [Forged physical sector]

Sector 1953525065 --> [Forged physical sector]

Sector 1953525066 --> [Forged physical sector]

Sector 1953525067 --> [Forged physical sector]

Sector 1953525068 --> [Forged physical sector]

Sector 1953525069 --> [Forged physical sector]

Sector 1953525070 --> [Forged physical sector]

Sector 1953525071 --> [Forged physical sector]

Sector 1953525072 --> [Forged physical sector]

Sector 1953525073 --> [Forged physical sector]

Sector 1953525074 --> [Forged physical sector]

Sector 1953525075 --> [Forged physical sector]

Sector 1953525076 --> [Forged physical sector]

Sector 1953525077 --> [Forged physical sector]

Sector 1953525078 --> [Forged physical sector]

Sector 1953525079 --> [Forged physical sector]

Sector 1953525080 --> [Forged physical sector]

Sector 1953525081 --> [Forged physical sector]

Sector 1953525082 --> [Forged physical sector]

Sector 1953525083 --> [Forged physical sector]

Sector 1953525084 --> [Forged physical sector]

Sector 1953525085 --> [Forged physical sector]

Sector 1953525086 --> [Forged physical sector]

Sector 1953525087 --> [Forged physical sector]

Sector 1953525088 --> [Forged physical sector]

Sector 1953525089 --> [Forged physical sector]

Sector 1953525090 --> [Forged physical sector]

Sector 1953525091 --> [Forged physical sector]

Sector 1953525092 --> [Forged physical sector]

Sector 1953525093 --> [Forged physical sector]

Sector 1953525094 --> [Forged physical sector]

Sector 1953525095 --> [Forged physical sector]

Sector 1953525096 --> [Forged physical sector]

Sector 1953525097 --> [Forged physical sector]

Sector 1953525098 --> [Forged physical sector]

Sector 1953525099 --> [Forged physical sector]

Sector 1953525100 --> [Forged physical sector]

Sector 1953525101 --> [Forged physical sector]

Sector 1953525102 --> [Forged physical sector]

Sector 1953525103 --> [Forged physical sector]

Sector 1953525104 --> [Forged physical sector]

Sector 1953525105 --> [Forged physical sector]

Sector 1953525106 --> [Forged physical sector]

Sector 1953525107 --> [Forged physical sector]

Sector 1953525108 --> [Forged physical sector]

Sector 1953525109 --> [Forged physical sector]

Sector 1953525110 --> [Forged physical sector]

Sector 1953525111 --> [Forged physical sector]

Sector 1953525112 --> [Forged physical sector]

Sector 1953525113 --> [Forged physical sector]

Sector 1953525114 --> [Forged physical sector]

Sector 1953525115 --> [Forged physical sector]

Sector 1953525116 --> [Forged physical sector]

Sector 1953525117 --> [Forged physical sector]

Sector 1953525118 --> [Forged physical sector]

Sector 1953525119 --> [Forged physical sector]

Sector 1953525120 --> [Forged physical sector]

Sector 1953525121 --> [Forged physical sector]

Sector 1953525122 --> [Forged physical sector]

Sector 1953525123 --> [Forged physical sector]

Sector 1953525124 --> [Forged physical sector]

Sector 1953525125 --> [Forged physical sector]

Sector 1953525126 --> [Forged physical sector]

Sector 1953525127 --> [Forged physical sector]

Sector 1953525128 --> [Forged physical sector]

Sector 1953525129 --> [Forged physical sector]

Sector 1953525130 --> [Forged physical sector]

Sector 1953525131 --> [Forged physical sector]

Sector 1953525132 --> [Forged physical sector]

Sector 1953525133 --> [Forged physical sector]

Sector 1953525134 --> [Forged physical sector]

Sector 1953525135 --> [Forged physical sector]

Sector 1953525136 --> [Forged physical sector]

Sector 1953525137 --> [Forged physical sector]

Sector 1953525138 --> [Forged physical sector]

Sector 1953525139 --> [Forged physical sector]

Sector 1953525140 --> [Forged physical sector]

Sector 1953525141 --> [Forged physical sector]

Sector 1953525142 --> [Forged physical sector]

Sector 1953525143 --> [Forged physical sector]

Sector 1953525144 --> [Forged physical sector]

Sector 1953525145 --> [Forged physical sector]

Sector 1953525146 --> [Forged physical sector]

Sector 1953525147 --> [Forged physical sector]

Sector 1953525148 --> [Forged physical sector]

Sector 1953525149 --> [Forged physical sector]

Sector 1953525150 --> [Forged physical sector]

Sector 1953525151 --> [Forged physical sector]

Sector 1953525152 --> [Forged physical sector]

Sector 1953525153 --> [Forged physical sector]

Sector 1953525154 --> [Forged physical sector]

Sector 1953525155 --> [Forged physical sector]

Sector 1953525156 --> [Forged physical sector]

Sector 1953525157 --> [Forged physical sector]

Sector 1953525158 --> [Forged physical sector]

Sector 1953525159 --> [Forged physical sector]

Sector 1953525160 --> [Forged physical sector]

Sector 1953525161 --> [Forged physical sector]

Sector 1953525162 --> [Forged physical sector]

Sector 1953525163 --> [Forged physical sector]

Sector 1953525164 --> [Forged physical sector]

Sector 1953525165 --> [Forged physical sector]

Sector 1953525166 --> [Forged physical sector]

Sector 1953525167 --> [Forged physical sector]

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8008830790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008324b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008830790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008315b60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8007ef2590, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008321b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007ef2590, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800831fb60, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Infected: C:\Windows\svchost.exe --> [Trojan.Agent]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

BCD Entry for BOOTEMS is missing

Malicious Entry 26000022 for BOOTEMS present!

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.694000 GHz

Memory total: 4236251136, free: 2834956288

Link to post
Share on other sites

Ok, rebooted, ran Rootkit again and it came up clean! Internet, Windows Update and Firewall are all working. WHEW. I wonder how that virus got on there, considering I have Norton Internet Security 2012 on there? Is it really that bad of an antivirus? As I said my son had been using my computer awhile back for gaming. He has his own computer now and isn't getting near this again! Thank you so much for your help, I sent a small donation thru Paypal, wish I could afford more.

Terri

Link to post
Share on other sites

OK, now you see why we had to run that program...you were badly infected.

We're not done yet...so hang in there.

ComboFix is real easy to run, just follow the instructions........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok, here's the combofix log:

ComboFix 12-12-19.02 - Terri 12/19/2012 16:11:45.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.2903 [GMT -5:00]

Running from: c:\users\Terri\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Gateway

c:\programdata\Gateway\Gateway Updater\_UpdaterService_CFG.ini

c:\programdata\Gateway\Gateway Updater\_UpdaterService_LOG.txt

c:\programdata\Gateway\Gateway Updater\AppDeploy.xml

c:\programdata\Gateway\Gateway Updater\fubdlr.sent

c:\programdata\Gateway\Gateway Updater\Info\ALU_Status_7.txt

c:\programdata\Gateway\Gateway Updater\ServerInfo.xml

c:\programdata\Gateway\Gateway Updater\ServerInfo.xml_debug.xml

c:\programdata\Gateway\Gateway Updater\ServerInfo_Local.xml

c:\programdata\Gateway\Gateway Updater\ServerInfo_Local.xml_debug.xml

c:\programdata\Gateway\Gateway Updater\ServerInfo_Local.xml_ori.xml

c:\users\Terri\AppData\Local\assembly\tmp

c:\users\Terri\Documents\~WRL3446.tmp

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-11-19 to 2012-12-19 )))))))))))))))))))))))))))))))

.

.

2012-12-19 21:16 . 2012-12-19 21:16 -------- d-----w- c:\programdata\Gateway

2012-12-19 21:15 . 2012-12-19 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-19 14:44 . 2012-12-19 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-19 14:42 . 2012-12-19 14:42 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-19 14:42 . 2012-12-19 14:42 -------- d-----w- c:\program files (x86)\Java

2012-12-19 14:33 . 2012-12-19 14:33 -------- d-----w- c:\program files\Microsoft Silverlight

2012-12-19 14:33 . 2012-12-19 14:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-12-18 17:03 . 2012-12-19 21:15 -------- d-----w- c:\users\Terri\AppData\Local\assembly

2012-12-17 21:07 . 2012-12-17 21:07 -------- d-----w- c:\program files (x86)\Mueller Services

2012-12-17 21:07 . 2012-12-17 21:07 -------- d-----w- C:\MuellerPhotos

2012-12-17 20:16 . 2012-12-17 20:16 -------- d-----w- c:\users\Terri\AppData\Roaming\Malwarebytes

2012-12-17 11:39 . 2012-12-17 11:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-17 11:39 . 2012-12-17 11:39 -------- d-----w- c:\programdata\Malwarebytes

2012-12-17 11:39 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-14 17:43 . 2012-12-14 17:43 -------- d-----w- c:\program files (x86)\Citrix

2012-12-04 00:08 . 2012-12-04 00:08 -------- d-----w- c:\users\Terri\AppData\Local\Microsoft Help

2012-12-04 00:08 . 2012-12-04 00:08 -------- d-----w- c:\programdata\Microsoft Help

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-19 14:42 . 2012-07-26 22:11 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-17 21:21 . 2012-07-28 12:15 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-17 21:21 . 2011-10-21 17:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-17 21:15 . 2012-07-26 22:11 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-17 08:02 . 2012-07-03 13:23 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-01 20:35 . 2012-11-17 15:19 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-11-01 02:34 . 2012-11-01 02:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-11-01 02:34 . 2012-09-06 17:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-11-01 02:34 . 2012-09-06 17:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-11-01 02:34 . 2012-11-01 02:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-10-16 08:38 . 2012-11-28 08:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 08:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 08:06 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-16 11:44 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 11:44 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 11:44 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 11:44 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-16 12:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 11:44 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 11:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 11:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 11:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 11:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 11:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 11:44 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 11:44 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 11:44 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 11:44 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 11:44 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-25 22:47 . 2012-11-16 11:43 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-16 11:43 95744 ----a-w- c:\windows\system32\synceng.dll

2012-09-23 19:09 . 2012-09-23 19:09 369168 ----a-w- c:\windows\system32\wpcap.dll

2012-09-23 19:09 . 2012-09-23 19:09 35344 ----a-w- c:\windows\system32\drivers\npf.sys

2012-09-23 19:09 . 2012-09-23 19:09 106000 ----a-w- c:\windows\system32\packet.dll

2012-09-21 14:13 . 2012-09-21 14:13 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-09-21 14:13 . 2012-09-21 14:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-06-15 1040712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-28 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-29 1084536]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121218.001_bf0\IDSvia64.sys [2012-09-01 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-26 189560]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-26 401016]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DDNS Enterprise Client;DDNS Enterprise Client;c:\program files (x86)\Enterprise DDNS Client\ddnsclient.exe [2010-12-03 53248]

S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]

S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-07-10 231752]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-03 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NPF

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 21:21]

.

2012-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3853051037-1454249363-1097120769-1000Core.job

- c:\users\Terri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-30 14:03]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3853051037-1454249363-1097120769-1000UA.job

- c:\users\Terri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-30 14:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-14 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-14 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-14 417560]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]

"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mStart Page = hxxp://www.bing.com/?pc=MAGW

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: 80

Trusted Zone: 83

Trusted Zone: mueller-inc.com\www

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\p3g5y47c.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

Toolbar-Locked - (no file)

WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)

AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu

AddRemove-WebClient - c:\windows\system32\WebClient\uninstall.cmd

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\System32\spool\drivers\x64\3\WrtProc.exe

c:\program files (x86)\NETGEAR Genie\bin\genie2_tray.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-12-19 16:19:12 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-19 21:19

.

Pre-Run: 832,847,572,992 bytes free

Post-Run: 864,241,557,504 bytes free

.

- - End Of File - - B6D301C3B6D90AEAF72599E5BC410A9B

Link to post
Share on other sites

Well Done!! This one is real easy to run......

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

K....here ya go

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 16:31:35

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Terri - GATEWAY

# Boot Mode : Normal

# Running from : C:\Users\Terri\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Public\Desktop\eBay.lnk

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\Terri\AppData\Local\APN

Folder Found : C:\Users\Terri\AppData\Local\Conduit

Folder Found : C:\Users\Terri\AppData\LocalLow\Conduit

Folder Found : C:\Users\Terri\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3201318

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKU\S-1-5-21-3853051037-1454249363-1097120769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\p3g5y47c.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1856 octets] - [19/12/2012 16:31:35]

########## EOF - C:\AdwCleaner[R1].txt - [1916 octets] ##########

Link to post
Share on other sites

Not too bad....some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.