Jump to content

Am I still infected?


Recommended Posts

Greetings,

Ty in advance for all your help. I'll start off describing my issue.

About a week ago i reformatted a couple pcs on my home network. Mine and my parents. My parents pc had become so crippled it became unuseable. BSOD's, computer restarting. Especially worse when they would browse the internet in their webrowser. the pc would sometimes freeze and hitch, which was noticeable when the mouse would freeze on screen trying to click on webpage links. cpu use was always at stuck at 50% nomatter what program was executed or process being used. hdd was thrashing. pc was so slow to respond if you clicked osmething you had to wait I thought their old p4 machine was done and they needed a new one. we use NIS security suite. I scanned with malwarebytes... spybot....nothing came up with anything.

Then eventually my machine also started acting strange. I started noticing system nt kernel process using cpu all the time when the pc was idle. sometimes the norton processes would hang at 25% similar to how their pc was mysteriously haning at 50% and i would have to reboot to stop it. I was geting random disconnects in online video games. game crashes. Then one day i noticed mouse freezing on my screen every couple seconds when i was browsing in firefox...the same manner it happened on their pc with IE. it only did that for a couple mintues, and didin't last as long as on their machine. but i freaked out.

So i reformatted both pcs. Their machine then started running like it was brand new again with no noticeable issues. turns out we didn't need to buy a new computer like we though.. . but now no more crashes....computer boots up and runs much faster and seems normal again. very responsive and no unusual cpu usage in task manager. They have not mentioned to me any issues, although they usually wait till it gets bad...lol.

But on my machine now i'm starting to notice weird activity again. I still notice the nt kernel process using cpu when my pc is idle. I downloaded process explorer and pinpoint it to file called srstp64.sys. I searched and found this is an NIS driver. I went to the norton forums but didn't get much help there. I don't know if they are taking me serious. I'm wondering if norton is corrupted by a virus. I've followed their proceudre for a clean removal and reinstall, even though i'm a fresh install of windows and the same issue keeps happening.

But i'm also noticing my memory use steadily climbing from 15% on boot.....to about 40% after being on for a day or so on my machine.. every process seems to increase in memory size over time. maybe this is normal? the two biggest are the explorer.exe process goes from about 30mb to almost 200mb after a day or so. the svchost.exe process also climbs from about 150mb to 250mb. which i always thought was due to superfetch. I use win 7 64 bit.

no scans find anything. but is it still possible my networkis still infected with a virus? I ran DDS like instructed. I appreciate your time and help with this matter and value any information you may have to set my mind at ease. Here is the DDS info and attachment. ty again.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Rick at 1:33:35 on 2013-01-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3688 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUI.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll

uRun: [Argus Monitor] "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe"

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

Trusted Zone: dell.com

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

TCP: NameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{15F1B488-6526-4D91-A062-5D8CE6283596} : DHCPNameServer = 192.168.1.1 68.237.161.12

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-12-28 13:24; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn

FF - ExtSQL: 2012-12-28 13:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn

FF - ExtSQL: 2012-12-28 13:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-28 13:56; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-12-28 72240]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-12-28 15920]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-19 55280]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402000.013\SymDS64.sys [2012-12-28 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402000.013\SymEFA64.sys [2012-12-28 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-12-28 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSviA64.sys [2013-1-3 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402000.013\Ironx64.sys [2012-12-28 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys [2012-12-28 432800]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]

R2 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-4-14 140160]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-4 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-4 682344]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-12-28 143928]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-2 46136]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-28 138912]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-11-19 321064]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-4 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-11-19 226616]

S3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-11-19 47672]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-28 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-28 1255736]

S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]

.

=============== Created Last 30 ================

.

2013-01-04 05:50:18 -------- d-----w- C:\Users\Rick\AppData\Roaming\Malwarebytes

2013-01-04 05:50:10 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-04 05:50:09 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-04 05:50:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-04 05:50:01 -------- d-----w- C:\Users\Rick\AppData\Local\Programs

2013-01-03 06:12:03 -------- d-----w- C:\Users\Rick\AppData\Local\NPE

2013-01-03 02:30:05 -------- d-----w- C:\Users\Rick\AppData\Local\Diagnostics

2013-01-03 00:45:21 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2013-01-02 23:39:18 -------- d-----w- C:\Users\Rick\AppData\Local\Downloaded Installations

2013-01-02 23:39:16 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-01-02 23:39:15 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-12-31 19:25:13 -------- d-----w- C:\Users\Rick\AppData\Local\ElevatedDiagnostics

2012-12-31 07:00:53 -------- d-----w- C:\Users\Rick\AppData\Local\CrashDumps

2012-12-31 04:13:07 -------- d-----w- C:\Users\Rick\AppData\Local\ESN Sonar

2012-12-30 14:56:17 -------- d-----w- C:\Users\Rick\AppData\Local\Adobe

2012-12-30 06:10:28 -------- d-----w- C:\Users\Rick\AppData\Local\Advanced_Micro_Devices

2012-12-30 05:09:00 -------- d-----w- C:\Program Files\PeerBlock

2012-12-30 03:24:06 -------- d-----w- C:\Program Files\CCleaner

2012-12-29 20:40:23 90112 ------w- C:\Windows\Updreg.EXE

2012-12-29 20:40:22 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL

2012-12-29 20:40:22 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL

2012-12-29 20:40:22 230912 ----a-w- C:\Windows\System32\APOMgr64.DLL

2012-12-29 20:40:22 177664 ----a-w- C:\Windows\SysWow64\APOMngr.DLL

2012-12-29 20:40:12 -------- d-----w- C:\Program Files (x86)\Creative

2012-12-29 20:39:51 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2012-12-29 20:39:51 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2012-12-29 20:39:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2012-12-29 20:39:51 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2012-12-29 20:39:51 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2012-12-29 20:39:46 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2012-12-29 20:39:46 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

2012-12-29 05:58:53 -------- d-----w- C:\Users\Rick\AppData\Local\Macromedia

2012-12-29 05:48:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-29 05:48:09 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-29 03:32:20 1706640 ----a-w- C:\Windows\RtlExUpd.dll

2012-12-29 03:32:20 -------- d--h--w- C:\Program Files (x86)\Temp

2012-12-29 03:32:19 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-12-29 03:32:19 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-12-29 03:32:19 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-12-29 03:32:19 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-12-29 03:32:19 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-12-29 03:32:19 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-12-29 03:32:18 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-12-29 03:32:18 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-12-29 03:29:37 -------- d-----w- C:\Users\Rick\AppData\Local\Apps

2012-12-29 03:29:36 -------- d-----w- C:\Users\Rick\AppData\Local\Deployment

2012-12-28 22:47:56 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-12-28 22:47:52 -------- d-----w- C:\Users\Rick\AppData\Local\PunkBuster

2012-12-28 22:16:56 -------- d-----w- C:\Users\Rick\AppData\Local\ArgusMonitor

2012-12-28 22:16:45 -------- d-----w- C:\Program Files (x86)\ArgusMonitor

2012-12-28 20:38:58 -------- d-----w- C:\Users\Rick\AppData\Local\ESN

2012-12-28 20:38:56 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2012-12-28 20:32:23 -------- d-----w- C:\ProgramData\EA Core

2012-12-28 20:32:22 -------- d-----w- C:\ProgramData\EA Logs

2012-12-28 19:59:35 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2012-12-28 19:49:03 -------- d-----w- C:\Users\Rick\AppData\Roaming\Origin

2012-12-28 19:48:25 -------- d-----w- C:\Users\Rick\AppData\Local\Origin

2012-12-28 19:47:58 -------- d-----w- C:\ProgramData\Origin

2012-12-28 19:47:58 -------- d-----w- C:\ProgramData\Electronic Arts

2012-12-28 19:47:58 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-12-28 19:47:50 -------- d-----w- C:\Program Files (x86)\Origin

2012-12-28 19:01:28 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys

2012-12-28 19:01:23 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys

2012-12-28 19:01:12 -------- d-----w- C:\Program Files (x86)\Nero

2012-12-28 18:49:57 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-12-28 18:48:56 -------- d-----w- C:\Users\Rick\AppData\Roaming\uTorrent

2012-12-28 18:41:40 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-12-28 18:41:40 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-12-28 18:41:40 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-12-28 18:24:54 -------- d-----w- C:\Windows\pss

2012-12-28 18:23:21 43680 ----a-r- C:\Windows\System32\drivers\SymIMV.sys

2012-12-28 18:15:37 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-12-28 18:14:36 -------- d-----w- C:\Users\Rick\AppData\Local\AMD

2012-12-28 18:12:05 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-12-28 18:12:02 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-12-28 18:11:59 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-12-28 18:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-12-28 18:11:18 -------- d-----w- C:\ProgramData\AMD

2012-12-28 18:08:09 -------- d-----w- C:\Program Files\ATI Technologies

2012-12-28 18:08:07 -------- d-----w- C:\Program Files\ATI

2012-12-28 18:07:33 -------- d-----w- C:\AMD

2012-12-28 17:40:58 -------- d-----w- C:\Windows\SysWow64\Wat

2012-12-28 17:40:58 -------- d-----w- C:\Windows\System32\Wat

2012-12-28 17:39:01 -------- d-----w- C:\Windows\System32\SPReview

2012-12-28 17:38:49 -------- d-----w- C:\Windows\System32\EventProviders

2012-12-28 17:37:04 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2012-12-28 17:37:04 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2012-12-28 17:35:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL

2012-12-28 17:24:55 96768 ----a-w- C:\Windows\System32\fsutil.exe

2012-12-28 16:54:32 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-12-28 16:54:32 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-12-28 16:54:32 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-12-28 16:54:32 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-28 16:41:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2012-12-28 16:41:29 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-28 16:41:29 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-28 16:41:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-28 16:41:29 100864 ----a-w- C:\Windows\System32\fontsub.dll

2012-12-28 16:41:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-28 16:41:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-12-28 16:41:05 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-12-28 16:41:05 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-12-28 16:41:05 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-12-28 16:41:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-12-28 16:41:05 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-12-28 16:41:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-12-28 16:39:29 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-12-28 16:39:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-12-28 16:39:29 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-12-28 16:39:29 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-12-28 16:39:29 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-12-28 16:36:58 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-12-28 16:35:58 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-12-28 16:25:43 77312 ----a-w- C:\Windows\System32\packager.dll

2012-12-28 16:25:43 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-12-28 16:25:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-12-28 16:16:34 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-12-28 16:10:40 -------- d-----w- C:\ProgramData\Norton

2012-12-28 16:01:48 -------- d-----w- C:\Users\Rick\AppData\Local\PackageAware

2012-12-28 16:00:02 -------- d-----w- C:\ProgramData\PCDr

2012-12-28 10:09:42 -------- d-----w- C:\Windows\SMINST

2012-12-28 09:28:13 -------- d-----w- C:\Users\Rick\AppData\Roaming\Dell

2012-12-28 09:28:08 -------- d-----w- C:\Users\Rick\AppData\Local\Stardock_Corporation

2012-12-28 09:27:58 -------- d-----w- C:\Users\Rick\AppData\Local\DataSafeOnline

2012-12-28 09:27:58 -------- d-----w- C:\Users\Rick\AppData\Local\ATI

2012-12-28 09:27:29 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-28 09:27:28 -------- d-----w- C:\Users\Rick\AppData\Local\VirtualStore

2012-12-28 09:27:11 -------- d-----w- C:\Users\Rick\AppData\Local\SoftThinks

2012-12-28 09:26:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-12-28 09:26:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-12-28 09:26:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2013-01-04 03:56:49 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-01-04 03:19:08 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-28 22:53:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-12-28 17:49:27 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-12-28 17:49:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-12-28 16:16:23 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-28 16:15:29 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-20 21:01:34 68808 ----a-w- C:\Windows\SysWow64\drivers\ArgusMonitor.sys

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-09 01:00:02 776864 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\srtsp64.sys

.

============= FINISH: 1:33:48.08 ===============

attach.zip

Link to post
Share on other sites

Run the follwing and post the logs;

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

Ty for your fast response. I had some werid issues following these instructions. i downloaded and ran adwcleaner. but upon reboot and after loggin into windows. my pc just hung on a black screen with a mouse cursor. the desktop never came up. i waited 15 mins and there was no disk activity....so i had to power the pc off and on. after rebooting the second time....it went to the black screen only for a couple mins and i saw disk activity so i let it go. after only a few mins.....windows booted and generated the log file.

Then i downloaded combofix. I went to shut off my norton antivirus and firewall. and norton crashed on me. wouldn't load up. so i rebooted again. this time the desktop only partially loaded up and froze again.... i was able to move the mouse and the icons loaded...but the only thing that loaded in the task tray was malwarebytes and nothing else. and i couldn't click on anything. so i rebooted once again.

this time i was able to turn off the norton protetion and shut down malwarebytes and run combofix. combofix ran and rebooted. took a long time to generate the log file though, and i noticed one of the startup items in my task tray did not load. a shareware hardware monitor i use called argus monitor. i then went to load up the web browser. but IE and firefox both kept telling me an "illegal action was performed by a registry entry marke for deletion." and wouldnt load up. I once again rebooted the pc.

the pc then booted very fast...loaded up the argus monitor as well on bootup and i am now able to load the browsers. Hopefully I followed these instructions correctly and these issues are nothing to worry about. i don't notice any other issues as of yet. again ty for your response. here are the log files generated:

# AdwCleaner v2.104 - Logfile created 01/04/2013 at 10:49:04

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Rick - RICK-PC

# Boot Mode : Normal

# Running from : C:\Users\Rick\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\searchplugins\safesearch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [893 octets] - [04/01/2013 10:49:04]

########## EOF - C:\AdwCleaner[s1].txt - [952 octets] ##########

ComboFix 13-01-04.03 - Rick 01/04/2013 11:12:21.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4786 [GMT -5:00]

Running from: c:\users\Rick\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))

.

.

2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\programdata\Malwarebytes

2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-04 05:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-03 00:45 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys

2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2013-01-01 04:41 . 2013-01-01 04:41 -------- d-----w- c:\program files\WinRAR

2012-12-30 14:56 . 2012-12-30 14:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-12-30 05:09 . 2013-01-04 15:48 -------- d-----w- c:\program files\PeerBlock

2012-12-30 03:24 . 2012-12-30 03:24 -------- d-----w- c:\program files\CCleaner

2012-12-29 20:40 . 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

2012-12-29 20:40 . 2010-01-12 20:37 230912 ----a-w- c:\windows\system32\APOMgr64.DLL

2012-12-29 20:40 . 2010-01-12 20:36 177664 ----a-w- c:\windows\SysWow64\APOMngr.DLL

2012-12-29 20:40 . 2009-12-29 21:52 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL

2012-12-29 20:40 . 2009-12-29 21:50 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL

2012-12-29 20:40 . 2012-12-29 20:40 -------- d-----w- c:\program files (x86)\Creative

2012-12-29 20:39 . 2003-11-10 23:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2012-12-29 20:39 . 2003-11-10 23:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2012-12-29 20:39 . 2003-11-10 23:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2012-12-29 20:39 . 2003-11-10 23:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2012-12-29 20:39 . 2003-11-10 23:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2012-12-29 20:39 . 2012-12-29 20:39 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2012-12-29 20:39 . 2012-12-29 20:39 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

2012-12-29 15:06 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-12-29 05:48 . 2012-12-29 19:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-29 05:48 . 2012-12-29 19:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-29 05:48 . 2012-12-29 05:48 -------- d-----w- c:\windows\system32\Macromed

2012-12-29 03:32 . 2012-12-29 20:45 -------- d--h--w- c:\program files (x86)\Temp

2012-12-29 03:32 . 2012-05-25 23:06 1706640 ----a-w- c:\windows\RtlExUpd.dll

2012-12-29 03:32 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-12-29 03:32 . 2006-02-07 20:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-12-29 03:32 . 2006-02-07 20:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-12-29 03:32 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-12-29 03:32 . 2006-02-07 20:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-12-29 03:32 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-12-29 03:32 . 2012-12-29 03:32 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-12-29 03:32 . 2012-12-29 03:32 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-12-28 22:47 . 2013-01-04 03:56 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-28 22:16 . 2012-12-28 22:19 -------- d-----w- c:\program files (x86)\ArgusMonitor

2012-12-28 20:38 . 2012-12-28 20:38 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-12-28 20:32 . 2012-12-28 20:32 -------- d-----w- c:\programdata\EA Core

2012-12-28 20:32 . 2012-12-29 03:50 -------- d-----w- c:\programdata\EA Logs

2012-12-28 19:59 . 2012-12-28 19:59 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-12-28 19:47 . 2012-12-28 20:35 -------- d-----w- c:\programdata\Electronic Arts

2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin Games

2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\programdata\Origin

2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin

2012-12-28 19:01 . 2011-07-13 18:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys

2012-12-28 19:01 . 2012-12-28 19:01 -------- dc----w- c:\windows\system32\DRVSTORE

2012-12-28 19:01 . 2011-07-13 18:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys

2012-12-28 19:01 . 2012-12-28 19:02 -------- d-----w- c:\program files (x86)\Nero

2012-12-28 19:01 . 2012-12-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Nero

2012-12-28 18:55 . 2012-12-28 18:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-12-28 18:49 . 2012-12-28 18:49 -------- d-----w- c:\program files (x86)\uTorrent

2012-12-28 18:41 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-12-28 18:41 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-12-28 18:41 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-12-28 18:23 . 2012-09-07 02:05 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2012-12-28 18:15 . 2012-12-28 18:15 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-12-28 18:14 . 2012-12-28 18:14 -------- d-----w- c:\programdata\ATI

2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD AVT

2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD APP

2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-12-28 18:11 . 2013-01-03 01:13 -------- d-----w- c:\programdata\AMD

2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-12-28 18:08 . 2012-12-28 18:11 -------- d-----w- c:\program files\ATI Technologies

2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files\ATI

2012-12-28 18:07 . 2012-12-28 18:07 -------- d-----w- C:\AMD

2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\SysWow64\Wat

2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\system32\Wat

2012-12-28 17:39 . 2012-12-28 17:39 -------- d-----w- c:\windows\system32\SPReview

2012-12-28 17:38 . 2012-12-28 17:38 -------- d-----w- c:\windows\system32\EventProviders

2012-12-28 17:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2012-12-28 17:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-12-28 17:35 . 2010-11-20 13:27 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2012-12-28 17:24 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-12-28 16:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-28 16:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-28 16:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-28 16:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-28 16:48 . 2012-11-28 20:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-28 16:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-28 16:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-28 16:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-28 16:41 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2012-12-28 16:41 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2012-12-28 16:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-28 16:41 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-28 16:41 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-28 16:41 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-28 16:41 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-28 16:41 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-28 16:41 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-28 16:41 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-28 16:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-12-28 16:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-12-28 16:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-12-28 16:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-12-28 16:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-12-28 16:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-12-28 16:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-12-28 16:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-12-28 16:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-12-28 16:25 . 2012-12-28 16:25 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-28 16:16 . 2012-12-28 16:16 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Java

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Symantec

2012-12-28 16:15 . 2012-12-28 16:15 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\windows\system32\drivers\NISx64

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\Norton Internet Security

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-12-28 16:10 . 2013-01-03 06:12 -------- d-----w- c:\programdata\Norton

2012-12-28 16:00 . 2012-12-28 16:02 -------- d-----w- c:\programdata\PCDr

2012-12-28 10:09 . 2012-12-28 10:09 -------- d-----w- c:\windows\SMINST

2012-12-28 09:27 . 2012-12-28 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks

2012-12-28 09:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-12-28 09:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-12-28 09:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-12-28 09:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-12-28 09:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-12-28 09:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-12-28 09:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-28 17:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-12-28 17:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-12-28 16:16 . 2010-11-19 08:45 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-20 21:01 . 2012-11-20 21:01 68808 ----a-w- c:\windows\SysWow64\drivers\ArgusMonitor.sys

2012-10-16 08:38 . 2012-12-28 16:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-28 16:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-28 16:37 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Argus Monitor"="c:\program files (x86)\ArgusMonitor\ArgusMonitor.exe" [2012-12-17 1785112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616]

R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]

R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys [x]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1255736]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-27 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-27 138912]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - ExtSQL: 2012-12-28 13:24; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn

FF - ExtSQL: 2012-12-28 13:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn

FF - ExtSQL: 2012-12-28 13:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-28 13:56; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2013-01-04 11:22:20 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-04 16:22

.

Pre-Run: 908,068,220,928 bytes free

Post-Run: 908,019,568,640 bytes free

.

- - End Of File - - 5C3C1A8B84180D805FD351EFC226B911

Link to post
Share on other sites

Thanks for the logs, do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those 3 logs, also give an update on any remaining issues/concerns...

Kevin

Link to post
Share on other sites

Tks once again. Here are the logs.

ComboFix 13-01-04.03 - Rick 01/04/2013 17:26:50.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4584 [GMT -5:00]

Running from: c:\users\Rick\Desktop\ComboFix.exe

Command switches used :: c:\users\Rick\Desktop\cfscript..txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))

.

.

2013-01-04 22:30 . 2013-01-04 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-04 19:32 . 2013-01-04 19:32 -------- d-----w- c:\program files\Realmware

2013-01-04 18:39 . 2013-01-04 18:50 -------- d-----w- c:\program files (x86)\OCCTPT

2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\programdata\Malwarebytes

2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-04 05:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-03 00:45 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys

2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2013-01-01 04:41 . 2013-01-01 04:41 -------- d-----w- c:\program files\WinRAR

2012-12-30 14:56 . 2012-12-30 14:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-12-30 05:09 . 2013-01-04 15:48 -------- d-----w- c:\program files\PeerBlock

2012-12-30 03:24 . 2012-12-30 03:24 -------- d-----w- c:\program files\CCleaner

2012-12-29 20:40 . 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

2012-12-29 20:40 . 2010-01-12 20:37 230912 ----a-w- c:\windows\system32\APOMgr64.DLL

2012-12-29 20:40 . 2010-01-12 20:36 177664 ----a-w- c:\windows\SysWow64\APOMngr.DLL

2012-12-29 20:40 . 2009-12-29 21:52 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL

2012-12-29 20:40 . 2009-12-29 21:50 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL

2012-12-29 20:40 . 2012-12-29 20:40 -------- d-----w- c:\program files (x86)\Creative

2012-12-29 20:39 . 2003-11-10 23:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2012-12-29 20:39 . 2003-11-10 23:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2012-12-29 20:39 . 2003-11-10 23:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2012-12-29 20:39 . 2003-11-10 23:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2012-12-29 20:39 . 2003-11-10 23:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2012-12-29 20:39 . 2012-12-29 20:39 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2012-12-29 20:39 . 2012-12-29 20:39 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

2012-12-29 15:06 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-12-29 05:48 . 2012-12-29 19:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-29 05:48 . 2012-12-29 19:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-29 05:48 . 2012-12-29 05:48 -------- d-----w- c:\windows\system32\Macromed

2012-12-29 03:32 . 2012-12-29 20:45 -------- d--h--w- c:\program files (x86)\Temp

2012-12-29 03:32 . 2012-05-25 23:06 1706640 ----a-w- c:\windows\RtlExUpd.dll

2012-12-29 03:32 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-12-29 03:32 . 2006-02-07 20:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-12-29 03:32 . 2006-02-07 20:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-12-29 03:32 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-12-29 03:32 . 2006-02-07 20:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-12-29 03:32 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-12-29 03:32 . 2012-12-29 03:32 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-12-29 03:32 . 2012-12-29 03:32 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-12-28 22:47 . 2013-01-04 20:04 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-28 22:16 . 2012-12-28 22:19 -------- d-----w- c:\program files (x86)\ArgusMonitor

2012-12-28 20:38 . 2012-12-28 20:38 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-12-28 20:32 . 2012-12-28 20:32 -------- d-----w- c:\programdata\EA Core

2012-12-28 20:32 . 2012-12-29 03:50 -------- d-----w- c:\programdata\EA Logs

2012-12-28 19:59 . 2012-12-28 19:59 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-12-28 19:47 . 2012-12-28 20:35 -------- d-----w- c:\programdata\Electronic Arts

2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin Games

2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\programdata\Origin

2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin

2012-12-28 19:01 . 2011-07-13 18:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys

2012-12-28 19:01 . 2012-12-28 19:01 -------- dc----w- c:\windows\system32\DRVSTORE

2012-12-28 19:01 . 2011-07-13 18:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys

2012-12-28 19:01 . 2012-12-28 19:02 -------- d-----w- c:\program files (x86)\Nero

2012-12-28 19:01 . 2012-12-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Nero

2012-12-28 18:55 . 2012-12-28 18:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-12-28 18:49 . 2012-12-28 18:49 -------- d-----w- c:\program files (x86)\uTorrent

2012-12-28 18:41 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-12-28 18:41 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-12-28 18:41 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-12-28 18:23 . 2012-09-07 02:05 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2012-12-28 18:15 . 2012-12-28 18:15 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-12-28 18:14 . 2012-12-28 18:14 -------- d-----w- c:\programdata\ATI

2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD AVT

2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD APP

2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-12-28 18:11 . 2013-01-03 01:13 -------- d-----w- c:\programdata\AMD

2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-12-28 18:08 . 2012-12-28 18:11 -------- d-----w- c:\program files\ATI Technologies

2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files\ATI

2012-12-28 18:07 . 2012-12-28 18:07 -------- d-----w- C:\AMD

2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\SysWow64\Wat

2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\system32\Wat

2012-12-28 17:39 . 2012-12-28 17:39 -------- d-----w- c:\windows\system32\SPReview

2012-12-28 17:38 . 2012-12-28 17:38 -------- d-----w- c:\windows\system32\EventProviders

2012-12-28 17:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2012-12-28 17:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-12-28 17:35 . 2010-11-20 13:27 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2012-12-28 17:24 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-12-28 16:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-28 16:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-28 16:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-28 16:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-28 16:48 . 2012-11-28 20:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-28 16:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-28 16:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-28 16:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-28 16:41 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2012-12-28 16:41 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2012-12-28 16:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-28 16:41 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-28 16:41 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-28 16:41 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-28 16:41 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-28 16:41 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-28 16:41 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-28 16:41 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-28 16:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-12-28 16:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-12-28 16:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-12-28 16:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-12-28 16:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-12-28 16:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-12-28 16:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-12-28 16:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-12-28 16:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-12-28 16:25 . 2012-12-28 16:25 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-28 16:16 . 2012-12-28 16:16 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Java

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Symantec

2012-12-28 16:15 . 2012-12-28 16:15 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\windows\system32\drivers\NISx64

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\Norton Internet Security

2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-12-28 16:10 . 2013-01-03 06:12 -------- d-----w- c:\programdata\Norton

2012-12-28 16:00 . 2012-12-28 16:02 -------- d-----w- c:\programdata\PCDr

2012-12-28 10:09 . 2012-12-28 10:09 -------- d-----w- c:\windows\SMINST

2012-12-28 09:27 . 2012-12-28 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks

2012-12-28 09:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-12-28 09:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-12-28 09:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-12-28 09:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-28 17:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-12-28 17:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-12-28 16:16 . 2010-11-19 08:45 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-20 21:01 . 2012-11-20 21:01 68808 ----a-w- c:\windows\SysWow64\drivers\ArgusMonitor.sys

2012-10-16 08:38 . 2012-12-28 16:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-28 16:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-28 16:37 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Argus Monitor"="c:\program files (x86)\ArgusMonitor\ArgusMonitor.exe" [2012-12-17 1785112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-09-21 136648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616]

R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672]

R3 cpuz135;cpuz135;c:\users\Rick\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1255736]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-27 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]

S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-09-21 57512]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-27 138912]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - ExtSQL: 2012-12-28 13:24; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn

FF - ExtSQL: 2012-12-28 13:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn

FF - ExtSQL: 2012-12-28 13:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-12-28 13:56; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-04 17:32:20

ComboFix-quarantined-files.txt 2013-01-04 22:32

.

Pre-Run: 907,904,237,568 bytes free

Post-Run: 907,856,613,376 bytes free

.

- - End Of File - - 365A0FBEFC836A3E04CE81EFD5A3D8D1

ESET found one threat:

C:\Users\Rick\Downloads\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy application

I have downloaded this to my pc but never clicked on it to install. should i delete it?

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 38

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader XI

Mozilla Firefox (17.0.1)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

The issues i'm concerned about is when playing battlefiled 3 online. I was getting random disconnects. other players advised me to shut off UPNP in my router and in windows. which i have done. I haven't been losing my connection now.......but after playing for a while i start to get cpu spikes. My performance decreases the longer i'm playing the game and i was wondering if it had to do with windows using more memory the longer it is on. Due to the issue of my parents pc on the network getting crippled i wanted to make sure i have no malware. I have to restart the pc after a few hours....to get the best performance. I have no heat issues. I have updated drivers. Could this be a psu problem? the back of the psu does feel extremely hot to the touch. i don't feel the fan blowing. and the fan underneath the psu is making noise. so i plan on replacing that next week.

but the other issue is fter playing the game, or i'm not sure what program causes this, but i sp,eto,es notice my csrss.exe process goes to about 150,000k memory used. is this normal? I just went to check it now....but it seems to have gone back to normal, and is back at 25,000k. But my explorer.exe is still at 167,000k. and i notice overtime if i leave my pc on for days....even windows starts to get a little sluggish. is this normal?

Link to post
Share on other sites

I'm sorry i had a type oh there. I mean to say i "sometimes notice" my csrss.exe process go to about 150,000k and stay there for an hour or so. I'm not sure why. I was thinking it had to do with the game i play online. but my explorer.exe is still at a large number. maybe this is normal in windows 7? tks again for your understanding and help with this matter.

Link to post
Share on other sites

i'm not sure how to edit the post i apologize. I just wanted to add that one of my svchost.exe process is at 250,000k and that basically all the running processes increase in memory over time. Maybe this is a nautral occurence. I dont' know much about windows 7. ty again.

Rich.

Link to post
Share on other sites

It does really depend what is happening on your system at any given time for memory increase/decrease. When you look at svchost entries under Processes and you see one has increased memory, right click on that entry > select "Go to Service(s)" You will then see what service or services are responsible.

Regarding the PSU, yes that can get hot if you are using applications such as games, they are quite intense and use a lot of resources. The fans can have a big influence on heat, if the fan or fans are blocked with dust bunnies or are starting to fail that certainly will not help..

I would monitor Taskmanger with nothing running, such as games. Maybe open your usual browser but let it just sit, see what the readings are in the TM....

I dont see anything obviously wrong with the latest logs, regarding the ESET log, yep just delete the entry it flagged if you do not need it...

Let me know how the system responds when idle with just your browser open, any issues etc..

Link to post
Share on other sites

Again it actually depends what your system is doing, at present my explorer.exe is running at 29,020 approx 20 MB, Yet my browser (Firefox) is running at 335,060 approx 310 MB. Nothing to worry about.

Maybe worthwhile running a clean boot of your system and see how it responds. That means all services other than Microsoft services will be stopped. Follow the instructions at this link http://support.microsoft.com/kb/929135 for a clean boot. Read the instructions a couple of times, is not difficult to do.

Let me know if you have any remaining issues/concerns, if all ok maybe we can clean up and remove the tools etc... You do need to update Java at some point....

Your Java javaicon.gif maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in start > control panel > uninstall a programs, make sure old versions have been removed...

Kevin

Link to post
Share on other sites

I will try the clean boot of windows and leave my pc on for a day and see if I get the same issue...but I if the explorer.exe increasing in size so much is not anything to worry about then everything is ok.

I will update my java asap.

I guess i need further instruction on cleaing up the tools? I appreciate all your time and help Kevin.

The only other other questions i have regarding my pc were about my hardware. Would you know any proper forums to ask these questions? I was wondering if the psu getting really hot under full stress might be causing my cpu to spike. And i was wondering if the cpu could also be causing my NB temperature to be hotter at idle...then when at full load...lol I don't know if this is by design on the new amd gigabyte boards or what, which is what my dell pc has. ...... At first i just thought the software was not reading the censor correct. But i acctually did the finger test....and to my amazment. the NB heatsink is much cooler to the touch at full load....then it is at idle. so the temp reading must be correct. defies common logic but maybe it is by design. It idles at 65 degrees and cools to as low as 50 on full load. Could this be another sign of a faulty psu not undervolting correctly I wonder? Would you know any hardware experts i could ask?

Tks again for everything Kevin.

Link to post
Share on other sites

Just leave the tools as they are for now, see what happens in a clean boot state. If you are worrying about possible temperature issues maybe best to start with the basics, open the PC case and blow out and clean all fan apertures, maybe use a can of compressed air or similar.

If you believe you have hardware issues go to the manufacturers website and ask for advice there, that is the best site for help/advice...

Link to post
Share on other sites

ok so i ran a cleanboot for a couple days. i noticed again explorer.exe gaining in size after a while. not as much as when i load all drivers and services i have going...but maybe its just normal for my machine. since i do alot of diff tasks and run diff programs everyday with many windows open. maybe supefetch keeps everyting in memory always.

btw i also got a brand new corsair psu. and the game is running much better.

but now i have another question. I just set up my home network again on my pc. i share music and movies on my network with another computer. and now my NIS firewall randomly asked me to allow explorer.exe to connect to the other computer. Is this something i need to allow for file sharing between the two pcs? i'm pretty sure i already transferred the movie.....so i'm curious about this.

Link to post
Share on other sites

oh i should add.....that it is going from my computer on port 16339. to port 80 on the other machine. this might be normal.. but i don't want to take any chances nowadays. I guess i can just block it...and see if i can stil share files on the network. if i can't i will just allow it. But i appreciate your input.

Link to post
Share on other sites

All you need to do is clean up:

Remove Combofix now that we're done with it

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Next,

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

Delete Security Checks and any produced logs from your Desktop...

Next,

Ensure that the system is returned to Normal state from Clean Boot state...

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, If no remaining issues is it ok to close your thread?

here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,

Yellow for caution, and

Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Take care,

Kevin

Link to post
Share on other sites

Tks a whole bunch Kevin. . I've uninstalled all the tools. Used TFC. updated everything with filehippo. (what an awsome tool) I downloaded winpatrol.

I do already use firefox with noscript and adblocker.

I appreciate all your help.. I do use NIS, , but I want to change firewall suites when my subscription runs out in a couple months. I used to use zonealarm but it became a resource hog which is why i swtiched to NIS.....I was wondering if there was any premium suites that you recommend, That are both user friendly and low on resources. tks again Kevin.

Link to post
Share on other sites

My own set up is Windows Firewall, Microsoft Security Essentials, Malwarebytes Pro. That is my fronline defence. I also use Winpatrol. My browser is Firefox, I also have Chrome and IE just to use for access sometimes. If you use Chrome do not use any version less than 25, that is essential.

The Firewall and MSE are obviously free, Malwarebytes Pro is approx £20 for lifetime licence with Free updates and realtime protection, it does work really well with that set up...

I also use TFC, just remember to re-boot after a clean. Two extra addons I use with FF are Web of Trust (WOT) and Ghostery...

I did use Online Armor free FW previously, but not since I upgraded to W7 from Vista and XP. I visit many suspicious places at times doing reseach, never been caught out yet...

Kevin.....

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

OK, Larry has re-opend your topic as requested, thanks Larry...

I`m not convinced this is a malware issue but lets have another look at your system.

Run the following please:

Download OTLI.gifOTL from any of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTL.exe

http://itxassociates...T-Tools/OTL.com

http://www.itxassoci...T-Tools/OTL.scr

  • Double click on the icon otlDesktopIcon.png to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in:

    netsvcs
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    msconfig
    %SYSTEMDRIVE%\*.exe
    %LOCALAPPDATA%\*.exe
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT


  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Kevin....

Link to post
Share on other sites

Sorry to have this thread reopened. It turns out NIS was the cause of all my issues. NIS is even worse then i thought now. I would never recommend that program to anybody anymore. NIS 2009 and 2010 were good programs. but 2012 turned into a disaster, and i guess 2013 is even worse. They are back to their old ways crippling pcs.

I was wondering if a subcription to malwarebytes is only good for one pc or can i install on the 3 pcs on my network. Thanks for all your help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.