Jump to content

Undetectable Malware or Virus


Recommended Posts

This all started a week ago. I noticed I couldn't open any of my programs without going through the whole "Open with" scenario. That puzzelled me. I wanted to play my Sims2 game, I knew it opens with Sims2 Launcher, so I clicked that. It changed all my programs to open with sims 2 launcher. I went through several days of running norton 360, deleting unused programs, checking for anything i did wrong. Nothing. Then I finally came across this site that gives you registry files you can save to a disk to repair registry files that open with virus damages. By intuition I clicked on Gateway Connect /Accelor and repaired my icon problems. Before then the malware would not let me on the internet. Internet Explorer was just a blank white screen. I had to use another computer to create the disk. The disk helped repair my registry and I had no more open with problems. For access to the internet I had to create another user on my computer. I could log on. I downloaded Malwarebyte ran some test and it found no problems. I still couldnt log on the internet from my old user acct.

The thing whenever I have my internet access turned on, I keep getting these messages:

00:51:31 turbo MESSAGE Protection started successfully

00:51:37 turbo MESSAGE IP Protection started successfully

00:53:03 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 49444, Process: services.exe)

00:58:02 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59161, Process: services.exe)

01:03:07 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59261, Process: services.exe)

01:08:04 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59316, Process: services.exe)

01:13:10 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59335, Process: services.exe)

01:18:08 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59344, Process: services.exe)

01:23:12 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59418, Process: services.exe)

01:28:10 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59425, Process: services.exe)

01:33:16 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59430, Process: services.exe)

01:38:14 turbo IP-BLOCK 91.200.241.49 (Type: outgoing, Port: 59432, Process: services.exe)

I researched it and found this website. So I did the defogger, that didnt work. Nothing is working to stop this outgoing. I am assuming I am still infected. The IP address shows its from china. Ack I dont what else to do.

Link to post
Share on other sites

Thank you very much for the welcome and replying. I really appreciate it.

MBAM Scan results :

mbam-log-2011-08-03 (20-29-14).txt

Scan type: Quick scan

Objects scanned: 182537

Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

*************************************************************************************************************

DDS notepad:

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by turbo at 20:31:11 on 2011-08-03

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1253 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\lxdlcoms.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\sttray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\wsqmcons.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6817

mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6817

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6817

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{32A02B64-2F9A-4ADC-8CF8-8B6CD1A69B75} : DhcpNameServer = 10.0.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\turbo\appdata\roaming\mozilla\firefox\profiles\gsd3b3lh.default\

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-10 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-10 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110802.030\IDSvix86.sys [2011-8-2 367736]

R1 rqgguej;rqgguej;c:\windows\system32\drivers\rqgguej.sys [2008-9-24 307680]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-10 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-10 331384]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]

R2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe -service --> c:\windows\system32\lxdlcoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-28 366640]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-10 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-28 22712]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 135664]

S2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdlserv.exe [2007-5-29 99248]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-6 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 135664]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-08-03 06:27:01 -------- d-----w- c:\users\turbo\appdata\local\Mozilla

2011-08-02 05:51:09 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1623f945-2259-451d-9af0-05edb8cc8f34}\mpengine.dll

2011-07-30 15:00:27 -------- d-----w- c:\users\turbo\appdata\local\Adobe

2011-07-30 05:30:12 -------- d-----w- c:\users\turbo\appdata\local\CrashDumps

2011-07-29 15:41:28 -------- d-----w- c:\users\turbo\appdata\roaming\WildTangent

2011-07-28 07:52:33 -------- d-----w- c:\users\turbo\appdata\roaming\Malwarebytes

2011-07-28 07:52:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-28 07:52:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 07:52:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-28 07:33:34 -------- d-----w- c:\users\turbo\appdata\local\Google

2011-07-27 18:42:05 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-22 23:08:37 -------- d-----w- c:\program files\Western Digital

2011-07-18 13:01:33 -------- d-----w- c:\programdata\Western Digital

2011-07-13 14:33:49 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 14:33:46 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 14:33:46 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-09 05:03:01 461020 ----a-w- c:\programdata\SPL9701.tmp

2011-07-07 16:08:24 461020 ----a-w- c:\programdata\SPL6641.tmp

2011-07-06 08:55:50 -------- d-----w- c:\windows\en

2011-07-06 08:53:14 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2011-07-06 08:49:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-07-06 08:43:06 -------- d-----w- c:\program files\Microsoft

2011-07-06 08:42:52 469256 ----a-w- c:\program files\common files\windows live\.cache\af8b9ef01cc3bb805\InstallManager_WLE_WLE.exe

2011-07-06 08:42:24 15712 ----a-w- c:\program files\common files\windows live\.cache\a0c797701cc3bb804\MeshBetaRemover.exe

2011-07-06 08:42:19 94040 ----a-w- c:\program files\common files\windows live\.cache\9d3326101cc3bb803\DSETUP.dll

2011-07-06 08:42:19 525656 ----a-w- c:\program files\common files\windows live\.cache\9d3326101cc3bb803\DXSETUP.exe

2011-07-06 08:42:19 1691480 ----a-w- c:\program files\common files\windows live\.cache\9d3326101cc3bb803\dsetup32.dll

2011-07-06 08:42:10 94040 ----a-w- c:\program files\common files\windows live\.cache\97a872901cc3bb802\DSETUP.dll

2011-07-06 08:42:10 525656 ----a-w- c:\program files\common files\windows live\.cache\97a872901cc3bb802\DXSETUP.exe

2011-07-06 08:42:10 1691480 ----a-w- c:\program files\common files\windows live\.cache\97a872901cc3bb802\dsetup32.dll

2011-07-06 08:40:46 754688 ----a-w- c:\windows\system32\webservices.dll

.

==================== Find3M ====================

.

2011-06-18 17:28:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-11 02:52:11 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

.

============= FINISH: 20:32:42.13 ===============

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi,

I downloaded and ran combofix, thing is, i can't log on to the internet no more from my laptop.

It keeps telling me that internet explorer and firefox registry keys (.exe)are marked for deletion. I think I am going to have burn the logs unto disk.

Link to post
Share on other sites

I fixed the combofix nt letting me log on

Combo scan:

ComboFix 11-08-03.03 - turbo 08/07/2011 11:22:51.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1582 [GMT -4:00]

Running from: c:\users\turbo\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL5C36.tmp

c:\programdata\SPL6641.tmp

c:\programdata\SPL8256.tmp

c:\programdata\SPL8A0E.tmp

c:\programdata\SPL9701.tmp

c:\programdata\SPLB1FF.tmp

c:\programdata\SPLBDA3.tmp

c:\programdata\SPLF13E.tmp

c:\programdata\Windows

c:\users\Alesha\Documents\~WRL0001.tmp

c:\users\Alesha\Documents\~WRL0002.tmp

c:\windows\security\Database\tmp.edb

c:\windows\System32\drivers\rqgguej.sys

D:\Autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_rqgguej

-------\Service_rqgguej

.

.

((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))

.

.

2011-08-07 15:40 . 2011-08-07 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-07 15:40 . 2011-08-07 15:40 -------- d-----w- c:\users\Alesha\AppData\Local\temp

2011-08-05 06:31 . 2011-07-20 13:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FFC025A-918C-4A99-BF46-D17715AAC738}\mpengine.dll

2011-08-01 06:55 . 2011-08-01 06:55 -------- d-----w- c:\users\Guest

2011-07-28 07:52 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-28 07:52 . 2011-07-28 07:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-28 07:52 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 07:32 . 2011-07-30 19:21 -------- d-----w- c:\users\turbo

2011-07-28 03:29 . 2011-07-28 03:29 -------- d-----w- c:\users\Alesha\AppData\Local\Windows Live Writer

2011-07-28 03:29 . 2011-07-28 03:29 -------- d-----w- c:\users\Alesha\AppData\Roaming\Windows Live Writer

2011-07-22 23:12 . 2011-07-22 23:12 -------- d-----w- c:\users\Alesha\AppData\Local\Western_Digital

2011-07-22 23:08 . 2011-07-22 23:08 -------- d-----w- c:\program files\Western Digital

2011-07-18 13:01 . 2011-07-30 18:10 -------- d-----w- c:\programdata\Western Digital

2011-07-18 12:46 . 2011-07-22 23:07 -------- d-----w- c:\users\Alesha\AppData\Local\Western Digital

2011-07-13 14:33 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 14:33 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 14:33 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 08:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-18 17:28 . 2011-05-18 03:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14 . 2009-12-18 07:15 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-11 02:52 . 2011-05-11 02:33 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-07-08 07:16 . 2011-08-03 06:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"SigmatelSysTrayApp"="sttray.exe" [2007-01-30 303104]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2007-04-03 21:13 638976 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 19:57 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-05 00:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 19:57 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 19:57 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-01-30 19:36 303104 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-05-10 15:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-11-17 22:58 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 135664]

R2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdlserv.exe [2007-05-29 99248]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 135664]

R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-23 691696]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110805.030\IDSvix86.sys [2011-08-02 367736]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe [2007-05-29 598960]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 22:07]

.

2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 22:07]

.

2010-04-27 c:\windows\Tasks\Install_NSS.job

- c:\program files\Vuze\nssstub.exe [2010-04-24 14:32]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6817

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\turbo\AppData\Roaming\Mozilla\Firefox\Profiles\gsd3b3lh.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe

SafeBoot-NetBIOS

SafeBoot-rqgguej

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1202844786\ee\AOLSoftware.exe

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe

MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe

MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe

AddRemove-Money2006b - c:\program files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe

AddRemove-SAS System Viewer V8.2 - c:\program files\SAS Institute\SAS System Viewer\SVUninst.isu

AddRemove-Vuze_Remote Toolbar - c:\progra~1\VUZE_R~1\UNINST~1.EXE

AddRemove-WT021682 - c:\program files\Gateway Games\FATE\Uninstall.exe

AddRemove-WT021888 - c:\program files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe

AddRemove-WT021890 - c:\program files\Gateway Games\Blackhawk Striker 2\Uninstall.exe

AddRemove-WT021892 - c:\program files\Gateway Games\Blasterball 3\Uninstall.exe

AddRemove-WT021896 - c:\program files\Gateway Games\Family Feud 2\Uninstall.exe

AddRemove-WT021900 - c:\program files\Gateway Games\Penguins!\Uninstall.exe

AddRemove-WT021902 - c:\program files\Gateway Games\Polar Bowler\Uninstall.exe

AddRemove-WT021904 - c:\program files\Gateway Games\Polar Golfer\Uninstall.exe

AddRemove-WT026969 - c:\program files\Gateway Games\Burger Island\Uninstall.exe

AddRemove-WT031121 - c:\program files\Gateway Games\Pizza Frenzy\Uninstall.exe

AddRemove-WT036693 - c:\program files\Gateway Games\Jane's Hotel\Uninstall.exe

AddRemove-WT038825 - c:\program files\Gateway Games\Alice Greenfingers\Uninstall.exe

AddRemove-WT039426 - c:\program files\Gateway Games\Coffee Rush\Uninstall.exe

AddRemove-WT044761 - c:\program files\Gateway Games\Cooking Academy\Uninstall.exe

AddRemove-WT044918 - c:\program files\Gateway Games\Belle's Beauty Boutique\Uninstall.exe

AddRemove-WT045732 - c:\program files\Gateway Games\Diner Dash\Uninstall.exe

AddRemove-WT045873 - c:\program files\Gateway Games\Drop em\Uninstall.exe

AddRemove-WT046752 - c:\program files\Gateway Games\Eye for Design\Uninstall.exe

AddRemove-WT046944 - c:\program files\Gateway Games\Jane's Hotel 2\Uninstall.exe

AddRemove-WT046962 - c:\program files\Gateway Games\Little Farm\Uninstall.exe

AddRemove-WT051086 - c:\program files\Gateway Games\Fashion Dash\Uninstall.exe

AddRemove-WT051508 - c:\program files\Gateway Games\Fitness Frenzy\Uninstall.exe

AddRemove-WT051534 - c:\program files\Gateway Games\First Class Flurry\Uninstall.exe

AddRemove-WT053219 - c:\program files\Gateway Games\Jane's Realty\Uninstall.exe

AddRemove-WT054590 - c:\program files\Gateway Games\Cake Mania 3\Uninstall.exe

AddRemove-WT054712 - c:\program files\Gateway Games\Cooking Dash\Uninstall.exe

AddRemove-WT056004 - c:\program files\Gateway Games\Burger Shop\Uninstall.exe

AddRemove-WT056018 - c:\program files\Gateway Games\Dream Day Wedding\Uninstall.exe

AddRemove-WT057301 - c:\program files\Gateway Games\Alice Greenfingers 2\Uninstall.exe

AddRemove-WT057325 - c:\program files\Gateway Games\Hospital Hustle\Uninstall.exe

AddRemove-WT057371 - c:\program files\Gateway Games\Dress Up Rush\Uninstall.exe

AddRemove-WT057381 - c:\program files\Gateway Games\Lavender's Botanicals\Uninstall.exe

AddRemove-WT057474 - c:\program files\Gateway Games\Restaurant Rush\Uninstall.exe

AddRemove-WT057948 - c:\program files\Gateway Games\Ashton's Family Resort\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-07 11:47

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1660)

c:\windows\system32\ieframe.dll

c:\windows\System32\SyncCenter.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\agrsmsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-08-07 12:04:58 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-07 16:04

.

Pre-Run: 8,075,059,200 bytes free

Post-Run: 8,108,810,240 bytes free

.

- - End Of File - - 1E0CB8CE478A215806488B86519D731D

here is dds 2nd scan:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by turbo at 13:15:31 on 2011-08-07

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1542 [GMT -4:00]

.

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\lxdlcoms.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\sttray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6817

uInternet Settings,ProxyOverride = <local>

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{32A02B64-2F9A-4ADC-8CF8-8B6CD1A69B75} : DhcpNameServer = 10.0.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\turbo\appdata\roaming\mozilla\firefox\profiles\gsd3b3lh.default\

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-10 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-10 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20110805.030\IDSvix86.sys [2011-8-5 367736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-10 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-10 331384]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]

R2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe -service --> c:\windows\system32\lxdlcoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-28 366640]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-10 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-28 22712]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 135664]

S2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdlserv.exe [2007-5-29 99248]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-6 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-10 135664]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-08-07 16:05:17 -------- d-----w- c:\users\turbo\appdata\local\temp

2011-08-07 15:45:00 -------- d-----w- C:\$RECYCLE.BIN

2011-08-07 15:19:23 98816 ----a-w- c:\windows\sed.exe

2011-08-07 15:19:23 518144 ----a-w- c:\windows\SWREG.exe

2011-08-07 15:19:23 256000 ----a-w- c:\windows\PEV.exe

2011-08-07 15:19:23 208896 ----a-w- c:\windows\MBR.exe

2011-08-06 02:53:55 -------- d-----w- c:\users\turbo\appdata\local\Electronic Arts

2011-08-05 06:31:10 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1ffc025a-918c-4a99-bf46-d17715aac738}\mpengine.dll

2011-08-03 06:27:01 -------- d-----w- c:\users\turbo\appdata\local\Mozilla

2011-07-30 15:00:27 -------- d-----w- c:\users\turbo\appdata\local\Adobe

2011-07-30 05:30:12 -------- d-----w- c:\users\turbo\appdata\local\CrashDumps

2011-07-29 15:41:28 -------- d-----w- c:\users\turbo\appdata\roaming\WildTangent

2011-07-28 07:52:33 -------- d-----w- c:\users\turbo\appdata\roaming\Malwarebytes

2011-07-28 07:52:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-28 07:52:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 07:52:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-28 07:33:34 -------- d-----w- c:\users\turbo\appdata\local\Google

2011-07-27 18:42:05 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-22 23:08:37 -------- d-----w- c:\program files\Western Digital

2011-07-18 13:01:33 -------- d-----w- c:\programdata\Western Digital

2011-07-13 14:33:49 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 14:33:46 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 14:33:46 375808 ----a-w- c:\windows\system32\winsrv.dll

.

==================== Find3M ====================

.

2011-06-18 17:28:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-11 02:52:11 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

.

============= FINISH: 13:15:59.60 ===============

Link to post
Share on other sites

And here is the local drive txt for combo fix scan

ComboFix 11-08-03.03 - turbo 08/07/2011 11:22:51.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1582 [GMT -4:00]

Running from: c:\users\turbo\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL5C36.tmp

c:\programdata\SPL6641.tmp

c:\programdata\SPL8256.tmp

c:\programdata\SPL8A0E.tmp

c:\programdata\SPL9701.tmp

c:\programdata\SPLB1FF.tmp

c:\programdata\SPLBDA3.tmp

c:\programdata\SPLF13E.tmp

c:\programdata\Windows

c:\users\Alesha\Documents\~WRL0001.tmp

c:\users\Alesha\Documents\~WRL0002.tmp

c:\windows\security\Database\tmp.edb

c:\windows\System32\drivers\rqgguej.sys

D:\Autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_rqgguej

-------\Service_rqgguej

.

.

((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))

.

.

2011-08-07 15:40 . 2011-08-07 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-07 15:40 . 2011-08-07 15:40 -------- d-----w- c:\users\Alesha\AppData\Local\temp

2011-08-05 06:31 . 2011-07-20 13:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FFC025A-918C-4A99-BF46-D17715AAC738}\mpengine.dll

2011-08-01 06:55 . 2011-08-01 06:55 -------- d-----w- c:\users\Guest

2011-07-28 07:52 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-28 07:52 . 2011-07-28 07:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-28 07:52 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 07:32 . 2011-07-30 19:21 -------- d-----w- c:\users\turbo

2011-07-28 03:29 . 2011-07-28 03:29 -------- d-----w- c:\users\Alesha\AppData\Local\Windows Live Writer

2011-07-28 03:29 . 2011-07-28 03:29 -------- d-----w- c:\users\Alesha\AppData\Roaming\Windows Live Writer

2011-07-22 23:12 . 2011-07-22 23:12 -------- d-----w- c:\users\Alesha\AppData\Local\Western_Digital

2011-07-22 23:08 . 2011-07-22 23:08 -------- d-----w- c:\program files\Western Digital

2011-07-18 13:01 . 2011-07-30 18:10 -------- d-----w- c:\programdata\Western Digital

2011-07-18 12:46 . 2011-07-22 23:07 -------- d-----w- c:\users\Alesha\AppData\Local\Western Digital

2011-07-13 14:33 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 14:33 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 14:33 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 08:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-18 17:28 . 2011-05-18 03:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14 . 2009-12-18 07:15 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-11 02:52 . 2011-05-11 02:33 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-07-08 07:16 . 2011-08-03 06:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"SigmatelSysTrayApp"="sttray.exe" [2007-01-30 303104]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

2007-04-03 21:13 638976 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 19:57 173592 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-05 00:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 19:57 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 19:57 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-01-30 19:36 303104 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-05-10 15:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2006-11-17 22:58 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 135664]

R2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdlserv.exe [2007-05-29 99248]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 135664]

R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-23 691696]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110805.030\IDSvix86.sys [2011-08-02 367736]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe [2007-05-29 598960]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 22:07]

.

2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 22:07]

.

2010-04-27 c:\windows\Tasks\Install_NSS.job

- c:\program files\Vuze\nssstub.exe [2010-04-24 14:32]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6817

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\turbo\AppData\Roaming\Mozilla\Firefox\Profiles\gsd3b3lh.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe

SafeBoot-NetBIOS

SafeBoot-rqgguej

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1202844786\ee\AOLSoftware.exe

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe

MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe

MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe

AddRemove-Money2006b - c:\program files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe

AddRemove-SAS System Viewer V8.2 - c:\program files\SAS Institute\SAS System Viewer\SVUninst.isu

AddRemove-Vuze_Remote Toolbar - c:\progra~1\VUZE_R~1\UNINST~1.EXE

AddRemove-WT021682 - c:\program files\Gateway Games\FATE\Uninstall.exe

AddRemove-WT021888 - c:\program files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe

AddRemove-WT021890 - c:\program files\Gateway Games\Blackhawk Striker 2\Uninstall.exe

AddRemove-WT021892 - c:\program files\Gateway Games\Blasterball 3\Uninstall.exe

AddRemove-WT021896 - c:\program files\Gateway Games\Family Feud 2\Uninstall.exe

AddRemove-WT021900 - c:\program files\Gateway Games\Penguins!\Uninstall.exe

AddRemove-WT021902 - c:\program files\Gateway Games\Polar Bowler\Uninstall.exe

AddRemove-WT021904 - c:\program files\Gateway Games\Polar Golfer\Uninstall.exe

AddRemove-WT026969 - c:\program files\Gateway Games\Burger Island\Uninstall.exe

AddRemove-WT031121 - c:\program files\Gateway Games\Pizza Frenzy\Uninstall.exe

AddRemove-WT036693 - c:\program files\Gateway Games\Jane's Hotel\Uninstall.exe

AddRemove-WT038825 - c:\program files\Gateway Games\Alice Greenfingers\Uninstall.exe

AddRemove-WT039426 - c:\program files\Gateway Games\Coffee Rush\Uninstall.exe

AddRemove-WT044761 - c:\program files\Gateway Games\Cooking Academy\Uninstall.exe

AddRemove-WT044918 - c:\program files\Gateway Games\Belle's Beauty Boutique\Uninstall.exe

AddRemove-WT045732 - c:\program files\Gateway Games\Diner Dash\Uninstall.exe

AddRemove-WT045873 - c:\program files\Gateway Games\Drop em\Uninstall.exe

AddRemove-WT046752 - c:\program files\Gateway Games\Eye for Design\Uninstall.exe

AddRemove-WT046944 - c:\program files\Gateway Games\Jane's Hotel 2\Uninstall.exe

AddRemove-WT046962 - c:\program files\Gateway Games\Little Farm\Uninstall.exe

AddRemove-WT051086 - c:\program files\Gateway Games\Fashion Dash\Uninstall.exe

AddRemove-WT051508 - c:\program files\Gateway Games\Fitness Frenzy\Uninstall.exe

AddRemove-WT051534 - c:\program files\Gateway Games\First Class Flurry\Uninstall.exe

AddRemove-WT053219 - c:\program files\Gateway Games\Jane's Realty\Uninstall.exe

AddRemove-WT054590 - c:\program files\Gateway Games\Cake Mania 3\Uninstall.exe

AddRemove-WT054712 - c:\program files\Gateway Games\Cooking Dash\Uninstall.exe

AddRemove-WT056004 - c:\program files\Gateway Games\Burger Shop\Uninstall.exe

AddRemove-WT056018 - c:\program files\Gateway Games\Dream Day Wedding\Uninstall.exe

AddRemove-WT057301 - c:\program files\Gateway Games\Alice Greenfingers 2\Uninstall.exe

AddRemove-WT057325 - c:\program files\Gateway Games\Hospital Hustle\Uninstall.exe

AddRemove-WT057371 - c:\program files\Gateway Games\Dress Up Rush\Uninstall.exe

AddRemove-WT057381 - c:\program files\Gateway Games\Lavender's Botanicals\Uninstall.exe

AddRemove-WT057474 - c:\program files\Gateway Games\Restaurant Rush\Uninstall.exe

AddRemove-WT057948 - c:\program files\Gateway Games\Ashton's Family Resort\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-07 11:47

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1660)

c:\windows\system32\ieframe.dll

c:\windows\System32\SyncCenter.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\agrsmsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-08-07 12:04:58 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-07 16:04

.

Pre-Run: 8,075,059,200 bytes free

Post-Run: 8,108,810,240 bytes free

.

- - End Of File - - 1E0CB8CE478A215806488B86519D731D

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

This is what i found:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

**************************

Dont know if this what your lookinf for. It found 3 threats called win32/injector.azu trojan, after 2 hrs of scan, before I fell asleep. Woke up and my computer apparently restarted itself after doing updates for windows that is.Dont know if it completed the scan.

Link to post
Share on other sites

I decided to do another scan to make sure. It said my last scan was 5hrs and 16secs

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

esets_scanner_update returned -1 esets_gle=12

esets_scanner_update returned -1 esets_gle=53251

Link to post
Share on other sites

My system says harddrive may fail. I am posting the log for the Security check, and shutting down.

Hope everything comes back up okay. Boy this is getting scary.

Results of screen317's Security Check version 0.99.18

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java SE Runtime Environment 6 Update 1

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Your hard drive may be failing. I would consider backing up your data and buying a new hard drive.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Java™ SE Runtime Environment 6 Update 1

Adobe Flash Player 10.2.159.1

Adobe Reader 8.0

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Click Start and type in cmd.exe; right-click cmd.exe and click Run as Admin...

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

Wait a few minutes, then open chkdsk.txt on your Desktop and post its contents here.

-screen317

Link to post
Share on other sites

Hi,

The computer repaired itself. :D Hooray for that! After it checked the memory, disk, and ran the repair, I don't get the "harddrive failure might happen in the future messages anymore"

I deleted some more unused stuff to do back up. I never realized how much stuff I had on my computer.

The local disk is back in "green" from deleting some of the files. Computer running fine.

Except one thing. I still cant log on the internet from my primary user account. Do you know what is wrong with this? My primary user accont is "Alesha" and the new one I created to ask for help is "turbo." I still cant fix explorer for this user account. Explorer has this blank white screen and won't do anything. :(

Here is chkdsk you asked for:

The type of the file system is NTFS.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent complete. (0 of 257728 file records processed)

0 percent complete. (9294 of 257728 file records processed)

0 percent complete. (10555 of 257728 file records processed)

0 percent complete. (16478 of 257728 file records processed)

1 percent complete. (25773 of 257728 file records processed)

1 percent complete. (36208 of 257728 file records processed)

2 percent complete. (51546 of 257728 file records processed)

2 percent complete. (72538 of 257728 file records processed)

3 percent complete. (77319 of 257728 file records processed)

3 percent complete. (91141 of 257728 file records processed)

4 percent complete. (103092 of 257728 file records processed)

4 percent complete. (122842 of 257728 file records processed)

5 percent complete. (128864 of 257728 file records processed)

6 percent complete. (154637 of 257728 file records processed)

7 percent complete. (180410 of 257728 file records processed)

8 percent complete. (206183 of 257728 file records processed)

9 percent complete. (231956 of 257728 file records processed)

257728 file records processed.

File verification completed.

1041 large file records processed.

0 bad file records processed.

0 EA records processed.

75 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...

11 percent complete. (8653 of 312644 index entries processed)

11 percent complete. (10195 of 312644 index entries processed)

11 percent complete. (13488 of 312644 index entries processed)

12 percent complete. (17677 of 312644 index entries processed)

13 percent complete. (26702 of 312644 index entries processed)

14 percent complete. (35726 of 312644 index entries processed)

15 percent complete. (44750 of 312644 index entries processed)

16 percent complete. (53775 of 312644 index entries processed)

17 percent complete. (62799 of 312644 index entries processed)

18 percent complete. (71823 of 312644 index entries processed)

19 percent complete. (80848 of 312644 index entries processed)

20 percent complete. (89872 of 312644 index entries processed)

21 percent complete. (98897 of 312644 index entries processed)

22 percent complete. (107921 of 312644 index entries processed)

23 percent complete. (116945 of 312644 index entries processed)

24 percent complete. (125970 of 312644 index entries processed)

25 percent complete. (134994 of 312644 index entries processed)

26 percent complete. (144018 of 312644 index entries processed)

27 percent complete. (153043 of 312644 index entries processed)

28 percent complete. (162067 of 312644 index entries processed)

29 percent complete. (171092 of 312644 index entries processed)

30 percent complete. (180116 of 312644 index entries processed)

31 percent complete. (189140 of 312644 index entries processed)

32 percent complete. (198165 of 312644 index entries processed)

33 percent complete. (207189 of 312644 index entries processed)

34 percent complete. (216213 of 312644 index entries processed)

35 percent complete. (225238 of 312644 index entries processed)

36 percent complete. (234262 of 312644 index entries processed)

37 percent complete. (243287 of 312644 index entries processed)

38 percent complete. (252311 of 312644 index entries processed)

38 percent complete. (257731 of 312644 index entries processed)

38 percent complete. (257739 of 312644 index entries processed)

38 percent complete. (257908 of 312644 index entries processed)

38 percent complete. (258108 of 312644 index entries processed)

38 percent complete. (258605 of 312644 index entries processed)

38 percent complete. (258822 of 312644 index entries processed)

38 percent complete. (258938 of 312644 index entries processed)

38 percent complete. (259012 of 312644 index entries processed)

38 percent complete. (259321 of 312644 index entries processed)

38 percent complete. (259380 of 312644 index entries processed)

38 percent complete. (259463 of 312644 index entries processed)

38 percent complete. (259631 of 312644 index entries processed)

38 percent complete. (259795 of 312644 index entries processed)

38 percent complete. (259796 of 312644 index entries processed)

38 percent complete. (259799 of 312644 index entries processed)

38 percent complete. (260220 of 312644 index entries processed)

38 percent complete. (260928 of 312644 index entries processed)

38 percent complete. (261114 of 312644 index entries processed)

39 percent complete. (261335 of 312644 index entries processed)

39 percent complete. (261922 of 312644 index entries processed)

39 percent complete. (262315 of 312644 index entries processed)

39 percent complete. (262497 of 312644 index entries processed)

39 percent complete. (262741 of 312644 index entries processed)

39 percent complete. (263020 of 312644 index entries processed)

39 percent complete. (263386 of 312644 index entries processed)

39 percent complete. (263705 of 312644 index entries processed)

39 percent complete. (263986 of 312644 index entries processed)

39 percent complete. (264287 of 312644 index entries processed)

39 percent complete. (264466 of 312644 index entries processed)

39 percent complete. (264546 of 312644 index entries processed)

39 percent complete. (264623 of 312644 index entries processed)

39 percent complete. (264761 of 312644 index entries processed)

39 percent complete. (264903 of 312644 index entries processed)

39 percent complete. (265040 of 312644 index entries processed)

39 percent complete. (265178 of 312644 index entries processed)

39 percent complete. (265339 of 312644 index entries processed)

39 percent complete. (265636 of 312644 index entries processed)

39 percent complete. (265726 of 312644 index entries processed)

39 percent complete. (265815 of 312644 index entries processed)

39 percent complete. (265942 of 312644 index entries processed)

39 percent complete. (266118 of 312644 index entries processed)

39 percent complete. (266283 of 312644 index entries processed)

39 percent complete. (266553 of 312644 index entries processed)

39 percent complete. (267011 of 312644 index entries processed)

39 percent complete. (267715 of 312644 index entries processed)

39 percent complete. (268363 of 312644 index entries processed)

39 percent complete. (268529 of 312644 index entries processed)

39 percent complete. (268777 of 312644 index entries processed)

39 percent complete. (268907 of 312644 index entries processed)

39 percent complete. (269047 of 312644 index entries processed)

39 percent complete. (269225 of 312644 index entries processed)

39 percent complete. (269459 of 312644 index entries processed)

39 percent complete. (269543 of 312644 index entries processed)

39 percent complete. (269655 of 312644 index entries processed)

39 percent complete. (269894 of 312644 index entries processed)

39 percent complete. (270060 of 312644 index entries processed)

39 percent complete. (270192 of 312644 index entries processed)

40 percent complete. (270360 of 312644 index entries processed)

40 percent complete. (270587 of 312644 index entries processed)

40 percent complete. (270708 of 312644 index entries processed)

40 percent complete. (270833 of 312644 index entries processed)

40 percent complete. (271009 of 312644 index entries processed)

40 percent complete. (271110 of 312644 index entries processed)

40 percent complete. (271252 of 312644 index entries processed)

40 percent complete. (271303 of 312644 index entries processed)

40 percent complete. (271360 of 312644 index entries processed)

40 percent complete. (271439 of 312644 index entries processed)

40 percent complete. (271615 of 312644 index entries processed)

40 percent complete. (271751 of 312644 index entries processed)

40 percent complete. (271865 of 312644 index entries processed)

40 percent complete. (271952 of 312644 index entries processed)

40 percent complete. (272008 of 312644 index entries processed)

40 percent complete. (272084 of 312644 index entries processed)

40 percent complete. (272246 of 312644 index entries processed)

40 percent complete. (272386 of 312644 index entries processed)

40 percent complete. (272547 of 312644 index entries processed)

40 percent complete. (272712 of 312644 index entries processed)

40 percent complete. (272996 of 312644 index entries processed)

40 percent complete. (273249 of 312644 index entries processed)

40 percent complete. (273425 of 312644 index entries processed)

40 percent complete. (273572 of 312644 index entries processed)

40 percent complete. (273735 of 312644 index entries processed)

40 percent complete. (273987 of 312644 index entries processed)

40 percent complete. (274239 of 312644 index entries processed)

40 percent complete. (274503 of 312644 index entries processed)

40 percent complete. (274670 of 312644 index entries processed)

40 percent complete. (274838 of 312644 index entries processed)

40 percent complete. (275053 of 312644 index entries processed)

40 percent complete. (275171 of 312644 index entries processed)

40 percent complete. (275240 of 312644 index entries processed)

40 percent complete. (275411 of 312644 index entries processed)

40 percent complete. (275628 of 312644 index entries processed)

40 percent complete. (275690 of 312644 index entries processed)

40 percent complete. (275967 of 312644 index entries processed)

40 percent complete. (276126 of 312644 index entries processed)

40 percent complete. (276266 of 312644 index entries processed)

40 percent complete. (276328 of 312644 index entries processed)

40 percent complete. (276495 of 312644 index entries processed)

40 percent complete. (276686 of 312644 index entries processed)

40 percent complete. (276824 of 312644 index entries processed)

40 percent complete. (277000 of 312644 index entries processed)

40 percent complete. (277224 of 312644 index entries processed)

40 percent complete. (277364 of 312644 index entries processed)

40 percent complete. (277547 of 312644 index entries processed)

40 percent complete. (277701 of 312644 index entries processed)

40 percent complete. (277862 of 312644 index entries processed)

40 percent complete. (278019 of 312644 index entries processed)

40 percent complete. (278154 of 312644 index entries processed)

40 percent complete. (278274 of 312644 index entries processed)

40 percent complete. (278530 of 312644 index entries processed)

40 percent complete. (278711 of 312644 index entries processed)

41 percent complete. (279384 of 312644 index entries processed)

41 percent complete. (279974 of 312644 index entries processed)

41 percent complete. (280133 of 312644 index entries processed)

41 percent complete. (280261 of 312644 index entries processed)

41 percent complete. (280410 of 312644 index entries processed)

41 percent complete. (280457 of 312644 index entries processed)

41 percent complete. (280546 of 312644 index entries processed)

41 percent complete. (280870 of 312644 index entries processed)

41 percent complete. (281062 of 312644 index entries processed)

41 percent complete. (281224 of 312644 index entries processed)

41 percent complete. (281372 of 312644 index entries processed)

41 percent complete. (281486 of 312644 index entries processed)

41 percent complete. (281775 of 312644 index entries processed)

41 percent complete. (281976 of 312644 index entries processed)

41 percent complete. (282280 of 312644 index entries processed)

41 percent complete. (282415 of 312644 index entries processed)

41 percent complete. (282601 of 312644 index entries processed)

41 percent complete. (282744 of 312644 index entries processed)

41 percent complete. (282920 of 312644 index entries processed)

41 percent complete. (283018 of 312644 index entries processed)

41 percent complete. (283211 of 312644 index entries processed)

41 percent complete. (283382 of 312644 index entries processed)

41 percent complete. (283780 of 312644 index entries processed)

41 percent complete. (284465 of 312644 index entries processed)

41 percent complete. (285072 of 312644 index entries processed)

312644 index entries processed.

Index verification completed.

0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...

44 percent complete. (0 of 257728 descriptors processed)

45 percent complete. (8512 of 257728 descriptors processed)

45 percent complete. (15743 of 257728 descriptors processed)

46 percent complete. (35585 of 257728 descriptors processed)

46 percent complete. (55275 of 257728 descriptors processed)

47 percent complete. (62658 of 257728 descriptors processed)

48 percent complete. (89731 of 257728 descriptors processed)

49 percent complete. (116804 of 257728 descriptors processed)

50 percent complete. (143877 of 257728 descriptors processed)

51 percent complete. (170951 of 257728 descriptors processed)

52 percent complete. (198024 of 257728 descriptors processed)

53 percent complete. (225097 of 257728 descriptors processed)

54 percent complete. (252170 of 257728 descriptors processed)

257728 security descriptors processed.

Security descriptor verification completed.

27459 data files processed.

CHKDSK is verifying Usn Journal...

99 percent complete. (0 of 36127272 USN bytes processed)

99 percent complete. (7315456 of 36127272 USN bytes processed)

99 percent complete. (15536128 of 36127272 USN bytes processed)

99 percent complete. (23810048 of 36127272 USN bytes processed)

99 percent complete. (32313344 of 36127272 USN bytes processed)

100 percent complete. (36126720 of 36127272 USN bytes processed)

36127272 USN bytes processed.

Usn Journal verification completed.

Windows has checked the file system and found no problems.

232902337 KB total disk space.

155986264 KB in 160332 files.

90752 KB in 27460 indexes.

0 KB in bad sectors.

381845 KB in use by the system.

65536 KB occupied by the log file.

76443476 KB available on disk.

4096 bytes in each allocation unit.

58225584 total allocation units on disk.

19110869 allocation units available on disk.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.