Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

eztracks.aavalue URL Requesting further assistance


  • This topic is locked This topic is locked
2 replies to this topic

#1 Annerire Colomba

Annerire Colomba

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:10:27 AM

Posted 26 August 2010 - 04:14 PM

now I have a new URL that has the words "free games".

Is there a program that will get rid of this whatever it is
paid or not without having to bring the laptop back to
factory defaults?

I am not sure if is the java, and/or the ram/virtual memory
but now something is hanging when I am playing stuff like
yahtzee on pogo.

I just need you guys opinion about some program I can use
to completely remove whatever in hell this is. Freeware or not
but free to scan and clean would be very appreciated.

or

Should I just run the "restore", and bring it back to the way it
was when I took it out of the box the day I bought it.

***** Below is the current log from the hijackthis *****

Logfile of random's system information tool 1.08 (written by random/random)
Run by Annerire Colomba at 2010-08-26 17:11:28
Microsoft Windows 7 Home Premium
System drive C: has 107 GB (77%) free of 140 GB
Total RAM: 2812 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:11:35 PM, on 8/26/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Annerire Colomba\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Annerire Colomba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...44z1j5r44l2393s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...44z1j5r44l2393s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...44z1j5r44l2393s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7782 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-02-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL [2010-02-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-02-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-30 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DW6"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-08-24 23:43:22 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2010-08-17 20:55:38 ----D---- C:\Font Files
2010-08-13 22:49:22 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\Skype
2010-08-13 18:47:07 ----D---- C:\Program Files (x86)\Common Files\Java
2010-08-13 18:46:48 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-08-13 18:46:47 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-08-13 18:46:47 ----A---- C:\Windows\SysWOW64\java.exe
2010-08-12 13:16:23 ----D---- C:\Program Files (x86)\trend micro
2010-08-12 13:16:22 ----D---- C:\rsit
2010-08-11 18:22:42 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-08-11 18:22:36 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-08-11 18:22:36 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-08-11 18:22:24 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-11 18:22:23 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-11 18:22:22 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-11 18:22:22 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-11 18:22:22 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-11 18:22:22 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-11 18:22:22 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-11 18:22:22 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-11 18:22:22 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-11 18:22:21 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-11 18:22:21 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-11 18:22:18 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-11 18:22:16 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-11 18:22:12 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-11 04:48:02 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\acccore
2010-08-11 04:47:56 ----D---- C:\ProgramData\AIM
2010-08-11 04:47:45 ----D---- C:\Program Files (x86)\AIM
2010-08-11 04:47:42 ----D---- C:\Program Files (x86)\Common Files\Software Update Utility
2010-08-11 04:47:38 ----D---- C:\Program Files (x86)\Common Files\AOL
2010-08-05 14:56:44 ----RD---- C:\Program Files (x86)\Skype
2010-08-05 14:56:39 ----D---- C:\ProgramData\Skype
2010-08-02 16:45:07 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-07-29 09:38:23 ----SHD---- C:\$RECYCLE.BIN
2010-07-22 00:40:53 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\Vivox
2010-07-15 02:55:23 ----D---- C:\Windows\Pixart
2010-07-15 02:55:23 ----D---- C:\Program Files (x86)\VGA USB Camera
2010-07-15 02:55:23 ----A---- C:\Windows\SysWOW64\SP7302.INI
2010-07-15 02:54:23 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\InstallShield
2010-07-10 21:13:47 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\Systweak
2010-07-10 21:13:47 ----D---- C:\ProgramData\Systweak
2010-07-10 21:13:36 ----D---- C:\Program Files (x86)\Systweak
2010-07-09 21:41:58 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\Trillian
2010-07-09 21:41:12 ----D---- C:\Program Files (x86)\Trillian
2010-07-08 00:47:06 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\OpenOffice.org
2010-07-06 20:06:45 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\Research In Motion
2010-07-06 20:05:21 ----D---- C:\ProgramData\Research In Motion
2010-07-06 20:05:19 ----D---- C:\Program Files (x86)\Common Files\Roxio Shared
2010-07-06 20:05:13 ----D---- C:\Program Files (x86)\Research In Motion
2010-07-06 20:05:13 ----D---- C:\Program Files (x86)\Common Files\Research In Motion
2010-07-06 19:01:28 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\Thunderbird
2010-07-06 19:00:56 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2010-06-25 20:18:20 ----D---- C:\537e1d2659a9955b4a15ca22
2010-06-25 20:17:28 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-06-25 20:17:28 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-06-25 20:17:28 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-06-25 20:17:28 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-06-25 20:17:28 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-06-25 19:52:31 ----A---- C:\Windows\SysWOW64\ntdll.dll
2010-06-25 19:52:27 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-06-11 16:50:21 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-06-11 16:48:39 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-06-11 16:48:39 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-06-11 16:45:36 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2010-06-11 16:45:12 ----D---- C:\Program Files (x86)\Java
2010-06-01 19:38:57 ----D---- C:\Data Lifeguard NT
2010-06-01 19:09:50 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\WinRAR
2010-05-31 14:24:32 ----D---- C:\Program Files (x86)\The Weather Channel FW

======List of files/folders modified in the last 3 months======

2010-08-26 17:11:35 ----D---- C:\Windows\Prefetch
2010-08-26 16:54:40 ----SHD---- C:\Windows\Installer
2010-08-26 16:32:32 ----D---- C:\Windows\Temp
2010-08-26 16:31:03 ----SHD---- C:\System Volume Information
2010-08-26 15:02:12 ----D---- C:\Windows\System32
2010-08-26 15:02:12 ----D---- C:\Windows\inf
2010-08-26 14:57:50 ----D---- C:\Windows
2010-08-25 03:19:11 ----D---- C:\Program Files (x86)
2010-08-25 03:18:09 ----D---- C:\Windows\SysWOW64
2010-08-25 03:03:38 ----D---- C:\Windows\winsxs
2010-08-25 03:01:03 ----D---- C:\Windows\AppPatch
2010-08-23 20:31:29 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\IMVU
2010-08-13 18:47:07 ----D---- C:\Program Files (x86)\Common Files
2010-08-12 13:31:20 ----SD---- C:\Users\Annerire Colomba\AppData\Roaming\Microsoft
2010-08-12 03:23:47 ----D---- C:\Windows\debug
2010-08-12 02:27:02 ----A---- C:\Windows\wininit.ini
2010-08-12 02:13:15 ----D---- C:\Windows\SysWOW64\migration
2010-08-12 02:13:15 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-11 21:11:50 ----D---- C:\Program Files (x86)\Microsoft Works
2010-08-11 21:10:08 ----D---- C:\ProgramData\Microsoft Help
2010-08-11 04:47:56 ----HD---- C:\ProgramData
2010-08-01 00:25:58 ----D---- C:\Program Files (x86)\CCleaner
2010-07-29 00:41:48 ----SD---- C:\ProgramData\Microsoft
2010-07-28 14:31:26 ----SHD---- C:\Recycle Bin
2010-07-23 23:03:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-07-19 23:15:15 ----D---- C:\Users\Annerire Colomba\AppData\Roaming\IMVUClient
2010-07-15 02:59:52 ----A---- C:\Windows\win.ini
2010-07-15 02:59:25 ----D---- C:\Windows\twain_32
2010-07-15 02:55:22 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-14 21:34:24 ----RSD---- C:\Windows\assembly
2010-07-08 00:43:51 ----RSD---- C:\Windows\Fonts
2010-07-08 00:37:34 ----D---- C:\Windows\Resources
2010-07-06 15:44:01 ----D---- C:\ProgramData\Adobe
2010-07-05 15:47:13 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-07-05 15:46:48 ----D---- C:\Windows\SysWOW64\en-US
2010-07-05 15:46:48 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-05 15:46:47 ----D---- C:\Windows\Microsoft.NET
2010-06-25 20:17:08 ----D---- C:\Windows\ehome
2010-06-01 19:08:22 ----D---- C:\Program Files
2010-05-30 22:48:24 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS []
R1 BHDrvx64;Symantec Heuristics Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys []
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-05-28 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100825.001\IDSvia64.sys [2010-05-28 463408]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 132656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys []
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.002\ENG64.SYS [2010-07-13 117808]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100826.002\EX64.SYS [2010-07-13 1791536]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS []
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
S3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 ePowerSvc;Acer ePower Service; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]
R2 N360;Norton Security Suite; C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-02-22 117640]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

Taking people at face value is way too expensive.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:27 PM

Posted 02 September 2010 - 02:22 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:27 PM

Posted 06 September 2010 - 06:27 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users