Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton, MBAM, and Spybot will not update/run; IE and Firefox won't connect to internet (but Chrome works)


  • This topic is locked This topic is locked
12 replies to this topic

#1 SMH1105

SMH1105

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 01 February 2012 - 08:30 PM

I am running a Lenovo T61 with Windows Vista Business. Yesterday evening, my Norton 360 notified me that it was no longer working due to a problem with LiveUpdate. Norton recommended I uninstall and reinstall the program, and try to update again. I did this three times, and all three times it rendered Norton inoperable when I tried to run LiveUpdate.

Then I tried to run MBAM, which showed me an error when I tried to update its definitions:

Spybot likewise fails to update.

Also, as of this evening, I cannot connect to the internet with IE, Firefox, or Skype, though Chrome is still working fine (for now, anyhow).

At first I thought I just had a glitch with my Norton, but with so many products failing, I'm worried it's actually a virus or malware program.

I don't know if it's relevant, but I wasn't able to download DDS from the link on BleepingComputer tonight. I had the program from the last set of computer problems I worked through on the forum, so I used that to create the log below. GMER downloaded fine and ran as well.

I'd appreciate any suggestions you can give me!

Thanks,
SMH1105



DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_30
Run by Stephanie at 20:00:32 on 2012-02-01
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3054.1469 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DDNI\SBITS\DDNIOEMService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Software Secure, Inc\SSIRuntimeService\SSIRuntimeService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\system32\WebUpdateSvc4.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Users\Stephanie\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nytimes.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\stephanie\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [DDNIUser] c:\program files\ddni\sbits\DDNIUSER.EXE
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SecureW2 Tray] c:\program files\securew2\sw2_tray.exe
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1321136171306
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E32377C9-18E1-434A-9975-F8554DF526B7} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stephanie\appdata\roaming\mozilla\firefox\profiles\rfnl8qrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\users\stephanie\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\stephanie\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\stephanie\appdata\roaming\mozilla\firefox\profiles\rfnl8qrg.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2010-12-31 220696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-1 744568]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120121.002\BHDrvx86.sys [2012-1-21 820344]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120131.002\IDSvix86.sys [2012-1-31 368248]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-18 13744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-1 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-2-1 331384]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 DDNIOEMService;DDNIOEMService;c:\program files\ddni\sbits\DDNIOEMService.exe [2007-9-28 162280]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-1 652360]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-2-1 130008]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2010-2-22 45312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-8 1153368]
R2 SSIRuntimeService;SSIRuntimeService;c:\program files\software secure, inc\ssiruntimeservice\SSIRuntimeService.exe [2011-11-7 40960]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-7-9 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-1-8 569344]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-5-18 229856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-1 20464]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
.
=============== Created Last 30 ================
.
2012-02-01 21:24:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 15:54:34 744568 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-02-01 15:54:34 516216 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-02-01 15:54:34 50168 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-02-01 15:54:34 340088 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-02-01 15:54:34 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-02-01 15:54:34 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-02-01 15:54:34 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-02-01 15:54:18 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-02-01 15:51:19 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-01 15:51:19 -------- d-----w- c:\program files\Symantec
2012-02-01 15:50:53 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2012-02-01 15:50:53 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2012-02-01 15:50:53 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2012-02-01 15:50:53 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2012-02-01 15:50:53 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2012-02-01 15:50:53 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2012-02-01 15:50:53 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2012-02-01 15:50:45 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2012-02-01 15:50:45 -------- d-----w- c:\windows\system32\drivers\N360
2012-02-01 15:50:43 -------- d-----w- c:\program files\Norton 360
2012-02-01 03:59:55 -------- d-----w- c:\users\stephanie\appdata\roaming\Tific
2012-01-10 21:20:34 -------- d-----w- c:\programdata\SSI
2012-01-10 21:16:20 -------- d-----w- c:\users\stephanie\appdata\local\SSI
2012-01-10 21:12:58 -------- d-----w- c:\users\stephanie\appdata\local\IsolatedStorage
2012-01-10 21:12:08 -------- d-----w- c:\programdata\SoftwareSecure
2012-01-10 21:11:27 -------- d-----w- c:\windows\system32\SSI
2012-01-10 21:04:25 50546 ----a-w- c:\windows\system32\wuwuninst.exe
2012-01-10 21:04:10 -------- d-----w- c:\program files\Software Secure, Inc
2012-01-10 21:03:39 -------- dc-h--w- c:\programdata\{E928FED7-BB7E-453E-A269-641B71F7AFE3}
2012-01-07 14:21:21 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-07 14:21:21 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 14:21:21 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-07 14:21:21 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2012-01-01 19:08:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-11 04:04:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:01:00.17 ===============





GMER Log:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 20:30:05
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.DC4L
Running: rupt87pd.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\uwliruog.sys


---- System - GMER 1.0.15 ----

SSDT 94701348 ZwAlertResumeThread
SSDT 93396A88 ZwAlertThread
SSDT 933EAFC0 ZwAllocateVirtualMemory
SSDT 9322DD20 ZwAlpcConnectPort
SSDT 933A3A88 ZwAssignProcessToJobObject
SSDT 933ECF58 ZwCreateMutant
SSDT 9339DBF0 ZwCreateSymbolicLinkObject
SSDT 94C80538 ZwCreateThread
SSDT 93CF1048 ZwDebugActiveProcess
SSDT 94C80280 ZwDuplicateObject
SSDT 933EADD8 ZwFreeVirtualMemory
SSDT 93CF1558 ZwImpersonateAnonymousToken
SSDT 93398D18 ZwImpersonateThread
SSDT 9335EE38 ZwLoadDriver
SSDT 933EAC88 ZwMapViewOfSection
SSDT 933ECE98 ZwOpenEvent
SSDT 94C80420 ZwOpenProcess
SSDT 94C801C0 ZwOpenProcessToken
SSDT 93396EB0 ZwOpenSection
SSDT 94C80350 ZwOpenThread
SSDT 9339DDE0 ZwProtectVirtualMemory
SSDT 93396B68 ZwResumeThread
SSDT 94DCD1A8 ZwSetContextThread
SSDT 94DCD4B8 ZwSetInformationProcess
SSDT 93396D68 ZwSetSystemInformation
SSDT 93396F90 ZwSuspendProcess
SSDT 93396C70 ZwSuspendThread
SSDT 947831A0 ZwTerminateProcess
SSDT 93CF13E0 ZwTerminateThread
SSDT 933EAB80 ZwUnmapViewOfSection
SSDT 933EAEF0 ZwWriteVirtualMemory
SSDT 9339DCE0 ZwCreateThreadEx

INT 0x61 ? 91E5C7D0
INT 0x71 ? 91E5CA50
INT 0x82 ? 91E10A50
INT 0xA2 ? 91E10CD0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820F98A0 8 Bytes [48, 13, 70, 94, 88, 6A, 39, ...] {DEC EAX; ADC ESI, [EAX-0x6c]; MOV [EDX+0x39], CH; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 131 820F98B4 4 Bytes [C0, AF, 3E, 93]
.text ntkrnlpa.exe!KeSetEvent + 13D 820F98C0 4 Bytes [20, DD, 22, 93]
.text ntkrnlpa.exe!KeSetEvent + 191 820F9914 4 Bytes [88, 3A, 3A, 93]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820F9978 4 Bytes [58, CF, 3E, 93]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F200340, 0x3481F7, 0xE8000020]
? C:\Users\STEPHA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtCreateFile + 6 77B1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtCreateFile + B 77B1422F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtMapViewOfSection + 6 77B1497A 1 Byte [28]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtMapViewOfSection + 6 77B1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtMapViewOfSection + B 77B1497F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenFile + 6 77B14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenFile + B 77B14A0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcess + 6 77B14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcess + B 77B14A8F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcessToken + 6 77B14A9A 4 Bytes CALL 76B150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcessToken + B 77B14A9F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcessTokenEx + 6 77B14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenProcessTokenEx + B 77B14AAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThread + 6 77B14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThread + B 77B14AFF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThreadToken + 6 77B14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThreadToken + B 77B14B0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B1A 4 Bytes CALL 76B15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtOpenThreadTokenEx + B 77B14B1F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtQueryAttributesFile + 6 77B14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtQueryAttributesFile + B 77B14BAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C5A 4 Bytes CALL 76B1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtQueryFullAttributesFile + B 77B14C5F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationFile + 6 77B1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationFile + B 77B1513F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationThread + 6 77B1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtSetInformationThread + B 77B1518F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 1 Byte [68]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[2276] ntdll.dll!NtUnmapViewOfSection + B 77B1542F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + 6 77B1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + B 77B1422F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + 6 77B1497A 1 Byte [28]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + 6 77B1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + B 77B1497F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + 6 77B14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + B 77B14A0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + 6 77B14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + B 77B14A8F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessToken + 6 77B14A9A 4 Bytes CALL 76B150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessToken + B 77B14A9F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + 6 77B14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + B 77B14AAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + 6 77B14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + B 77B14AFF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + 6 77B14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + B 77B14B0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B1A 4 Bytes CALL 76B15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadTokenEx + B 77B14B1F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + 6 77B14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + B 77B14BAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C5A 4 Bytes CALL 76B1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryFullAttributesFile + B 77B14C5F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + 6 77B1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + B 77B1513F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + 6 77B1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + B 77B1518F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 1 Byte [68]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + B 77B1542F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtCreateFile + 6 77B1422A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtCreateFile + B 77B1422F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtMapViewOfSection + 6 77B1497A 1 Byte [28]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtMapViewOfSection + 6 77B1497A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtMapViewOfSection + B 77B1497F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenFile + 6 77B14A0A 4 Bytes [68, 00, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenFile + B 77B14A0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcess + 6 77B14A8A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcess + B 77B14A8F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcessToken + 6 77B14A9A 4 Bytes CALL 76B160A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcessToken + B 77B14A9F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcessTokenEx + 6 77B14AAA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenProcessTokenEx + B 77B14AAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThread + 6 77B14AFA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThread + B 77B14AFF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThreadToken + 6 77B14B0A 4 Bytes [68, 02, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThreadToken + B 77B14B0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B1A 4 Bytes CALL 76B16121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtOpenThreadTokenEx + B 77B14B1F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtQueryAttributesFile + 6 77B14BAA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtQueryAttributesFile + B 77B14BAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C5A 4 Bytes CALL 76B1625F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtQueryFullAttributesFile + B 77B14C5F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationFile + 6 77B1513A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationFile + B 77B1513F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationThread + 6 77B1518A 4 Bytes [28, 02, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtSetInformationThread + B 77B1518F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 1 Byte [68]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5260] ntdll.dll!NtUnmapViewOfSection + B 77B1542F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtCreateFile + 6 77B1422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtCreateFile + B 77B1422F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtMapViewOfSection + 6 77B1497A 1 Byte [28]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtMapViewOfSection + 6 77B1497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtMapViewOfSection + B 77B1497F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenFile + 6 77B14A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenFile + B 77B14A0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcess + 6 77B14A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcess + B 77B14A8F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcessToken + 6 77B14A9A 4 Bytes CALL 76B150A0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcessToken + B 77B14A9F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcessTokenEx + 6 77B14AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenProcessTokenEx + B 77B14AAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThread + 6 77B14AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThread + B 77B14AFF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThreadToken + 6 77B14B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThreadToken + B 77B14B0F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B1A 4 Bytes CALL 76B15121 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtOpenThreadTokenEx + B 77B14B1F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtQueryAttributesFile + 6 77B14BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtQueryAttributesFile + B 77B14BAF 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C5A 4 Bytes CALL 76B1525F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtQueryFullAttributesFile + B 77B14C5F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationFile + 6 77B1513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationFile + B 77B1513F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationThread + 6 77B1518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtSetInformationThread + B 77B1518F 1 Byte [E2]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 1 Byte [68]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtUnmapViewOfSection + 6 77B1542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Stephanie\AppData\Local\Google\Chrome\Application\chrome.exe[5740] ntdll.dll!NtUnmapViewOfSection + B 77B1542F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\0000009b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000009d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1bf2982
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1bf2982 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 138583 bytes
File C:\RRbackups\common\rr_bcdenum.dat 3600 bytes
File C:\RRbackups\common\SAM 65536 bytes
File C:\RRbackups\common\secpolicy.dat 20480 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 19760 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-500\a077ead69703e3bf1fd373a3c9376faa_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 77 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-500\34a9403c-c47f-401f-8c1d-ccff9b77fa5d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\0f4a06ac45760e2a113ce2c89d061421_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 50 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\43e3a4a9826996aba5d7727553958fbf_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 1279 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\4bd07e1ba952c6aa9bf83a8d98c08949_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 54 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\62a45886e06c7d046ea8b819bec0598a_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 45 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\6b29ae44e85efac3c72ff4d1865d73f1_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 53 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\83aa4cc77f591dfc2374580bbd95f6ba_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 45 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\8f71098770f72c7a67cd8f1151619865_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 54 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2778030746-2450422359-1441867339-1002\a077ead69703e3bf1fd373a3c9376faa_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 77 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-1002 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-1002\543811cf-acce-490e-a0dc-ea6ed0f0237a 388 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-1002\8b008a24-31bb-45ed-a6ef-44a14713527a 388 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-1002\c69f0c35-3fe6-44dd-9c95-47f79aa14eb7 388 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-1002\d65419bf-8a59-4408-af90-c6492fcede8d 388 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-1002\ea3b1385-2ef6-4d9b-b40f-2abe6774133e 388 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-2778030746-2450422359-1441867339-1002\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\9E56BEC031C0C4E949642B3F32F5ADF539EEA549 824 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\Request 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\Request\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\Request\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Stephanie\AppData\Roaming\Microsoft\SystemCertificates\Request\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Lenovo 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\ProgramData\Lenovo\Client Security Solution\hwkeys.dat 2124 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 52 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\3a679951e6f2eb81b341c95e9ffe4a25_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\62a45886e06c7d046ea8b819bec0598a_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 45 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6b29ae44e85efac3c72ff4d1865d73f1_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 53 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 47 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\83aa4cc77f591dfc2374580bbd95f6ba_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 45 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_835c08e0-aa63-458a-8dc8-95ceb5ece3cb 893 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:05 PM

Posted 05 February 2012 - 11:07 AM

Hello, my name is Elise and I'll assist you with this issue.

Can you please rerun DDS and post me attach.txt (no need for dds.txt)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 SMH1105

SMH1105
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 05 February 2012 - 04:13 PM

Hi, Elise,

Thanks for your help!

Here is the DDS Attach Log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 12/31/2010 2:13:15 AM
System Uptime: 2/5/2012 6:14:36 AM (10 hours ago)
.
Motherboard: LENOVO | | 6459CTO
Processor: Intel® Core™2 Duo CPU T9300 @ 2.50GHz | None | 2501/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 180 GiB total, 74.703 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel
.
==== System Restore Points ===================
.
RP253: 1/10/2012 4:24:56 PM - Installed SofTest Bar Edition
RP254: 1/24/2012 6:39:01 PM - Scheduled Checkpoint
RP255: 1/25/2012 6:04:08 PM - Scheduled Checkpoint
RP256: 1/31/2012 9:25:55 PM - Scheduled Checkpoint
RP257: 2/4/2012 8:00:25 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Access Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
Bonjour
Client Security Solution
Diskeeper Home
Drag-to-Disc
ESET Online Scanner v3
Google Chrome
Help Center
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P1000 series
HPCarePackCore
HPCarePackProducts
HPSSupply
Integrated Camera
Intel® PRO Network Connections Drivers
Intel® Turbo Memory and Intel® Matrix Storage Manager
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java™ 6 Update 30
Lenovo Registration
Lenovo System Interface Driver
Maintenance Manager
Malwarebytes Anti-Malware version 1.60.1.1000
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 9.0.1 (x86 en-US)
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Center For Think Offerings
Norton 360
Norton Bootable Recovery Tool Wizard
NTI Backup Now EZ
NVIDIA Drivers
On Screen Display
PC-Doctor 5 for Windows
Picasa 3
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
SBITS
SecureW2 Enterprise Client 3.5.0
Securexam Student
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
SofTest Bar Edition
Sonic Icons for Lenovo
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Tweaking.com - Windows Repair (All in One)
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
VanDyke Software SecureCRT 6.5
Vidyo Desktop 2.1
Wallpapers
Web Update Wizard (Redistributable) 4.0
Windows Automatic Update Service (WAUS)
Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
Windows Live Toolbar
Windows Movie Maker 2.6
.
==== Event Viewer Messages From Past Week ========
.
2/5/2012 6:52:28 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.
2/5/2012 6:19:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
2/5/2012 6:18:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
2/5/2012 6:15:10 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/5/2012 4:08:56 PM, Error: TPM [13] - The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
2/5/2012 4:08:56 PM, Error: Microsoft-Windows-TBS [516] - An error occurred while communicating with the TPM. The driver returned 0x8007045d.
2/4/2012 2:29:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CscService service.
2/4/2012 2:29:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
2/3/2012 8:59:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00215C022D4B has been denied by the DHCP server 128.91.3.9 (The DHCP Server sent a DHCPNACK message).
2/2/2012 7:54:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
2/2/2012 7:53:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
2/1/2012 8:52:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
2/1/2012 8:52:18 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2012 8:49:41 AM, Error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).
2/1/2012 8:36:15 AM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/1/2012 3:59:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 165.123.8.134 for the Network Card with network address 00215C022D4B has been denied by the DHCP server 128.91.3.9 (The DHCP Server sent a DHCPNACK message).
2/1/2012 11:03:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/1/2012 10:47:47 AM, Error: EventLog [6008] - The previous system shutdown at 10:46:02 AM on 2/1/2012 was unexpected.
1/30/2012 9:46:05 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 128.91.84.49 for the Network Card with network address 00215C022D4B has been denied by the DHCP server 128.91.3.9 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:05 PM

Posted 06 February 2012 - 02:34 AM

Please click start > all programs > Accessories, right click on Command prompt and select "run as administrator".

Type chkdsk /r and press enter.

When asked to schedule the scan for next reboot, type Y and press enter.

Now restart your computer and let the disk check run unhindered. Note, this may take a long time.
When finished, let me know if things have improved.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 SMH1105

SMH1105
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 06 February 2012 - 08:35 AM

Hmm. I did this, but nothing has changed on reboot. (I tried Firefox and MBAM as a test; both are still disabled as I described above.)

Also, chkdsk ran the last time I started my computer this morning, so when I tried to run it this time, not much happened. What do we do next?

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:05 PM

Posted 06 February 2012 - 09:05 AM

If checkdisk runs automatically, it doesn't do a more complete scan. The /r switch we used should do that. That test can easily take half an hour. How long did it take in your case?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 SMH1105

SMH1105
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 February 2012 - 08:56 AM

Okay, I got my computer to do a more complete scan, but the chkdsk froze (for more than an hour) at the final stage. My screen said:

CHKDSK is verifying free space (stage 5 of 5).
35 percent complete. (4801498 of 19245173)

So, I forced shut down and tried again. Same result. ???

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:05 PM

Posted 07 February 2012 - 09:33 AM

In that case it is a real possibility that your drive is going bad. Before anything I would back up important data to an external device (DVD, external HD, flash drive).

You can run a diagnostic tool for your HD to confirm this. Do you know what manufacturer the disk is from (Seagate, Western Digital...).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 SMH1105

SMH1105
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 February 2012 - 09:46 AM

Ack. That is a shame! I don't know who manufactures the drive -- the computer is a Lenovo. Is there a way I can check? I'll do a back-up on my files shortly.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:05 PM

Posted 07 February 2012 - 11:08 AM

If you have the original documentation it might be in there. You can however see it in device manager as well. Press Windows key + R, type devmgmt.msc and press enter. Look under Disk Drives and let me know what it says there.

If you still have warranty on the computer you could try to get a replacement that way.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 SMH1105

SMH1105
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 February 2012 - 11:29 AM

Okay. Under disk drives, it says:

- Hitachi HTS722020K9SA00
- IMD-0

So I have a Hitachi hard drive? I do not have it under warranty, unfortunately.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:05 PM

Posted 07 February 2012 - 12:06 PM

You can try to download and run the Drive Fitness Test from here: http://www.hitachigst.com/support/downloads/

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,981 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:05 PM

Posted 25 February 2012 - 11:44 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users