Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with zeroaccess.b


  • This topic is locked This topic is locked
53 replies to this topic

#1 rfilippo

rfilippo

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 11 February 2012 - 01:57 PM

I was attempting to load printer software when I received and error saying that Windows firewall was preventing the installation. In services, windows firewall is set to automatic but it is listed as "stopped." When I click "start" a window pops up but disappears before I get to see what it says. Another window pops up that says "Windows could not start the Windows Firewall Service on Local Computer. Error code: 1068 The dependency or group failed to start."

I have tried so many things that I am not even sure anymore what I have tried. One troubling symptom is that the computer makes random noises/sounds like chirping.

Here is the DDS info:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by natalie at 9:16:02 on 2012-02-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.640 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\system32\msiexec.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Syswow64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Syswow64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Syswow64\ping.exe
C:\windows\system32\conhost.exe
C:\Users\natalie\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\Syswow64\ping.exe
C:\windows\system32\conhost.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\windows\Syswow64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\Syswow64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe
C:\Program Files (x86)\WebcamMax\wcmmon.exe
C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {a94cd80f-57b5-4acc-81c5-7a992808ffe1} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {a94cd80f-57b5-4acc-81c5-7a992808ffe1} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\natalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{32381F1F-3DFE-46F0-9FA6-FF78CCB3B8CD} : DhcpNameServer = 10.5.1.9
TCP: Interfaces\{5EE554EB-FBE3-4E1C-8F11-30359FD907CC} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5EE554EB-FBE3-4E1C-8F11-30359FD907CC}\05F607C616270234275656B602C4962627162797 : DhcpNameServer = 206.166.17.20 206.166.83.20
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO-X64: DVDVideoSoftTB - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {a94cd80f-57b5-4acc-81c5-7a992808ffe1} - No File
BHO-X64: Pando Toolbar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Norton Safety Minder BHO: {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll
BHO-X64: Norton Safety Minder BHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {a94cd80f-57b5-4acc-81c5-7a992808ffe1} - No File
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\Profiles\rgkzksuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=08FD6CC7-CCA6-49AD-8CB5-DC5A382921A8&apn_ptnrs=FM&apn_sauid=6A36C680-5DA3-4091-A1EB-1D956CCE5B32&apn_dtid=TES002YYUS&&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.26\coFFFw\components\coFFFw.dll
FF - component: C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\Profiles\rgkzksuv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\Profiles\rgkzksuv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\Profiles\rgkzksuv.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: C:\Users\natalie\AppData\Roaming\Mozilla\Firefox\Profiles\rgkzksuv.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\natalie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-7 1157240]
R1 ccSet_NOF;Norton Online Settings Manager;C:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys --> C:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-10 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-9 130008]
R2 NOF;Norton Online;C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccsvchst.exe [2012-2-8 138248]
R2 WCMVCAM;WebcamMax, WDM Video Capture;C:\windows\system32\DRIVERS\wcmvcam64.sys --> C:\windows\system32\DRIVERS\wcmvcam64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-9 138360]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-23 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;C:\windows\system32\Drivers\NSMx64\0203000.011\SymRdrS.SYS --> C:\windows\system32\Drivers\NSMx64\0203000.011\SymRdrS.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-11 14:49:39 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64\0401000.00F
2012-02-11 14:49:39 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64
2012-02-11 14:49:32 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-02-10 18:46:01 -------- d-----w- C:\Users\natalie\AppData\Local\NPE
2012-02-09 19:53:07 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-09 19:52:53 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E4A3B22-CEEE-4D8F-9C75-036B0C048766}\mpengine.dll
2012-02-09 12:32:32 912504 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-02-09 12:32:32 744568 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-02-09 12:32:32 450680 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-02-09 12:32:32 40568 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-02-09 12:32:32 386168 ----a-w- C:\windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-02-09 12:32:32 171128 ----a-r- C:\windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-02-09 12:31:45 -------- d-----w- C:\windows\System32\drivers\N360x64\0502000.00D
2012-02-09 02:26:26 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-02-09 02:26:23 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-02-08 23:26:53 238712 ----a-w- C:\windows\System32\drivers\NSMx64\0203000.011\symrdr.sys
2012-02-08 23:26:53 218232 ----a-w- C:\windows\System32\drivers\NSMx64\0203000.011\symrdrs.sys
2012-02-08 23:26:52 -------- d-----w- C:\windows\System32\drivers\NSMx64\0203000.011
2012-02-08 23:26:47 167048 ----a-w- C:\windows\System32\drivers\NOFx64\0203000.007\ccsetx64.sys
2012-02-08 23:26:45 -------- d-----w- C:\windows\System32\drivers\NOFx64\0203000.007
2012-02-08 22:48:08 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-02-08 22:48:08 1328640 ----a-w- C:\windows\SysWow64\quartz.dll
2012-02-08 22:48:07 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-02-08 22:48:07 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-02-08 22:47:31 1739160 ----a-w- C:\windows\System32\ntdll.dll
2012-02-08 22:47:30 1292592 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-02-08 22:47:16 77312 ----a-w- C:\windows\System32\packager.dll
2012-02-08 22:47:16 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-02-08 22:19:13 -------- d-----w- C:\windows\System32\MpEngineStore
2012-02-08 01:54:12 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-02-06 22:15:33 -------- d-----w- C:\Program Files\HP
2012-01-31 21:39:58 -------- d-----w- C:\N360_BACKUP
2012-01-31 17:14:17 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-01-31 17:14:16 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2012-01-31 17:14:16 818136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-01-31 17:14:16 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-31 17:14:16 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-31 17:14:16 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-31 17:14:16 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-31 17:14:16 437208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2012-01-31 17:14:16 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-01-31 17:14:16 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-01-31 17:14:16 1911768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-01-31 17:14:16 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2012-01-31 16:01:15 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-01-31 16:00:37 -------- d-----w- C:\Program Files\Symantec
2012-01-31 15:53:28 -------- d-----w- C:\ProgramData\PCSettings
2012-01-31 15:17:51 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 03:28:19 -------- d-----w- C:\Users\natalie\AppData\Roaming\Systweak
2012-01-31 03:28:07 -------- d-----w- C:\Program Files (x86)\RegClean Pro
2012-01-31 03:12:29 -------- d-----w- C:\Users\natalie\AppData\Local\ID Vault
2012-01-31 03:12:29 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-01-31 03:09:05 -------- d-----w- C:\Users\natalie\AppData\Roaming\ID Vault
2012-01-31 03:07:37 -------- d-----w- C:\ProgramData\GID
2012-01-31 03:07:33 -------- d-----w- C:\Program Files (x86)\SFT
2012-01-31 02:48:18 -------- d-----w- C:\Program Files (x86)\xfin_portal
2012-01-31 02:47:46 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-01-31 02:47:12 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-01-28 21:48:57 -------- d-----w- C:\Users\natalie\AppData\Roaming\TP
2012-01-28 19:04:05 -------- d-----w- C:\5680563e26ee9f437cc36efb5b4409
.
==================== Find3M ====================
.
2012-02-09 02:54:59 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-29 11:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe
2011-11-24 05:00:47 3141632 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 9:17:29.92 ===============

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 February 2012 - 10:08 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 rfilippo

rfilippo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 February 2012 - 11:35 AM

Thank you for your help. I downloaded combofix but it didn't give me the option of where to save it. After it downloaded I checked and it went directly to downloads. I didn't want to move it or do anything until I checked with you guys.

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 February 2012 - 11:55 AM

It will run from anywhere, but if we need to run a script later if will be easier from your desktop. You can right click on the ComboFix icon in your downloads folder, select "Cut" then right click on your desktop and select "Paste" to move it.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 rfilippo

rfilippo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 February 2012 - 01:24 PM

everything was going fine but combofix has been stuck at stage 48 for about 30 minutes. I just want to make sure this is ok

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 February 2012 - 01:50 PM

Let it sit for at least an hour. If it is still hung then, reboot and try running it again from the Safe Mode.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 rfilippo

rfilippo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 February 2012 - 03:48 PM

After about 2 hours it is up to stage 50

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 February 2012 - 03:57 PM

I'd let it continue then - it is obviously making progress (albeit slowly).

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 rfilippo

rfilippo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 February 2012 - 04:45 PM

It finally finished and I got the error message and rebooted. Where do I find the log? If I click on combofix it asks me if I want to "allow changes to the computer."

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 February 2012 - 05:00 PM

This should open the log (or you may naviagate to this location and open it manually):

Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 rfilippo

rfilippo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 February 2012 - 05:30 PM

It cannot find ComboFix.txt but I can pull up ComboFix log which brings up files and folders such as en-US and N_ and asp.str

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 February 2012 - 05:42 PM

The c:\combofix.txt file is the log - it sounds like you are looking at the combofix folder. Boot into the Safe Mode and try running ComboFix again, please.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 rfilippo

rfilippo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 February 2012 - 06:23 PM

ComboFix log:

ComboFix 12-02-12.01 - natalie 02/12/2012 16:58:45.2.1 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.1034 [GMT -6:00]
Running from: c:\users\natalie\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 23:05 . 2012-02-12 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 16:47 . 2012-01-17 10:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A349DF3-B130-4950-A3EF-2AAD5BC15297}\mpengine.dll
2012-02-11 14:49 . 2012-02-11 14:49 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-02-11 14:49 . 2012-02-11 14:49 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-02-10 18:46 . 2012-02-10 19:14 -------- d-----w- c:\users\natalie\AppData\Local\NPE
2012-02-09 02:26 . 2012-02-09 17:32 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-02-09 02:26 . 2012-02-09 02:26 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-02-08 23:26 . 2012-02-08 23:26 -------- d-----w- c:\windows\system32\drivers\NSMx64\0203000.011
2012-02-08 23:26 . 2012-02-08 23:26 -------- d-----w- c:\windows\system32\drivers\NOFx64\0203000.007
2012-02-08 22:48 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-02-08 22:48 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-02-08 22:48 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-02-08 22:48 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-02-08 22:47 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-08 22:47 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-08 22:47 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-08 22:47 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-08 22:19 . 2012-02-09 00:34 -------- d-----w- c:\windows\system32\MpEngineStore
2012-02-08 01:55 . 2012-02-08 01:55 -------- d-----w- c:\programdata\HP Product Assistant
2012-02-08 01:54 . 2012-02-08 01:54 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-02-06 22:15 . 2012-02-06 22:15 -------- d-----w- c:\program files\HP
2012-01-31 21:39 . 2012-01-31 21:40 -------- d-----w- C:\N360_BACKUP
2012-01-31 17:14 . 2012-02-12 16:31 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-01-31 17:14 . 2012-02-12 16:31 97240 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-01-31 17:14 . 2012-02-12 16:31 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-01-31 17:14 . 2012-02-12 16:31 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-31 17:14 . 2012-02-12 16:31 437208 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-01-31 17:14 . 2012-02-12 16:31 1911768 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2012-01-31 17:14 . 2012-02-12 16:31 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2012-01-31 17:14 . 2012-01-29 13:36 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-01-31 17:14 . 2012-01-29 13:36 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-01-31 17:14 . 2012-01-29 13:36 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-31 17:14 . 2012-01-29 13:36 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-31 17:14 . 2012-01-29 13:36 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-31 16:01 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-31 16:00 . 2012-02-09 02:55 -------- d-----w- c:\program files\Symantec
2012-01-31 15:53 . 2012-01-31 15:53 -------- d-----w- c:\programdata\PCSettings
2012-01-31 15:17 . 2012-01-31 15:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 03:28 . 2012-01-31 03:28 -------- d-----w- c:\users\natalie\AppData\Roaming\Systweak
2012-01-31 03:28 . 2012-01-31 15:12 -------- d-----w- c:\program files (x86)\RegClean Pro
2012-01-31 03:12 . 2012-01-31 03:13 -------- d-----w- c:\users\natalie\AppData\Local\ID Vault
2012-01-31 03:12 . 2012-01-31 03:12 -------- d-----w- c:\programdata\IsolatedStorage
2012-01-31 03:09 . 2012-01-31 03:09 -------- d-----w- c:\users\natalie\AppData\Roaming\ID Vault
2012-01-31 03:07 . 2012-01-31 03:07 -------- d-----w- c:\programdata\GID
2012-01-31 03:07 . 2012-01-31 03:07 -------- d-----w- c:\program files (x86)\SFT
2012-01-31 02:48 . 2012-01-31 15:12 -------- d-----w- c:\program files (x86)\xfin_portal
2012-01-31 02:47 . 2012-01-31 15:12 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-01-31 02:47 . 2012-01-31 02:47 -------- d-----w- c:\programdata\White Sky, Inc
2012-01-28 21:48 . 2012-01-28 21:50 -------- d-----w- c:\users\natalie\AppData\Roaming\TP
2012-01-28 19:04 . 2012-01-31 15:12 -------- d-----w- C:\5680563e26ee9f437cc36efb5b4409
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 02:54 . 2011-01-05 16:09 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-29 11:10 . 2010-12-25 13:19 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 21:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-02-07 1157240]
R1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\NOFx64\0203000.007\ccSetx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120210.002\IDSvia64.sys [2012-02-09 488568]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
R2 NOF;Norton Online;c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe [2011-11-30 138248]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-09 138360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSMx64\0203000.011\SymRdrS.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\natalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\natalie\AppData\Roaming\Mozilla\Firefox\Profiles\rgkzksuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=08FD6CC7-CCA6-49AD-8CB5-DC5A382921A8&apn_ptnrs=FM&apn_sauid=6A36C680-5DA3-4091-A1EB-1D956CCE5B32&apn_dtid=TES002YYUS&&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{a94cd80f-57b5-4acc-81c5-7a992808ffe1} - (no file)
Toolbar-Locked - (no file)
Toolbar-{a94cd80f-57b5-4acc-81c5-7a992808ffe1} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-combofix - c:\combofix\CF19360.3XE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOF]
"ImagePath"="\"c:\program files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files (x86)\Norton Online\Engine\2.3.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-12 17:15:01
ComboFix-quarantined-files.txt 2012-02-12 23:15
.
Pre-Run: 189,517,041,664 bytes free
Post-Run: 189,067,567,104 bytes free
.
- - End Of File - - 0DAC627132CD38C82D9F2907F46963ED

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 February 2012 - 06:42 PM

Good - thanks for sticking with it. Do this next:

Posted Image Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:

c:\Qoobox\ComboFix-quarantined-files.txt

That will open a text file - post the contents of that file in your next post.

Please include the following in your next post:
  • FSS log
  • Programs list

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 rfilippo

rfilippo
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 12 February 2012 - 09:29 PM

Thanks for sticking with me!

FSS log:

Farbar Service Scanner Version: 12-02-2012 01
Ran by natalie (administrator) on 12-02-2012 at 20:27:35
Running from "C:\Users\natalie\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 17:36] - [2009-07-13 19:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users