Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer has Google redirect virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 blazerb

blazerb

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 20 February 2012 - 11:15 PM

Results of DDS.txt below, short explanation is as follows:

When I search for something via google, the following happens, first it starts searching for ninjaa.info site and then ends up at askthecrew.com or a click.get-answers-fast or something similar.

Sometimes it works for a few times and then starts acting up again. At one point I did find a googleredirect entry in the registry which I deleted. Then it worked for a while (by a while I mean minutes), then it started again. I’ve uninstalled Mozilla and Google Chrome and cannot uninstall IE. When I go to the place that suggests you can disable it, it does not show up (IE).


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by barbara.blazer at 19:57:10 on 2012-02-20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3758.1363 [GMT -8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Spyware Cease 2011\SpywareCease2011.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:57313
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{af69de43-7d58-4638-b6fa-ce66b5ad205d}
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Flash and Media Capture Helper: {e8803722-a7f5-45c5-b39a-a8b244486ec2} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Flash and Media Capture Bar: {650eb965-8a1d-41c9-a941-0578f5cfc569} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {F3902028-4A21-4793-8E05-793E183D51C2} - No File
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SCHelper.exe] C:\Program Files (x86)\Spyware Cease 2011\SCHelper.exe -0
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save &image with Flash and Media Capture - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/saveimg.htm
IE: Save &media files with Flash and Media Capture - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/savemedia.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
IE: {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - {B3DA38C9-7C7B-4C32-8A65-8745B3B6085E} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-

2.2.6.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.2 75.75.75.75 75.75.76.76
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128} : DhcpNameServer = 192.168.1.2 75.75.75.75 75.75.76.76
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\25F6E616C6462343 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\3416C69666F627E69616 : NameServer = 4.2.2.1,208.201.224.11
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\3416C69666F627E69616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\3565D494F505279667164756 : DhcpNameServer = 10.8.6.200 10.8.6.201
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\358434F5055726C69636 : DhcpNameServer = 68.65.168.244 68.65.168.252 12.127.16.67 12.127.17.71
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\F46756274627966756D2732403 : NameServer = 4.2.2.1,208.201.224.11
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\F46756274627966756D2732403 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 10.8.6.200 10.8.6.201
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE

\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Flash and Media Capture Helper: {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Flash and Media Capture Bar: {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {F3902028-4A21-4793-8E05-793E183D51C2} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [SCHelper.exe] C:\Program Files (x86)\Spyware Cease 2011\SCHelper.exe -0
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-10-2 1831024]
R2 TracSrvWrapper;Check Point Endpoint Connect;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-6-6 3487288]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-12-7 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-7

2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-12-7 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-6-1 609904]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-13 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS

\NETw5s64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\system32\DRIVERS\vnaap.sys --> C:\Windows\system32\DRIVERS\vnaap.sys [?]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-12-7 1250160]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-7 252416]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S3 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\363\g2ax_service.exe [2012-1-3 609144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2010-3-19 1120752]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-20 16:53:26 -------- d-----w- C:\bb9bc2ae26940c09ed95a551
2012-02-19 05:29:08 34736 ----a-w- C:\Windows\SysWow64\drivers\RKHit.sys
2012-02-19 05:29:07 -------- d-----w- C:\Program Files (x86)\Spyware Cease 2011
2012-02-19 00:11:33 20480 ----a-w- C:\Windows\svchost.exe
2012-02-18 18:19:36 -------- d-----w- C:\13c79b1d8e3fac81ace583da
2012-02-18 00:38:07 -------- d-----w- C:\a3318eb3a980b69fe7dcda15
2012-02-17 23:47:00 -------- d-----w- C:\7421c0dacbc473228598b40137
2012-02-17 22:07:32 20480 ----a-w- C:\Windows\svchost.od1
2012-02-17 21:48:41 20480 ----a-w- C:\Windows\svchost.old
2012-02-16 19:34:45 -------- d-----w- C:\Program Files (x86)\Seagate
2012-02-16 19:28:44 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-02-16 17:15:56 -------- d-----w- C:\470570ed88e9eac815a366210cd2f3a6
2012-02-15 15:12:10 -------- d-----w- C:\Online cleanup
2012-02-15 04:26:54 -------- d-----w- C:\05faa41de21c1a8743efdace96e8
2012-02-13 22:05:32 -------- d-----w- C:\bcea4cba15a10255f33502b8a0
2012-02-13 19:47:41 -------- d-----w- C:\e523b9b43b8173e4face6fda5ac2
2012-02-13 02:20:59 -------- d-----w- C:\ProgramData\The Neat Company
2012-02-13 02:20:54 -------- d-----w- C:\Program Files\Common Files\The Neat Company
2012-02-13 02:20:54 -------- d-----w- C:\Program Files (x86)\Neat
2012-02-13 02:20:54 -------- d-----w- C:\Program Files (x86)\Common Files\The Neat Company
2012-02-13 02:17:44 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-02-13 02:17:44 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-02-13 02:17:20 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-02-12 21:20:26 -------- d-----w- C:\ac7441fa96d86698e7da0236b5
2012-02-12 07:15:21 -------- d-----w- C:\37617622273b38d522c559cbe67ed925
2012-02-11 02:08:31 -------- d-----w- C:\Users\barbara.blazer.SVMII\AppData\Roaming\78A54
2012-02-11 02:08:16 -------- d-----w- C:\Users\barbara.blazer.SVMII\AppData\Roaming\F4378
2012-02-11 01:44:19 -------- d-----w- C:\Program Files (x86)\LP
2012-02-11 00:03:48 -------- d-----w- C:\79cbe43b58d908c0e063
2012-02-10 15:55:57 -------- d-----w- C:\7a604cf17eec769f45a2e7
2012-02-07 00:51:11 -------- d-----w- C:\68cea9ee2dc31b46e0
2012-02-06 22:13:59 -------- d-----w- C:\Users\barbara.blazer.SVMII\AppData\Local\Programs
2012-02-06 22:13:47 -------- d-----w- C:\Users\barbara.blazer.SVMII\AppData\Local\ArcSoft
2012-02-06 22:13:45 -------- d--h--w- C:\ProgramData\ArcSoft
2012-02-03 19:55:08 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-02-03 19:55:06 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-02-03 19:55:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 17:37:17 -------- d-----w- C:\1fb4d561d92319411961219fbd66501f
2012-02-01 18:13:28 -------- d-----w- C:\d07f785db90588501b
2012-01-31 02:11:10 -------- d-----w- C:\f059dab21f1d621213
2012-01-30 19:06:23 -------- d-----w- C:\Users\barbara.blazer.SVMII\AppData\Roaming\TeamViewer
2012-01-30 19:06:15 -------- d-----w- C:\Users\barbara.blazer.SVMII\temp
2012-01-30 17:09:00 -------- d-----w- C:\5c527d7c4eac5c0c76f218f56d
2012-01-29 01:46:39 -------- d-----w- C:\Users\barbara.blazer.SVMII\AppData\Local\Diagnostics
2012-01-27 19:46:26 -------- d-----w- C:\Users\barbara.blazer.SVMII\AppData\Roaming\Malwarebytes
2012-01-27 19:37:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-27 19:37:46 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-27 19:37:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-01-06 04:44:51 1251186 ----a-w- C:\Users\barbara.blazer.SVMII\VMware-viclient-all-5.0.0-4559645.0.exe
2012-01-05 05:34:29 277 ----a-w- C:\Windows\SysWow64\pserver.bin
2012-01-03 17:24:35 110456 ----a-w- C:\Users\barbara.blazer.SVMII\g2ax_customer_downloadhelper_win32_x86.exe
2011-12-09 18:58:45 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-08 05:58:31 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-08 03:58:32 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-08 03:58:18 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-08 03:15:31 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys
2011-12-08 03:15:31 936448 ----a-w- C:\Windows\System32\vmsal.exe
2011-12-08 03:15:31 793600 ----a-w- C:\Windows\SysWow64\vmsal.exe
2011-12-08 03:15:31 66304 ----a-w- C:\Windows\System32\drivers\vpcnfltr.sys
2011-12-08 03:15:31 562176 ----a-w- C:\Windows\System32\VMCPropertyHandler.dll
2011-12-08 03:15:31 187904 ----a-w- C:\Windows\System32\drivers\vpchbus.sys
2011-12-08 03:15:31 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll
2011-12-08 03:15:31 1369600 ----a-w- C:\Windows\System32\VPCSettings.exe
2011-12-08 03:13:03 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-12-08 03:12:59 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-12-08 03:12:59 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-12-08 03:12:53 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-12-08 03:12:51 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-12-08 03:12:48 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
============= FINISH: 19:58:23.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 21 February 2012 - 03:09 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 blazerb

blazerb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 21 February 2012 - 03:02 PM

Hi Gringo, thank you for your reply. I am pasting in a copy of the file. Just to let you know, last night, after I went to bed, my hubby downloaded tdsskiller and ran it, this morning I did not seem to have the google problem anymore but my Norton kept popping up with other issues. I can't seem to paste in the snip of the Norton Screen but here are some examples of what it found:
DWHDED2.tmp - trojan.gen2 - quarantined
DWH8276.tmp - trojan.gen2 - quarantined
etc. for a lot of tmp files. I went and deleted as many as I could, some could not be found. I tried to turn off Norton for this combofix but it would not completely turn off, it is a Corporate Edition. I disabled everything I could.

Here is a copy of the combofix.txt file, please let me know what you think. It seems the google redirect may be gone but wonder if I have anything else.

ComboFix 12-02-21.02 - barbara.blazer 02/21/2012 11:21:22.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3758.1795 [GMT -8:00]
Running from: c:\users\barbara.blazer.SVMII\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\users\barbara.blazer.SVMII\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\barbara.blazer.SVMII\VMware-viclient-all-5.0.0-4559645.0.exe
c:\windows\SysWow64\drivers\RKHit.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 16:33 . 2012-02-21 16:33 -------- d-----w- C:\d646167e223ecad2cfb66170e786d4
2012-02-21 04:30 . 2012-02-21 04:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-20 16:53 . 2012-02-20 16:53 -------- d-----w- C:\bb9bc2ae26940c09ed95a551
2012-02-19 05:29 . 2012-02-21 03:10 -------- d-----w- c:\program files (x86)\Spyware Cease 2011
2012-02-18 18:19 . 2012-02-18 18:19 -------- d-----w- C:\13c79b1d8e3fac81ace583da
2012-02-18 00:38 . 2012-02-18 00:38 -------- d-----w- C:\a3318eb3a980b69fe7dcda15
2012-02-17 23:47 . 2012-02-17 23:47 -------- d-----w- C:\7421c0dacbc473228598b40137
2012-02-16 19:34 . 2012-02-16 19:34 -------- d-----w- c:\program files (x86)\Seagate
2012-02-16 19:28 . 2012-02-16 19:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-16 17:15 . 2012-02-16 17:15 -------- d-----w- C:\470570ed88e9eac815a366210cd2f3a6
2012-02-15 15:12 . 2012-02-15 15:13 -------- d-----w- C:\Online cleanup
2012-02-15 04:26 . 2012-02-15 04:26 -------- d-----w- C:\05faa41de21c1a8743efdace96e8
2012-02-13 22:05 . 2012-02-13 22:05 -------- d-----w- C:\bcea4cba15a10255f33502b8a0
2012-02-13 19:47 . 2012-02-13 19:47 -------- d-----w- C:\e523b9b43b8173e4face6fda5ac2
2012-02-13 02:20 . 2012-02-13 02:20 -------- d-----w- c:\programdata\The Neat Company
2012-02-13 02:20 . 2012-02-13 02:21 -------- d-----w- c:\program files\Common Files\The Neat Company
2012-02-13 02:20 . 2012-02-13 02:20 -------- d-----w- c:\program files (x86)\Neat
2012-02-13 02:20 . 2012-02-13 02:20 -------- d-----w- c:\program files (x86)\Common Files\The Neat Company
2012-02-13 02:17 . 2012-02-13 02:17 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-13 02:17 . 2012-02-13 02:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-13 02:17 . 2012-02-13 02:17 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-12 21:20 . 2012-02-12 21:20 -------- d-----w- C:\ac7441fa96d86698e7da0236b5
2012-02-12 07:15 . 2012-02-12 07:15 -------- d-----w- C:\37617622273b38d522c559cbe67ed925
2012-02-11 02:08 . 2012-02-11 14:51 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\78A54
2012-02-11 02:08 . 2012-02-11 14:51 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\F4378
2012-02-11 01:43 . 2012-02-11 01:43 -------- d-----w- c:\windows\Sun
2012-02-11 00:03 . 2012-02-11 00:03 -------- d-----w- C:\79cbe43b58d908c0e063
2012-02-10 15:55 . 2012-02-10 15:56 -------- d-----w- C:\7a604cf17eec769f45a2e7
2012-02-07 00:51 . 2012-02-07 00:51 -------- d-----w- C:\68cea9ee2dc31b46e0
2012-02-06 22:13 . 2012-02-06 22:13 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Local\Programs
2012-02-06 22:13 . 2012-02-06 22:13 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Local\ArcSoft
2012-02-06 22:13 . 2012-02-06 22:13 -------- d--h--w- c:\programdata\ArcSoft
2012-02-06 22:13 . 2012-02-06 22:13 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\ArcSoft
2012-02-03 19:55 . 2012-02-13 04:59 -------- d-----w- c:\programdata\McAfee Security Scan
2012-02-03 19:55 . 2012-02-03 19:55 -------- d-----w- c:\programdata\McAfee
2012-02-03 19:55 . 2012-02-06 20:02 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-02-03 19:55 . 2012-02-17 23:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 19:54 . 2012-02-03 19:54 -------- d-----w- c:\windows\system32\Macromed
2012-02-02 17:37 . 2012-02-02 17:37 -------- d-----w- C:\1fb4d561d92319411961219fbd66501f
2012-02-01 18:13 . 2012-02-01 18:13 -------- d-----w- C:\d07f785db90588501b
2012-01-31 02:11 . 2012-01-31 02:11 -------- d-----w- C:\f059dab21f1d621213
2012-01-30 19:06 . 2012-01-30 19:06 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\TeamViewer
2012-01-30 19:06 . 2012-01-30 19:06 -------- d-----w- c:\users\barbara.blazer.SVMII\temp
2012-01-30 17:09 . 2012-01-30 17:09 -------- d-----w- C:\5c527d7c4eac5c0c76f218f56d
2012-01-29 01:46 . 2012-01-29 01:46 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Local\Diagnostics
2012-01-27 19:46 . 2012-01-27 19:46 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\Malwarebytes
2012-01-27 19:37 . 2012-01-27 19:37 -------- d-----w- c:\programdata\Malwarebytes
2012-01-27 19:37 . 2012-02-11 06:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-27 19:37 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 18:58 . 2011-12-09 18:58 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-08 05:58 . 2011-12-08 05:58 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38F9C683-C238-4AC9-8F8F-09E6E61A9936}\mpengine.dll
2011-12-08 05:58 . 2011-12-08 05:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-08 03:58 . 2011-12-08 03:58 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-08 03:58 . 2011-12-08 03:58 455680 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-08 03:15 . 2011-12-08 03:15 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2011-12-08 03:15 . 2011-12-08 03:15 936448 ----a-w- c:\windows\system32\vmsal.exe
2011-12-08 03:15 . 2011-12-08 03:15 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2011-12-08 03:15 . 2011-12-08 03:15 66304 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2011-12-08 03:15 . 2011-12-08 03:15 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-12-08 03:15 . 2011-12-08 03:15 187904 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2011-12-08 03:15 . 2011-12-08 03:15 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2011-12-08 03:15 . 2011-12-08 03:15 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2011-12-08 03:13 . 2011-12-08 03:13 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-12-08 03:12 . 2011-12-08 03:12 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 05:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-22 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-10-02 115560]
"Check Point Endpoint Connect"="c:\program files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" [2010-06-06 611888]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"SCHelper.exe"="c:\program files (x86)\Spyware Cease 2011\SCHelper.exe" [2011-02-16 403456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files (x86)\Citrix\GoToAssist Express Customer\363\g2ax_service.exe Start=service [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2010-03-19 1120752]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 TracSrvWrapper;Check Point Endpoint Connect;c:\program files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-06-06 3487288]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-09 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 21:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\02-18-2012_213011.job
- c:\program files (x86)\Spyware Cease 2011\SpywareCease2011.exe [2012-02-19 18:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"combofix"="c:\combofix\CF26374.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:57313
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save &image with Flash and Media Capture - c:\program files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/saveimg.htm
IE: Save &media files with Flash and Media Capture - c:\program files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/savemedia.htm
IE: {{F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - {B3DA38C9-7C7B-4C32-8A65-8745B3B6085E} - c:\program files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
TCP: DhcpNameServer = 10.8.6.200 10.8.6.201
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\3416C69666F627E69616: NameServer = 4.2.2.1,208.201.224.11
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\F46756274627966756D2732403: NameServer = 4.2.2.1,208.201.224.11
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f3902028-4a21-4793-8e05-793e183d51c2} - (no file)
SafeBoot-Symantec Antvirus
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F3902028-4A21-4793-8E05-793E183D51C2} - (no file)
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}\VAIO Messenger Setup 2.0.348.0.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2012-02-21 11:48:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 19:48
.
Pre-Run: 365,597,339,648 bytes free
Post-Run: 365,435,850,752 bytes free
.
- - End Of File - - 9AA52047D22B20A1784539DF4A378A6B


Thank you!

Barbara

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 21 February 2012 - 06:58 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 blazerb

blazerb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 21 February 2012 - 11:20 PM

Hi, I ran the TDSSkiller and it found no errors and there is no copyable log. I can look at the report but it does not let me save or copy it.

I ran the other one, aswmbr and following is the log file:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-21 20:07:14
-----------------------------
20:07:14.362 OS Version: Windows x64 6.1.7600
20:07:14.362 Number of processors: 4 586 0x2505
20:07:14.362 ComputerName: SVMII-540642440 UserName: barbara.blazer
20:07:15.781 Initialize success
20:07:46.993 AVAST engine defs: 12022101
20:07:50.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:07:50.222 Disk 0 Vendor: TOSHIBA_ LH50 Size: 476940MB BusType: 3
20:07:50.238 Disk 0 MBR read successfully
20:07:50.238 Disk 0 MBR scan
20:07:50.253 Disk 0 Windows 7 default MBR code
20:07:50.269 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15494 MB offset 2048
20:07:50.284 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31733760
20:07:50.300 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461344 MB offset 31938560
20:07:50.347 Disk 0 scanning C:\Windows\system32\drivers
20:08:06.430 Service scanning
20:08:51.860 Modules scanning
20:08:51.860 Disk 0 trace - called modules:
20:08:51.891 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:08:51.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006383060]
20:08:51.891 3 CLASSPNP.SYS[fffff88001b0543f] -> nt!IofCallDriver -> [0xfffffa8003573960]
20:08:51.891 5 ACPI.sys[fffff88000ef1781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800439b050]
20:08:54.247 AVAST engine scan C:\Windows
20:08:59.753 AVAST engine scan C:\Windows\system32
20:12:58.169 AVAST engine scan C:\Windows\system32\drivers
20:13:14.985 AVAST engine scan C:\Users\barbara.blazer.SVMII
20:15:16.962 Disk 0 MBR has been saved successfully to "C:\Users\barbara.blazer.SVMII\Desktop\MBR.dat"
20:15:16.962 The log file has been saved successfully to "C:\Users\barbara.blazer.SVMII\Desktop\aswMBR.txt"


Thanks, let me know if all looks well.

Barbara

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 21 February 2012 - 11:33 PM

Greetings

DWHDED2.tmp - trojan.gen2 - quarantined
DWH8276.tmp - trojan.gen2 - quarantined


that is symantic finding itself
http://www.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder



At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
C:\TDSSKiller_Quarantine
c:\users\barbara.blazer.SVMII\AppData\Roaming\78A54
c:\users\barbara.blazer.SVMII\AppData\Roaming\F4378
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 blazerb

blazerb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 22 February 2012 - 05:25 PM

Hi Gringo, here is the pasted in logfile. The only problem I am encountering now is the Symantec popping up with those tmp files as well as finding combofix.exe and getting rid of it as a virus. I downloaded it again and ran it with the script file in it, the results are below. I assume you would like me to go to the thread on the Symantec problem and do what they say to do in there to get rid of the Symantec issues?

ComboFix 12-02-22.01 - barbara.blazer 02/22/2012 7:16.3.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3758.2071 [GMT -8:00]
Running from: c:\users\barbara.blazer.SVMII\Desktop\ComboFix.exe
Command switches used :: c:\users\barbara.blazer.SVMII\Desktop\cfscript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_1dee.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\object.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0001.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\20.02.2012_20.29.01\mbr0000\tdlfs0000\tsk0006.ini
c:\users\barbara.blazer.SVMII\AppData\Roaming\F4378\8A54.437
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 15:24 . 2012-02-22 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 15:24 . 2012-02-22 15:24 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2012-02-22 15:24 . 2012-02-22 15:24 -------- d-----w- c:\users\barbara.blazer\AppData\Local\temp
2012-02-22 15:24 . 2012-02-22 15:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-21 16:33 . 2012-02-21 16:33 -------- d-----w- C:\d646167e223ecad2cfb66170e786d4
2012-02-20 16:53 . 2012-02-20 16:53 -------- d-----w- C:\bb9bc2ae26940c09ed95a551
2012-02-19 05:29 . 2012-02-21 03:10 -------- d-----w- c:\program files (x86)\Spyware Cease 2011
2012-02-18 18:19 . 2012-02-18 18:19 -------- d-----w- C:\13c79b1d8e3fac81ace583da
2012-02-18 00:38 . 2012-02-18 00:38 -------- d-----w- C:\a3318eb3a980b69fe7dcda15
2012-02-17 23:47 . 2012-02-17 23:47 -------- d-----w- C:\7421c0dacbc473228598b40137
2012-02-16 19:34 . 2012-02-16 19:34 -------- d-----w- c:\program files (x86)\Seagate
2012-02-16 19:28 . 2012-02-16 19:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-16 17:15 . 2012-02-16 17:15 -------- d-----w- C:\470570ed88e9eac815a366210cd2f3a6
2012-02-15 15:12 . 2012-02-15 15:13 -------- d-----w- C:\Online cleanup
2012-02-15 04:26 . 2012-02-15 04:26 -------- d-----w- C:\05faa41de21c1a8743efdace96e8
2012-02-13 22:05 . 2012-02-13 22:05 -------- d-----w- C:\bcea4cba15a10255f33502b8a0
2012-02-13 19:47 . 2012-02-13 19:47 -------- d-----w- C:\e523b9b43b8173e4face6fda5ac2
2012-02-13 02:20 . 2012-02-13 02:20 -------- d-----w- c:\programdata\The Neat Company
2012-02-13 02:20 . 2012-02-13 02:21 -------- d-----w- c:\program files\Common Files\The Neat Company
2012-02-13 02:20 . 2012-02-13 02:20 -------- d-----w- c:\program files (x86)\Neat
2012-02-13 02:20 . 2012-02-13 02:20 -------- d-----w- c:\program files (x86)\Common Files\The Neat Company
2012-02-13 02:17 . 2012-02-13 02:17 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-13 02:17 . 2012-02-13 02:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-13 02:17 . 2012-02-13 02:17 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-12 21:20 . 2012-02-12 21:20 -------- d-----w- C:\ac7441fa96d86698e7da0236b5
2012-02-12 07:15 . 2012-02-12 07:15 -------- d-----w- C:\37617622273b38d522c559cbe67ed925
2012-02-11 01:43 . 2012-02-11 01:43 -------- d-----w- c:\windows\Sun
2012-02-11 00:03 . 2012-02-11 00:03 -------- d-----w- C:\79cbe43b58d908c0e063
2012-02-10 15:55 . 2012-02-10 15:56 -------- d-----w- C:\7a604cf17eec769f45a2e7
2012-02-07 00:51 . 2012-02-07 00:51 -------- d-----w- C:\68cea9ee2dc31b46e0
2012-02-06 22:13 . 2012-02-06 22:13 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Local\Programs
2012-02-06 22:13 . 2012-02-06 22:13 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Local\ArcSoft
2012-02-06 22:13 . 2012-02-06 22:13 -------- d--h--w- c:\programdata\ArcSoft
2012-02-06 22:13 . 2012-02-06 22:13 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\ArcSoft
2012-02-03 19:55 . 2012-02-13 04:59 -------- d-----w- c:\programdata\McAfee Security Scan
2012-02-03 19:55 . 2012-02-03 19:55 -------- d-----w- c:\programdata\McAfee
2012-02-03 19:55 . 2012-02-06 20:02 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-02-03 19:55 . 2012-02-17 23:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 19:54 . 2012-02-03 19:54 -------- d-----w- c:\windows\system32\Macromed
2012-02-02 17:37 . 2012-02-02 17:37 -------- d-----w- C:\1fb4d561d92319411961219fbd66501f
2012-02-01 18:13 . 2012-02-01 18:13 -------- d-----w- C:\d07f785db90588501b
2012-01-31 02:11 . 2012-01-31 02:11 -------- d-----w- C:\f059dab21f1d621213
2012-01-30 19:06 . 2012-01-30 19:06 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\TeamViewer
2012-01-30 19:06 . 2012-01-30 19:06 -------- d-----w- c:\users\barbara.blazer.SVMII\temp
2012-01-30 17:09 . 2012-01-30 17:09 -------- d-----w- C:\5c527d7c4eac5c0c76f218f56d
2012-01-29 01:46 . 2012-01-29 01:46 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Local\Diagnostics
2012-01-27 19:46 . 2012-01-27 19:46 -------- d-----w- c:\users\barbara.blazer.SVMII\AppData\Roaming\Malwarebytes
2012-01-27 19:37 . 2012-01-27 19:37 -------- d-----w- c:\programdata\Malwarebytes
2012-01-27 19:37 . 2012-02-11 06:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-27 19:37 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 18:58 . 2011-12-09 18:58 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-08 05:58 . 2011-12-08 05:58 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38F9C683-C238-4AC9-8F8F-09E6E61A9936}\mpengine.dll
2011-12-08 05:58 . 2011-12-08 05:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-08 03:58 . 2011-12-08 03:58 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-08 03:58 . 2011-12-08 03:58 455680 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-08 03:15 . 2011-12-08 03:15 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2011-12-08 03:15 . 2011-12-08 03:15 936448 ----a-w- c:\windows\system32\vmsal.exe
2011-12-08 03:15 . 2011-12-08 03:15 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2011-12-08 03:15 . 2011-12-08 03:15 66304 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2011-12-08 03:15 . 2011-12-08 03:15 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-12-08 03:15 . 2011-12-08 03:15 187904 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2011-12-08 03:15 . 2011-12-08 03:15 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2011-12-08 03:15 . 2011-12-08 03:15 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2011-12-08 03:13 . 2011-12-08 03:13 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-12-08 03:12 . 2011-12-08 03:12 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-12-08 03:12 . 2011-12-08 03:12 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-21_19.34.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-21 19:32 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-22 15:27 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-12 20:27 . 2012-02-22 05:16 59306 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-22 05:16 34490 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-08 03:25 . 2012-02-21 19:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-08 03:25 . 2012-02-22 15:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-08 03:25 . 2012-02-22 15:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-08 03:25 . 2012-02-21 19:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-21 19:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-22 15:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-08 20:18 . 2012-02-22 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-08 20:18 . 2012-02-21 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-08 20:18 . 2012-02-21 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-08 20:18 . 2012-02-22 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 18:19 . 2012-02-22 05:16 9254 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1395465889-2262803984-1824069730-3123_UserData.bin
+ 2012-02-22 15:26 . 2012-02-22 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-21 19:32 . 2012-02-21 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-22 15:26 . 2012-02-22 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-21 19:32 . 2012-02-21 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-02-22 15:27 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-21 19:32 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-02-22 15:28 878744 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-22 15:28 198000 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-02-21 19:31 472768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-22 15:25 472768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-21 19:32 4390912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-22 15:27 4390912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 18:23 . 2012-02-21 19:31 2746520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1395465889-2262803984-1824069730-3123-8192.dat
+ 2011-12-09 18:23 . 2012-02-22 15:25 2746520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1395465889-2262803984-1824069730-3123-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-22 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-10-02 115560]
"Check Point Endpoint Connect"="c:\program files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" [2010-06-06 611888]
"SCHelper.exe"="c:\program files (x86)\Spyware Cease 2011\SCHelper.exe" [2011-02-16 403456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files (x86)\Citrix\GoToAssist Express Customer\363\g2ax_service.exe Start=service [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2010-03-19 1120752]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 TracSrvWrapper;Check Point Endpoint Connect;c:\program files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-06-06 3487288]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-09 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 21:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\02-18-2012_213011.job
- c:\program files (x86)\Spyware Cease 2011\SpywareCease2011.exe [2012-02-19 18:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:57313
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save &image with Flash and Media Capture - c:\program files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/saveimg.htm
IE: Save &media files with Flash and Media Capture - c:\program files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/savemedia.htm
IE: {{F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - {B3DA38C9-7C7B-4C32-8A65-8745B3B6085E} - c:\program files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
TCP: DhcpNameServer = 192.168.1.2 75.75.75.75 75.75.76.76
TCP: Interfaces\{7B15CE1F-AF98-4008-B086-F33B07445128}\F46756274627966756D2732403: NameServer = 4.2.2.1,208.201.224.11
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2012-02-22 07:41:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 15:41
ComboFix2.txt 2012-02-21 19:48
.
Pre-Run: 368,150,724,608 bytes free
Post-Run: 368,148,496,384 bytes free
.
- - End Of File - - 1721FF66245432249F13E48CC8B261BA

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 22 February 2012 - 05:34 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3.2
Ask Toolbar
Java™ 6 Update 20
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 blazerb

blazerb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 February 2012 - 10:24 AM

Malwarebytes file:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
barbara.blazer :: SVMII-540642440 [administrator]

2/22/2012 9:37:16 PM
mbam-log-2012-02-22 (21-37-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239441
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

There was no log file created by Hijackthis. It asked me if it wanted me to create one, I said yes, and it opened a blank notepad file. I can't cut and paste the info that shows up in the actual hijackthis program, it will not let me select and copy. Please advise.

I am still having Norton pop up with combofix.exe and those temp files. When I get to work, I will uninstall Norton and re-install it, any other suggestions on that? I'm concerned that my other users will start having these issues with Norton also.

Thanks!

Barbara

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 23 February 2012 - 11:38 AM

Hello

that is the best that i know of to do with norton and alot of users are complaining about the same thing


about hijackthis see this note

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 blazerb

blazerb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 23 February 2012 - 11:48 AM

Thanks Gringo, I read that before that thought that since I am administrator I didn't have to do it that way, but you are right. Here's the logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:47 AM, on 2/23/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57313
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Check Point Endpoint Connect] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
O4 - HKLM\..\Run: [SCHelper.exe] C:\Program Files (x86)\Spyware Cease 2011\SCHelper.exe -0
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Append Link Target to Existing PDF - res://c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Save &media files with Flash and Media Capture - res://C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll/savemedia.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files (x86)\MetaProducts Flash & Media Capture\FMCapt.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = svmii.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = svmii.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = svmii.com,hsd1.ca.comcast.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = svmii.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = svmii.com,hsd1.ca.comcast.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = svmii.com,hsd1.ca.comcast.net
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist Express Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\363\g2ax_service.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Check Point Endpoint Connect (TracSrvWrapper) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16107 bytes

I am currently uninstalling Symantec Endpoing and will reinstall.

Thanks!

Barbara

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 23 February 2012 - 12:10 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "c:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
      O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 blazerb

blazerb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 24 February 2012 - 02:29 PM

Hi, I am still trying to complete this request. I haven't been able to run the full scan, I got about 77% done yesterday and had to leave so had to stop it. I am having trouble with Symantec, I uninstalled it and reinstalled it several times but it never updates and says it is an old version. I install it on other users and it is fine. Not sure what to do about it.

Thanks

Barbara

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:46 PM

Posted 24 February 2012 - 02:48 PM

Hello


try this for removing norton - http://www.appremover.com/

and then try to reinstall it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 blazerb

blazerb
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 24 February 2012 - 05:05 PM

Hi, so I've run the app remover and tried to reinstall, each time Symantec chokes. I watched it more closely and got a message during live update that it couldn't contact the server. I even rebuilt the install package in Symantec Endpoint Protection Manager (mind you, I have installed this package on several other computers here at work and no problem, I even stopped and started the Symantec Services. So this time, I ran app remover and picked the repair option. It ran through the live update again, got a lot further, but then choked near the end. It is not running a deeper scan (it did this automatically, it's about 50% done). Stay tuned...

Barbara




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users