Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Impossible to restart Windows 7 after having run Norton Eraser Tool


  • Please log in to reply
80 replies to this topic

#1 sony12

sony12

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 22 April 2012 - 10:06 PM

Hi,
I'm using windows 7 64bit on Sony Vaio notebook.
I have been running the Norton Eraser tool because I had a virus that was persisting despite all the antivirus and anti malware scans I performed;
Always when I restarted the computer my browser was infected with a small advertisement box that appears on the bottom right from time to time.
So I tried the Norton Eraser tool and after having detected a virus in 2 locations, I restarted my computer and since no more possibility to launch windows 7.
Each time the Windows system is trying to relaunch there's a blue screen that appears one second and after the black screen with the restore options.
I cannot reverse the installation with the restore process, it doesn't work.
No possibility to run the computer in safe mode either.I tried several point without success.
The automatic repair reboot system is also not finding the cause or problem to repair.
I have absolutely no idea what to do? I run a start up with this computer and now I fear to loose all the work I've done since 2 years.:(

Edited by sony12, 22 April 2012 - 10:14 PM.


BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:15 AM

Posted 23 April 2012 - 12:00 AM

Can you try the following, and, if you can, we will be able to run a program to address the issue...

Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys and see if you can select the Repair your computer menu item.

If not, do you have a Windows Seven installation CD/DVD?

...had a virus that was persisting...

Do you recall its name?

Old duck...


#3 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 23 April 2012 - 09:48 AM

Hi Aaflac,

Thank you very much for your reply.
I tried to use the repair your computer already without success.
The computer cannot restart Windows.

I don't have a Windows Seven installation CD as it wasn't provided by the shop.
However I downloaded a version here: http://systemdiscs.com/

I haven't the name of the virus unfortunately.
I just remember that the antivirus found trojan on the system named svchost.exe

Edited by sony12, 23 April 2012 - 09:49 AM.


#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:15 AM

Posted 23 April 2012 - 04:43 PM

Using the CD purchased, see if System Recovery Options is available:
  • Insert the disc in the drive.
  • Restart your computer.
  • If prompted, press any key to start from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click: Next
  • Select the Operating System you want to repair, and then click: Next
  • Select your user account and click: Next

On the System Recovery Options menu, do you get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt

In particular, we need the Command Prompt.

Edited by Aaflac, 23 April 2012 - 06:40 PM.

Old duck...


#5 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 23 April 2012 - 05:15 PM

Hello,

I have been finally able to restore my system.
After seriously having tried all the options above none of them worked even with the disk recovery.
The automated repair failed.
I needed effectively to use the Command Prompt as specified here:
http://neosmart.net/wiki/display/EBCD/Recovering+the+Windows+Bootloader+from+the+DVD
By strictly following the command lines on the above link, I recovered my system! It was the last option (option3) and thought that I will never recover my system!

I do recommend for advanced users to check out the link and follow the guide (I haven't found any other solution expect this one on the internet).

However, I still need to find a way to get ride of the virus.
If you can continue to assist me?

Thanks again for your time and effort.

Edited by sony12, 23 April 2012 - 05:17 PM.


#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:15 AM

Posted 23 April 2012 - 07:08 PM

After seriously having tried all the options above...


Actually, we did not engage in any options to recover your system. Was just checking to see if you could get to the Command Prompt, and then use a program to get the system back up and running.


On the malware issue...

Please run the following diagnostics to see what is currently going on with the system:

Step 1:
Download DDS from one of these locations:
Link 1
Link 2

Save to the Desktop

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the programs we are about to run.

If you wish to look at information on how to disable these programs, please refer to the information available through this link

Windows 7: Right-click DDS and select 'Run as Administrator'

When done, DDS opens two logs:
-DDS.txt (Opens on the Desktop)
-Attach.txt (Minimized on the TaskBar)

Save the reports to your Desktop, and post both reports (do not attach) in your reply.


Step 2:
Also download aswMBR

Save it to the Desktop.

Windows 7: Right-click the file and select 'Run as Administrator'

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to:
Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.

The last line will now say "Scanning" while in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!

Exit the program, and post the new aswMBR log in your reply.


Note that a file named MBR.dat is also created on the Desktop.

Please submit MBR.dat for analysis to VirusTotal


When you get to the website, use the Browse button to navigate to the location of MBR.dat
Click on the file, then, click the Open button.
The file is now displayed in the Submit Box.

Scroll down and click Send File, and wait for the results.

If you get a message saying: 'File has already been analyzed', click: 'Reanalyze file now'

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.

Old duck...


#7 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 23 April 2012 - 07:42 PM

Thanks a lot here is the DDS.txt report:
---------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Hichem at 2:37:18 on 2012-04-24
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4063.2210 [GMT 2:00]
.
AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Avanquest\PowerDesk\PDHookServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [PDHookServer] C:\Program Files (x86)\Avanquest\PowerDesk\PDHookServer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\130303C43444 : DhcpNameServer = 62.2.24.162 192.168.0.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\37861686 : NameServer = 62.2.24.162,192.168.0.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\37861686 : DhcpNameServer = 62.2.24.162 192.168.0.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\46C696E6B6 : DhcpNameServer = 62.2.24.162 192.168.0.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\75169707F62747F5D616C60756E63716 : DhcpNameServer = 212.130.108.10 212.130.104.10
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\C49646F6022596671602341636369616 : NameServer = 62.2.24.162,192.168.0.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\C49646F6022596671602341636369616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F5C54D53-D597-4100-A351-30E209AD38B4}\C496675626F687D236536693 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{1CA1377B-DC1D-4A52-9585-6E06050FAC53}
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 176.9.75.3 www.google-analytics.com.
Hosts: 176.9.75.3 ad-emea.doubleclick.net.
Hosts: 176.9.75.3 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hichem\AppData\Roaming\Mozilla\Firefox\Profiles\ufjnuabc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hichem\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Hichem\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 124dee25-d002-48de-ba5e-c9c2801cb8bc
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120413.001_8c8\BHDrvx64.sys [2012-4-13 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120420.001_8e5\IDSviA64.sys [2012-4-20 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-30 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-4-13 138232]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-3-30 366840]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-13 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-13 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2009-11-13 522240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-14 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-7 256336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-2-20 1038088]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 133104]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-13 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-13 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-13 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-13 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-13 91432]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-13 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-13 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-13 110888]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-23 23:44:18 -------- d-----w- C:\ProgramData\Avanquest
2012-04-23 23:43:20 -------- d-----w- C:\Users\Hichem\AppData\Roaming\Avanquest
2012-04-23 23:43:20 -------- d-----w- C:\Program Files (x86)\Avanquest
2012-04-23 22:34:19 -------- d-----w- C:\Users\Hichem\AppData\Local\NeoSmart_Technologies
2012-04-23 22:30:46 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
2012-04-23 21:29:57 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtsp64.sys
2012-04-23 21:29:57 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307000.009\symds64.sys
2012-04-23 21:29:57 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symnets.sys
2012-04-23 21:29:57 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtspx64.sys
2012-04-23 21:29:57 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ironx64.sys
2012-04-23 21:29:57 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys
2012-04-23 21:29:57 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symefa64.sys
2012-04-23 21:29:44 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307000.009
2012-04-23 21:28:08 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-23 21:28:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-23 21:28:07 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-22 15:10:09 -------- d-----w- C:\FRST
2012-04-22 02:24:52 -------- d-----w- C:\Users\Hichem\AppData\Local\NPE
2012-04-16 05:15:44 -------- d-----w- C:\Program Files\Common Files\Intel
2012-04-16 05:12:54 409624 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-04-16 05:02:20 -------- d-----w- C:\ProgramData\UAB
2012-04-16 05:02:14 -------- d-----w- C:\Users\Hichem\AppData\Local\PC_Drivers_Headquarters
2012-04-16 05:02:06 -------- d-----w- C:\ProgramData\Driver Mender
2012-04-16 05:01:02 -------- d-----w- C:\Program Files (x86)\Driver Mender
2012-04-16 04:57:10 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 04:52:37 -------- d-----w- C:\Users\Hichem\AppData\Roaming\driveridentifier
2012-04-16 04:52:18 -------- d-----w- C:\Program Files (x86)\Driver Identifier
2012-04-16 04:23:49 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-16 02:33:23 -------- d-----w- C:\Users\Hichem\AppData\Roaming\Scooter Software
2012-04-16 02:33:12 -------- d-----w- C:\Program Files (x86)\Beyond Compare 3
2012-04-15 14:31:42 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0405000.022
2012-04-15 14:31:42 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2012-04-15 14:31:40 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-04-15 01:02:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-15 01:02:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-15 01:02:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-15 01:02:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-15 01:02:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-15 01:02:32 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-15 01:02:32 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-14 14:07:08 -------- d-----w- C:\Users\Hichem\AppData\Roaming\SpeedyPC Software
2012-04-14 14:07:08 -------- d-----w- C:\Users\Hichem\AppData\Roaming\DriverCure
2012-04-14 14:06:47 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-04-13 13:35:11 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-04-13 13:35:11 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-04-13 13:35:11 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-04-13 13:35:11 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-04-13 13:35:11 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-04-13 13:35:11 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-04-13 13:35:10 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-04-13 13:34:47 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A
2012-04-13 03:48:49 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-13 03:45:38 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-13 03:45:38 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-13 03:45:38 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-13 03:37:18 94480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\32bit\SICTOOL\tmcomm.sys
2012-04-13 03:26:35 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-13 03:26:34 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-04-11 15:26:05 -------- d-----w- C:\Program Files\Symantec
2012-04-11 15:24:37 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-04-11 15:24:35 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-04-11 15:22:02 232272 ----a-w- C:\Windows\TmNSCIns.dll
2012-04-11 15:20:48 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-04-11 14:49:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74BE3819-B0B8-412B-B8BF-E052F8CD5E51}\offreg.dll
2012-04-10 14:06:00 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74BE3819-B0B8-412B-B8BF-E052F8CD5E51}\mpengine.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 16:34:11 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-03 16:34:10 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-30 15:42:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-30 15:31:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-30 14:29:37 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-03-30 14:29:37 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-03-30 14:29:36 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-03-30 14:29:36 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-03-30 14:29:30 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-03-30 14:29:28 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-03-30 14:29:17 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-03-30 14:29:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-27 21:26:26 -------- d-----w- C:\Users\Hichem\AppData\Local\Broadcom
2012-03-27 18:37:21 615976 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-03-27 18:33:54 39976 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-03-27 18:33:54 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-03-27 18:33:54 211496 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-03-27 18:33:54 184360 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
.
==================== Find3M ====================
.
2012-04-16 04:57:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ------w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 10:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ------w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 2:38:24,96 ===============

#8 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 23 April 2012 - 07:44 PM

Here is DDS Attach.txt:
----------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/12/2009 20:37:34
System Uptime: 24/04/2012 02:27:36 (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 213,463 GiB free.
E: is Removable
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP338: 24/04/2012 01:42:08 - Installed PowerDesk 8.5.
RP337: 24/04/2012 04:27:42 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 176.9.75.3 www.google-analytics.com.
Hosts: 176.9.75.3 ad-emea.doubleclick.net.
Hosts: 176.9.75.3 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe Content Viewer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Assistant
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Professional CS5.5
Adobe InDesign CS5.5
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader X (10.1.3) - Français
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Akamai NetSession Interface
Akamai NetSession Interface Service
Album Downloader
AndreaMosaic 3.33.0
Apple Application Support
Apple Software Update
AVS Update Manager 1.0
Beyond Compare Version 3.3.4
Blogger Backup Utility
Connect
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver Mender
DriverIdentifier 3.9
Dropbox
EasyBCD 2.1.2
FileMaker Pro 11
FileZilla Client 3.5.2
Free Video Zilla
Galerie de photos Windows Live
Genuine Fractals 6.0.6 Professional Edition
Google Update Helper
Google Earth
Intel® Processor ID Utility
Junk Mail filter update
KompoZer 0.8b3
kuler
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Access 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (French) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (French) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Professional 2010
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (French) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (French) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Module de compatibilité pour Microsoft Office System 2007
Mozilla Firefox 11.0 (x86 fr)
Mozilla Thunderbird 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
Ning Network Archiver
Norton Bootable Recovery Tool Wizard
Norton Internet Security
PDF Settings CS5
Photodex Presenter
Photoshop Camera Raw
PowerDesk 8.5
ProShow Producer
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skype Click to Call
Skype™ 5.8
Spyware Doctor 8.0
Suite Shared Configuration CS4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WampServer 2.2
Windows Live
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

#9 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 23 April 2012 - 08:14 PM

STEP 2:
------

After trying 3 times Avast Scan, it wasn't possible to make a complete scan because it has stopped to run.
I got a message that avast anti root ceased to run and that windows will close the program and indicates if a solution is available.

Please if you could advice.

Edited by sony12, 23 April 2012 - 08:15 PM.


#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:15 AM

Posted 23 April 2012 - 11:14 PM

If you can clarify, aswMBR does not run if you attempt to use the Avast definitions. Is that the case?
Have you tried running it without using the Avast definitions, and see if it runs?


Can see where the Hosts file was hijacked, and your Proxy settings were modified by malware.

Please download RogueKiller

•When you get to the website, go to where it says:
(Download link) Lien de téléchargement: Posted Image
•Click the dark-blue button to download.
•Save to the Desktop

•Close all windows and browsers
•Windows Seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt

Please copy/paste the RKreport.txt , and provide it in your reply.


Note:
If RogueKiller is blocked by the malware, try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again.

(RogueKiller is not a replacement for aswMBR, but, it is a short scan that provides good information in most cases, and ways to quickly remove certain entries.)



To reset the Proxy settings in Internet Explorer:

Go to the Menu bar...
Select: Tools > Internet Options > Connections Tab > LAN Settings

If the Proxy server box is marked with a check, click it to deselect/uncheck it.

Click OK to close the Local Area Network (LAN) Settings window, and also to close the Internet Options window.

Edited by Aaflac, 24 April 2012 - 12:25 AM.

Old duck...


#11 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 24 April 2012 - 12:38 AM

-Clarifications regarding aswMBR:
Avast has been installed and and was promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
I Selected: Yes
The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to:
Avast Engine definitions #####

That's where I am.

After I launched the scan and it cannot be fully completed.I don't understand how I could run the scan without using the Avast definition, there's no option to do so, if you could please clarify?
Shall I use avast scan> quick scan and select none on the bottom-left is that the way?

Edited by sony12, 24 April 2012 - 12:58 AM.


#12 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 24 April 2012 - 12:40 AM

Rkreport.txt:
------------

RogueKiller V7.3.3 [22/04/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: Hichem [Droits d'admin]
Mode: Recherche -- Date: 24/04/2012 07:24:58

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 4 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[APPINIT_DLL] HKLM\[...]\Windows : AppInit_DLLs (C:\Users\Hichem\AppData\Roaming\Avanquest\PowerDesk\FileMonitor64.dll) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost
176.9.75.3 www.google-analytics.com.
176.9.75.3 ad-emea.doubleclick.net.
176.9.75.3 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3255GSX +++++
--- User ---
[MBR] 02bfbb575a0060836c08be0d3342819f
[BSP] de9a1bc21a1783dc1f412367bb21d64e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11345 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23236608 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23441408 | Size: 293798 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt

#13 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 24 April 2012 - 12:45 AM

To reset the Proxy settings in Internet Explorer:
------------------------------------------------
Shall I reset it after the rogue killer scan? or they are not related?
In fact,, after verification the Proxy server box is not marked with a check.

PS/ Apologizes if the report is in French, my Windows installation and location is in France actually, I don't know how to change the language. Please let me know if this is an issue.
Kindly

Edited by sony12, 24 April 2012 - 12:54 AM.


#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:15 AM

Posted 24 April 2012 - 08:14 AM

French is OK.

Let's press on with RogueKiller...

•Please quit all programs
•Right-click the RogueKiller file and select 'Run as Administrator'
•Wait until the Prescan finishes

•Once again at the RogueKiller console, click the Hosts tab.
•Make sure the entries there are checked, if there is an option to do so.
•Then, press the [HostFix] button.
An RKreport (Mode: HostFix) is now created on the Desktop.

Please post the Mode: HostFix report in your reply.


On aswMBR, it looks as if you have two AntiVirus programs installed, AV: Trend Micro Titanium,
and AV: Norton Internet Security. That alone, will cause problems. You must only have one AV program installed.

You need to uninstall whichever one you do not want to use. If it is Trend Micro's product, look
here.

Also, Norton Internet Security may be creating a problem environment for aswMBR, but that is a story of its own.

Try running aswMBR with the AV Scan box set to: None, and then press Scan.
If that works, run it again with the AV Scan box set to Quick Scan, and see if the Avast definitions run, and the scan goes to completion.

The Avast definitions scan may take a while.
It says "Quick Scan", but sometimes it is not!

Old duck...


#15 sony12

sony12
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 24 April 2012 - 08:48 AM

Thanks a lot I will follow your instructions and post the results here.
I do agree about Trendmicro and other antivirus programs installed, this is another issue I have.
I wasn't able to uninstall Trendmicro Titanium. It's still on the system but partially removed.
Wasn't able to remove it completely.
Norton Anti Virus is a trial plan so I'm open also to any other suggestion.
I definitely need to clean up my computer from many programs, as you can see in the report, but in many case I wasn't able to remove some programs.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users