1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

computer freezing up

Discussion in 'Virus & Other Malware Removal' started by kiddo8997d7, Feb 14, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. kiddo8997d7

    kiddo8997d7 Thread Starter

    Joined:
    Feb 14, 2010
    Messages:
    7
    I was doing a google search (about Drew Brees' son) on 2/8 and clicked on a link. A window popped up saying it was a bad link and that I shouldn't go there. I didn't. I clicked on a different link for my search and got the same kind of messaging saying it was a bad link and not to go there, so I didn't. Another window popped up saying that I was infected. Since then my computer has been freezing up. I have run McAfee, Norton Anti-Virus and Microsoft Essentials. They all come back and say there is nothing wrong. However, it took me almost 6 hours to get Norton loaded onto my computer and to run a complete scan. It comes free with Comcast, but the computer kept freezing up and it had to remove McAfee in the process. I also had done a system restore to back before the super bowl, but that didn't help. I think I've been hijack. I am hoping you can help me. My netbook is only 4 months old, so is still under warranty, but I honestly don't know if that covers viruses or not. Thank you for whatever you can do.
     
  2. kiddo8997d7

    kiddo8997d7 Thread Starter

    Joined:
    Feb 14, 2010
    Messages:
    7
    Based on a previous post, I went to Hijack this and this is the result.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:20:41 PM, on 2/14/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\TOSHIBA\IVP\ISM\pinger.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Atheros\ACU.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
    O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257287357875
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --
    End of file - 10662 bytes
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    you have Norton & MSE installed & running and thius will slow you rigbt down & casue all sorts of problems

    decide which antivirus you want, uninstall the other one, reboot & you should find things a lot better
     
  4. kiddo8997d7

    kiddo8997d7 Thread Starter

    Joined:
    Feb 14, 2010
    Messages:
    7
    When the problem started I didn't have either Norton or Microsoft Security Essentials on my netbook. I only had McAfee, which had been supplied by Comcast, my ISP. Comcast no longer supplies McAfee, it supplies Norton, so I installed that. It didn't help the problem, so I decided to try the Security Essentials. So I don't think these are the problem. I wish it was something that simple. When Norton was installed, it removed McAfee.
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    MSE & norton together will cause freezes, until we get down to only 1 active antivirus we can't start to look for other causes
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    once you haev uninstalled MSE & rebooted

    then

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  7. kiddo8997d7

    kiddo8997d7 Thread Starter

    Joined:
    Feb 14, 2010
    Messages:
    7
    ComboFix 10-02-16.01 - Nancy Robertson 02/16/2010 14:34:52.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1584 [GMT -6:00]
    Running from: c:\documents and settings\Nancy Robertson\My Documents\Downloads\ComboFix.exe
    AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\recycler\S-1-5-21-723572097-2801298171-3283528345-1003

    ----- BITS: Possible infected sites -----

    hxxp://armmf.adobe.com
    .
    ((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
    .

    2010-02-16 20:24 . 2010-02-14 03:31 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    2010-02-16 17:10 . 2010-02-13 18:06 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVENG.SYS
    2010-02-16 17:10 . 2010-02-13 18:06 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVENG32.DLL
    2010-02-16 17:10 . 2010-02-13 18:06 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVEX32A.DLL
    2010-02-16 17:10 . 2010-02-13 18:06 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\NAVEX15.SYS
    2010-02-16 17:10 . 2010-02-13 18:06 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\EECTRL.SYS
    2010-02-16 17:10 . 2010-02-13 18:06 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\ECMSVR32.DLL
    2010-02-16 17:10 . 2010-02-13 18:06 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\ERASER.SYS
    2010-02-16 17:10 . 2010-02-13 18:06 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100216.005\CCERASER.DLL
    2010-02-15 00:31 . 2010-02-15 00:31 -------- d-----w- c:\documents and settings\Nancy Robertson\Application Data\Uniblue
    2010-02-15 00:31 . 2010-02-15 00:31 -------- d-----w- c:\program files\Uniblue
    2010-02-14 18:20 . 2010-02-14 18:20 -------- d-----w- c:\program files\Trend Micro
    2010-02-14 05:10 . 2010-02-14 05:10 -------- d-----r- c:\program files\Norton Support
    2010-02-14 05:10 . 2010-02-14 05:10 -------- d-----w- c:\documents and settings\Nancy Robertson\Local Settings\Application Data\Symantec
    2010-02-14 04:47 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSvix86.sys
    2010-02-14 04:47 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSXpx86.sys
    2010-02-14 04:47 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\Scxpx86.dll
    2010-02-14 04:47 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSxpx86.dll
    2010-02-14 04:47 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSviA64.sys
    2010-02-14 03:55 . 2010-02-14 03:31 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    2010-02-14 03:32 . 2010-02-14 03:32 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-02-14 03:32 . 2010-02-14 03:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-02-14 03:32 . 2010-02-14 03:49 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-02-14 03:32 . 2010-02-14 04:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-02-14 03:32 . 2010-02-14 03:49 -------- d-----w- c:\program files\Symantec
    2010-02-14 03:32 . 2010-02-14 03:32 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
    2010-02-14 03:32 . 2010-02-14 03:32 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
    2010-02-14 03:31 . 2010-02-14 03:31 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
    2010-02-14 03:30 . 2010-02-14 05:26 -------- d-----w- c:\windows\system32\drivers\N360
    2010-02-14 03:30 . 2010-02-14 03:31 -------- d-----w- c:\program files\Norton Security Suite
    2010-02-14 03:30 . 2010-02-14 03:30 -------- d-----w- c:\program files\Windows Sidebar
    2010-02-14 03:30 . 2010-02-14 03:30 -------- d-----w- c:\program files\NortonInstaller
    2010-02-11 15:13 . 2010-01-14 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-11 12:50 . 2010-02-11 12:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-02-11 12:45 . 2010-02-11 12:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-02-11 06:22 . 2010-02-11 06:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-02-11 05:07 . 2010-02-11 05:07 57720 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-02-09 03:12 . 2010-02-09 03:12 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
    2010-02-09 03:12 . 2010-02-11 06:22 -------- d-s---w- c:\documents and settings\HelpAssistant
    2010-02-07 01:46 . 2010-02-07 01:46 -------- d-----w- c:\documents and settings\Nancy Robertson\Application Data\ParetoLogic
    2010-02-07 01:46 . 2010-02-07 01:46 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-02-07 01:46 . 2010-02-07 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2010-02-07 01:46 . 2010-02-07 01:46 -------- d-----w- c:\program files\ParetoLogic
    2010-02-06 03:21 . 2010-02-06 03:21 -------- d-----w- c:\program files\iPod
    2010-02-06 03:21 . 2010-02-06 03:22 -------- d-----w- c:\program files\iTunes
    2010-02-06 03:02 . 2010-02-06 03:02 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-14 10:05 . 2009-04-06 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-02-14 03:55 . 2009-04-06 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-02-14 03:49 . 2010-02-14 03:32 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-02-14 03:49 . 2010-02-14 03:32 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-02-14 03:32 . 2009-10-17 02:22 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-02-14 03:31 . 2009-10-17 02:22 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-02-14 03:30 . 2009-10-11 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-02-13 05:56 . 2009-10-31 02:25 530 ----a-w- c:\documents and settings\Nancy Robertson\Application Data\wklnhst.dat
    2010-02-11 12:45 . 2009-04-06 19:43 -------- d-----w- c:\program files\Google
    2010-02-11 11:06 . 2009-11-15 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-02-06 03:21 . 2009-10-17 02:17 -------- d-----w- c:\program files\Common Files\Apple
    2010-02-06 03:16 . 2009-10-17 02:19 -------- d-----w- c:\program files\QuickTime
    2010-01-21 14:59 . 2009-04-06 19:41 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-15 04:20 . 2009-10-17 02:22 -------- d-----w- c:\documents and settings\Nancy Robertson\Application Data\Apple Computer
    2010-01-13 15:45 . 2010-01-07 15:56 44544 ----a-w- c:\windows\system32\agremove.exe
    2010-01-11 03:31 . 2010-01-11 03:31 -------- d-----w- c:\documents and settings\Nancy Robertson\Application Data\acccore
    2010-01-11 03:30 . 2010-01-11 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
    2010-01-11 03:30 . 2010-01-11 03:30 -------- d-----w- c:\program files\AIM
    2010-01-11 03:30 . 2010-01-11 03:30 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2010-01-11 03:30 . 2010-01-11 03:30 -------- d-----w- c:\program files\Common Files\AOL
    2010-01-05 10:00 . 2009-04-06 19:48 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00 . 2009-04-06 19:47 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00 . 2009-04-06 19:46 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-12-31 16:50 . 2009-04-06 19:48 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-31 02:09 . 2009-12-31 02:09 -------- d-----w- c:\documents and settings\Nancy Robertson\Application Data\Amazon
    2009-12-31 02:09 . 2009-12-31 02:09 -------- d-----w- c:\program files\Amazon
    2009-12-16 18:43 . 2009-04-06 18:08 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 07:08 . 2009-04-06 19:46 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:26 . 2008-04-14 00:54 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 09:23 . 2009-04-06 19:48 474112 ----a-w- c:\windows\system32\shlwapi(2).dll
    2009-12-04 18:22 . 2009-04-06 19:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-11-27 17:11 . 2009-04-06 19:48 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 16:07 . 2009-04-06 19:47 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07 . 2009-04-06 19:47 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-27 16:07 . 2009-04-06 19:46 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-21 15:51 . 2009-04-06 19:46 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-18 23:08 . 2009-10-11 03:41 70056 ----a-w- c:\documents and settings\Nancy Robertson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-10 18:37 . 2009-10-10 18:37 13 --sh--r- c:\windows\system32\drivers\fbd.sys
    2009-10-10 18:37 . 2009-10-10 18:37 4 --sh--r- c:\windows\system32\drivers\taishop.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-03-26 417792]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-20 83336]
    "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-03 73728]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
    "RTHDCPL"="RTHDCPL.EXE" [2009-03-13 17531392]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
    "TDispVol"="TDispVol.exe" [2009-04-02 210232]
    "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
    "ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
    "TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
    "TPSMain"="TPSMain.exe" [2009-03-17 283960]
    "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
    "TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-16 252288]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-09-11 241664]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2479:TCP"= 2479:TCP:Services
    "9332:TCP"= 9332:TCP:Services
    "4926:TCP"= 4926:TCP:Services
    "3318:TCP"= 3318:TCP:Services
    "3246:TCP"= 3246:TCP:Services

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/13/2010 10:52 PM 310320]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [8/21/2008 11:35 AM 28536]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 11:14 AM 6528]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/13/2010 10:52 PM 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/13/2010 10:52 PM 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSXpx86.sys [2/13/2010 10:47 PM 329592]
    R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2/13/2010 10:51 PM 117640]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 1:22 PM 105856]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 1:15 PM 134016]
    R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [7/4/2009 2:18 AM 48176]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/13/2010 12:06 PM 102448]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 6:45 AM 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/6/2009 1:08 PM 1684736]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [4/6/2009 1:09 PM 164864]
    S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 12:45]

    2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 12:45]

    2010-02-14 c:\windows\Tasks\ParetoLogic Privacy Controls_{0EE8A16E-1945-11DF-B11F-00235AF89DDC}.job
    - c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]

    2010-02-08 c:\windows\Tasks\ParetoLogic Privacy Controls_{A77C9FC2-138A-11DF-B0ED-00235AF89DDC}.job
    - c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]

    2010-02-15 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

    2010-02-07 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Nancy Robertson\Application Data\Mozilla\Firefox\Profiles\5w49gxmp.default\
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-mcmscsvc
    SafeBoot-MCODS



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-16 14:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8672ABC0]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
    \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
    \Driver\atapi -> atapi.sys @ 0xb9f37852
    \Driver\iaStor -> iaStor.sys @ 0xb9e946ae
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    NDIS: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC -> SendCompleteHandler -> 0x866f3330
    PacketIndicateHandler -> NDIS.sys @ 0xb9d08a0d
    SendHandler -> NDIS.sys @ 0xb9d1cb40
    user & kernel MBR OK
    copy of MBR has been found in sector 61 !
    copy of MBR has been found in sector 62 !

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    Completion time: 2010-02-16 14:41:24
    ComboFix-quarantined-files.txt 2010-02-16 20:41

    Pre-Run: 134,655,496,192 bytes free
    Post-Run: 134,661,562,368 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 8E6EDEDE431690A437F7C163923C79DC
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
  9. kiddo8997d7

    kiddo8997d7 Thread Starter

    Joined:
    Feb 14, 2010
    Messages:
    7
    TDSS rootkit removing tool, Kaspersky Lab, 2010
    version 2.2.4 Feb 15 2010 19:38:31

    Scanning Services ...

    Scanning Kernel memory ...

    Completed

    Results:
    Memory objects infected / cured / cured on reboot: 0 / 0 / 0
    Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    File objects infected / cured / cured on reboot: 0 / 0 / 0

    Press any key to continue . . .
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    * Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

    If that won't run then
    Run an online antivirus check from one of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.bitdefender.com/scan8/ie.html
     
  11. kiddo8997d7

    kiddo8997d7 Thread Starter

    Joined:
    Feb 14, 2010
    Messages:
    7
    Scan statistics
    [​IMG]

    Objects scanned: 43618


    [​IMG]

    Threats found: 1


    [​IMG]

    Infected objects found: 2


    [​IMG]

    Suspicious objects found: 0


    [​IMG]

    Scan duration:
    I tried to cut and paste the report, but couldn't. The threat is:
    Backdoor.Win32.Sinowal.ggo and it is in two different places/files
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    well taht doesn't help in the slightest

    without teh locations of the files we can't even start to think about fixing them
     
  13. kiddo8997d7

    kiddo8997d7 Thread Starter

    Joined:
    Feb 14, 2010
    Messages:
    7
    I'm sorry, I should have put the file locations. It took me so many attempts to get the program to run without the computer freezing up.
    C:\Documents and Settings\HelpAssistant\Local Settings\Temp\234.tmpInfected: Backdoor.Win32.Sinowal.ggo1

    C:\Documents and Settings\HelpAssistant\Local Settings\Temp\238.tmpInfected: Backdoor.Win32.Sinowal.ggo1
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    sorry about delay replying

    first

    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    then reboot & then

    lets see what this finds

    Please download Malwarebytes' Anti-Malware to your desktop
    from HERE or HERE

    Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

    Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

    If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
    Once the program has loaded, select Perform quick scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad.
    Please include this log in your next reply.

    It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
    If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
     

    Attached Files:

  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/902943

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice