TechSpot

Task Manager not working all of a sudden

Inactive
By goose165513
Oct 19, 2012
  1. Hey all,

    My name is Chris and im new to this sort of stuff so im a lil iffy on it but I had a friend refer me here so im laying my trust on you guys and gals,

    Anyways,

    Just recently like a day or so ago, my task manager opens but then closes in a blink of an eye,
    I restarted and restarted like crazy and did a system restore but to no avail,

    I ran so many security scans its not funny, I currently am using norton 360, comodo, and spy bot, but I only use one at a time cause I was told that those would eventually "attack" each other and cause problems, but, as of now, due to my issue, I have them all turned on but spybot, yes I ran all scans from all of em but nothing showed anything but cookies,

    I have disabled my Norton 360 anti virus but kept my Norton 360 Firewall up and running,
    Comodo is on paronoid mode cause im tying to see if I catch anything not suppose to be running, so far, the closes I can get to my task manager is my Comodo's task thing, wich I can terminate from there, but I would like my task manager back cause this computer is my baby and its sick.

    any help would greatly be appreciated

    im running Windows 7 premium 32 bit dual amd athlon 2.4 processors with 4.5 gigs of ram (3 usable) and a 9800 GForce NVidia game card


    please help, again my baby is sick and needs a cure


    Thank you,
    Chris




    ---added---
    I havnt downloaded anything in the past week, except photoshop wich I uninstalled, but besides that, all that really happen so far was updates for games and system updates
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. goose165513

    goose165513 TS Rookie Topic Starter

    Thank you and I have done the 5 step process and it seemed to fix it, the malware found 4 things and I got rid of them as told and all is good, but I wont stop till im told its "clean". here are my logs so far
  4. goose165513

    goose165513 TS Rookie Topic Starter

    Here are the results in order of the step process
  5. goose165513

    goose165513 TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000

    www.malwarebytes.org
    Database version: v2012.10.19.06
    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Chris :: SKITTLES [administrator]
    Protection: Enabled
    10/19/2012 4:49:04 AM
    mbam-log-2012-10-19 (04-49-04).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246529
    Time elapsed: 11 minute(s), 42 second(s)
    Memory Processes Detected: 1
    C:\ProgramData\lsass.exe (Trojan.Delf) -> 2768 -> Delete on reboot.
    Memory Modules Detected: 1
    C:\Users\Chris\AppData\Local\Temp\ctfmon.dll (Trojan.Agent.SZ) -> Delete on reboot.
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Users\Chris\AppData\Local\Temp\ctfmon.dll (Trojan.Agent.SZ) -> Delete on reboot.
    C:\ProgramData\lsass.exe (Trojan.Delf) -> Delete on reboot.
    C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.
    (end)
  6. goose165513

    goose165513 TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-19 10:52:37
    Windows 6.1.7600 Harddisk1\DR1 -> \Device\00000068 WDC_WD16 rev.10.0
    Running: ufsurp44.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fwddypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x96439F26]
    SSDT 860B9150 ZwAlertResumeThread
    SSDT 860B9230 ZwAlertThread
    SSDT 860B9BA8 ZwAllocateVirtualMemory
    SSDT 86980D30 ZwAlpcConnectPort
    SSDT 869DC7F8 ZwAssignProcessToJobObject
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x96439286]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x96439B8C]
    SSDT 869DCDA0 ZwCreateMutant
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x96439940]
    SSDT 869DC518 ZwCreateSymbolicLinkObject
    SSDT 869DB870 ZwCreateThread
    SSDT 869DC608 ZwCreateThreadEx
    SSDT 869DC8D8 ZwDebugActiveProcess
    SSDT 860B9D78 ZwDuplicateObject
    SSDT 860B9960 ZwFreeVirtualMemory
    SSDT 869DCE90 ZwImpersonateAnonymousToken
    SSDT 869DCF70 ZwImpersonateThread
    SSDT 8697FB80 ZwLoadDriver
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9643954E]
    SSDT 860B9860 ZwMapViewOfSection
    SSDT 869DCCC0 ZwOpenEvent
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x96439D68]
    SSDT 860B9F38 ZwOpenProcess
    SSDT 860B9C98 ZwOpenProcessToken
    SSDT 869DCB00 ZwOpenSection
    SSDT 860B9E68 ZwOpenThread
    SSDT 869DC708 ZwProtectVirtualMemory
    SSDT 860B9310 ZwResumeThread
    SSDT 860B95B0 ZwSetContextThread
    SSDT 860B9690 ZwSetInformationProcess
    SSDT 869DC9B8 ZwSetSystemInformation
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x964394B8]
    SSDT 869DCBE0 ZwSuspendProcess
    SSDT 860B93F0 ZwSuspendThread
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x964396D4]
    SSDT 860B71C0 ZwTerminateProcess
    SSDT 860B94D0 ZwTerminateThread
    SSDT 860B9780 ZwUnmapViewOfSection
    SSDT 860B9A50 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82C91839 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB63F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 220 82CBDBB0 12 Bytes [26, 9F, 43, 96, 50, 91, 0B, ...]
    .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CBDBCC 4 Bytes [A8, 9B, 0B, 86]
    .text ntkrnlpa.exe!RtlSidHashLookup + 248 82CBDBD8 4 Bytes [30, 0D, 98, 86]
    .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CBDC2C 4 Bytes [F8, C7, 9D, 86]
    .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82CBDC6C 4 Bytes [86, 92, 43, 96]
    .text ...
    ? System32\drivers\qsmwl.sys The system cannot find the path specified. !
    .text autochk.exe 004011D1 42 Bytes [C4, 08, 5D, C3, CC, CC, CC, ...]
    .text autochk.exe 004011FC 5 Bytes [8B, E5, 5D, C2, 08]
    .text autochk.exe 00401202 41 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
    .text autochk.exe 0040122C 5 Bytes [8B, E5, 5D, C2, 08]
    .text autochk.exe 00401232 47 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\Dwm.exe[352] ntdll.dll!NtAlpcSendWaitReceivePort 76F04500 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] ntdll.dll!NtClose 76F045B0 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] ntdll.dll!LdrUnloadDll 76F1BD1F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] ntdll.dll!LdrLoadDll 76F1F425 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] kernel32.dll!CreateProcessW 7697202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] kernel32.dll!CreateProcessA 76972062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] kernel32.dll!CreateProcessAsUserW 769A7A1C 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] GDI32.dll!DeleteDC 766B6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] GDI32.dll!CreateDCA 766B9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] GDI32.dll!CreateDCW 766BBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] GDI32.dll!GetPixel 766BC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[352] ADVAPI32.dll!CreateProcessAsUserA 770914FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!NtAlpcSendWaitReceivePort 76F04500 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!NtClose 76F045B0 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!NtTerminateThread 76F059C0 5 Bytes JMP 0002004C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!LdrUnloadDll 76F1BD1F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!LdrLoadDll 76F1F425 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] kernel32.dll!CreateProcessW 7697202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] kernel32.dll!CreateProcessA 76972062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] kernel32.dll!CreateProcessAsUserW 769A7A1C 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] USER32.dll!RecordShutdownReason + 372 757906EA 7 Bytes JMP 00100930
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!DeleteDC 766B6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!CreateDCA 766B9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!CreateDCW 766BBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!GetPixel 766BC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ADVAPI32.dll!CreateProcessAsUserA 770914FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[380] ntdll.dll!NtAlpcSendWaitReceivePort 76F04500 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[380] ntdll.dll!NtClose 76F045B0 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[380] ntdll.dll!LdrUnloadDll 76F1BD1F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[380] ntdll.dll!LdrLoadDll 76F1F425 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[380] kernel32.dll!CreateProcessW
  7. goose165513

    goose165513 TS Rookie Topic Starter

    Ok well I got the GMER files that I saved to my desktop but for some reason, when I try pasting them here, it freaks out my IE 9, Firefox, and Google Chrome so I will not be posting those at the moment, unless specified, cause it took me forever to post what I got up above.
  8. goose165513

    goose165513 TS Rookie Topic Starter

    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
    Run by Chris at 10:44:47 on 2012-10-19
    #Option MBR scan is disabled.
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1494 [GMT -7:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Common Files\Comodo\launcher_service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\lxdxcoms.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Norton Management\Engine\3.1.0.24\ccSvcHst.exe
    C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Comodo\tvnserver.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton Management\Engine\3.1.0.24\ccSvcHst.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E11XP0RK\ufsurp44.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.1.1.2\ips\IPSBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
    uRun: [AdobeBridge] <no file>
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{001CE504-BD4C-40EA-9F6B-4F59ADD3D00D} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6}\84F4D454D213333323 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6}\D4F69627 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6}\D4F6962713 : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\n0j4s30k.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\battlelog web plugins\1.122.0\npesnlaunch.dll
    FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
    FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\chris\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\chris\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\chris\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2012-09-26 03:02; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\coFFPlgn
    FF - ExtSQL: 2012-09-27 18:29; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\IPSFFPlgn
    .
  9. goose165513

    goose165513 TS Rookie Topic Starter

    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1401010.002\SymDS.sys [2012-9-12 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys [2012-9-12 926880]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
    R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\mclient\0301000.018\ccSetx86.sys [2012-10-18 134304]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys [2012-9-12 134304]
    R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-8-3 35064]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 19600]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-24 242240]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20121018.001\IDSvix86.sys [2012-10-18 386720]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys [2012-9-12 175264]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1401010.002\symnets.sys [2012-9-12 338592]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-8-23 70352]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-19 399432]
    R2 MCLIENT;Norton Management;c:\program files\norton management\engine\3.1.0.24\ccSvcHst.exe [2012-10-18 143928]
    R2 N360;Norton 360;c:\program files\norton 360\engine\20.1.1.2\ccSvcHst.exe [2012-9-12 143928]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-23 1262400]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-19 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-12 2673064]
    R2 tvnserver;TightVNC Server;c:\program files\common files\comodo\tvnserver.exe [2012-1-27 828944]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-12 106656]
    R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500w7.sys [2011-3-29 1092160]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-4 136176]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2012-9-7 94208]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-19 676936]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-21 250808]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-4 136176]
    S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-18 16128]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-19 22856]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-24 113120]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-23 1343400]
    .
  10. goose165513

    goose165513 TS Rookie Topic Starter

    =============== Created Last 30 ================
    .
    2012-10-19 11:47:56 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
    2012-10-19 11:47:23 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-19 11:47:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-19 11:47:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-19 08:32:31 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-10-19 08:32:26 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-10-19 08:32:09 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0501000.01A
    2012-10-19 08:32:09 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
    2012-10-19 08:32:06 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
    2012-10-19 08:11:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-10-19 08:11:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-10-19 08:08:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-10-19 07:47:57 -------- d-----w- c:\users\chris\Adobe Photoshop CS6
    2012-10-19 07:45:29 -------- d-----w- c:\users\chris\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-10-19 07:45:23 -------- d-----w- c:\program files\Adobe Download Assistant
    2012-10-19 06:01:02 -------- d-----w- c:\users\chris\appdata\local\LogMeIn Rescue Applet
    2012-10-19 04:21:36 134304 ----a-r- c:\windows\system32\drivers\mclient\0301000.018\ccSetx86.sys
    2012-10-19 04:21:32 -------- d-----w- c:\windows\system32\drivers\mclient\0301000.018
    2012-10-19 04:21:32 -------- d-----w- c:\windows\system32\drivers\MCLIENT
    2012-10-19 04:21:32 -------- d-----w- c:\program files\Norton Management
    2012-10-19 03:39:08 -------- d-----w- c:\program files\Trion Worlds
    2012-10-15 23:36:02 -------- d-----w- c:\users\chris\appdata\roaming\RealNetworks
    2012-10-15 08:19:04 -------- d-----w- c:\users\chris\The.Elder.Scrolls.V.Skyrim.Hearthfire.DLC-RELOADED
    2012-10-10 10:41:04 -------- d-----w- c:\windows\system32\apigidsys
    2012-10-10 10:41:04 -------- d-----w- c:\program files\Zabaware
    2012-10-10 10:40:52 -------- d-----w- c:\windows\msagent
    2012-10-10 10:40:33 413696 ----a-w- c:\windows\system32\hapapi2.dll
    2012-10-10 10:40:33 -------- d-----w- c:\program files\Haptek
    2012-10-10 10:40:26 -------- d-----w- c:\windows\lhsp
    2012-10-10 04:33:54 1157632 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 04:33:53 139264 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 04:33:53 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 04:33:39 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-10-10 04:33:38 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-07 02:21:53 -------- d-----w- C:\end of nation
    2012-10-07 01:36:14 -------- d-----w- c:\program files\End of Nations Beta
    2012-10-07 01:17:31 -------- d-----w- c:\users\chris\appdata\roaming\EoN
    2012-10-07 00:10:28 -------- d-----w- c:\users\chris\appdata\roaming\test
    2012-10-05 06:24:03 -------- d-----w- c:\users\chris\appdata\local\Adobe
    2012-09-30 09:15:04 -------- d-----w- c:\users\chris\[ www.Torrenting.com ] - The.Avengers.2012.DVDRip.XviD-NYDIC
    2012-09-26 12:57:33 -------- d-----w- C:\Perfect World Entertainment
    2012-09-26 12:48:51 258352 ----a-w- c:\windows\system32\unicows.dll
    2012-09-26 11:24:55 -------- d-----w- c:\users\chris\appdata\local\PMB Files
    2012-09-26 11:24:53 -------- d-----w- c:\programdata\PMB Files
    2012-09-23 12:22:15 -------- d-----w- c:\users\chris\appdata\roaming\TeamViewer
    2012-09-23 08:53:22 -------- d-----w- c:\users\chris\appdata\roaming\Subversion
    2012-09-23 08:51:58 -------- d--h--w- c:\windows\msdownld.tmp
    2012-09-23 08:51:55 -------- d-----w- c:\windows\system32\directx
    2012-09-22 10:01:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
    2012-09-22 10:01:56 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
    2012-09-22 10:01:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    .
    ==================== Find3M ====================
    .
    2012-10-09 10:06:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-09 10:06:53 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-12 08:34:11 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-24 17:10:47 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-23 13:40:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-08-23 13:40:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-23 13:40:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-20 04:36:08 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-08-20 04:36:01 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-08-20 04:36:01 270408 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-08-19 09:59:02 270408 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-16 23:00:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2012-08-11 01:26:42 585888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys
    2012-08-10 23:54:04 541184 ----a-w- c:\windows\system32\kerberos.dll
    2012-08-08 05:18:19 926880 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys
    2012-08-07 18:42:43 134304 ----a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys
    2012-08-03 17:23:28 35064 ----a-w- c:\windows\system32\drivers\CFRMD.sys
    2012-08-03 17:23:28 35064 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
    2012-08-02 17:05:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-01 08:15:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-07-28 09:54:00 321472 ----a-w- c:\windows\WLXPGSS.SCR
    2012-07-28 03:25:32 368288 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys
    2012-07-28 03:05:21 175264 ----a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys
    2012-07-27 02:08:06 862664 ----a-w- c:\windows\system32\msvcr110.dll
    2012-07-27 02:08:06 534480 ----a-w- c:\windows\system32\msvcp110.dll
    2012-07-27 02:08:06 251864 ----a-w- c:\windows\system32\vccorlib110.dll
    2012-07-27 02:08:06 153536 ----a-w- c:\windows\system32\atl110.dll
    2012-07-27 02:08:06 115656 ----a-w- c:\windows\system32\vcomp110.dll
    2012-07-26 07:55:31 447752 ----a-w- c:\windows\system32\vp6vfw.dll
    2012-07-24 08:27:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-07-24 04:51:34 1523688 ----a-w- c:\users\chris\SetupVirtualCloneDrive5425.exe
    2012-07-23 01:34:24 338592 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys
    2012-07-22 11:48:37 138056 ----a-w- c:\users\chris\appdata\roaming\PnkBstrK.sys
    2012-07-22 04:40:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-07-22 04:40:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2012-07-22 04:40:38 1060864 ----a-w- c:\windows\system32\mfc71.dll
    2012-07-22 04:36:11 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2012-07-22 04:36:10 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
    2012-07-22 04:36:10 3874816 ----a-w- c:\windows\system32\bcmihvsrv.dll
    2012-07-22 04:36:10 3563520 ----a-w- c:\windows\system32\bcmihvui.dll
    2012-07-22 04:36:10 1092160 ----a-w- c:\windows\system32\drivers\AE2500w7.sys
    .
    ============= FINISH: 10:46:07.37 ===============
  11. goose165513

    goose165513 TS Rookie Topic Starter

    # AdwCleaner v2.005 - Logfile created 10/19/2012 at 11:12:33
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Ultimate (32 bits)
    # User : Chris - SKITTLES
    # Boot Mode : Normal
    # Running from : C:\Users\Chris\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKU\S-1-5-21-2036971334-3385096700-2234828222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n0j4s30k.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1327 octets] - [19/10/2012 11:12:02]
    AdwCleaner[R2].txt - [1258 octets] - [19/10/2012 11:12:33]

    ########## EOF - C:\AdwCleaner[R2].txt - [1318 octets] ##########
     
  12. goose165513

    goose165513 TS Rookie Topic Starter

    This is all that I have for you, again sorry for the Gmer logs. my computer is having issues pasting them
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's fine. Good job...
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  14. goose165513

    goose165513 TS Rookie Topic Starter

    I have attached it to this post as instructed, all it found was two unsigned files wish were skipped,

    Attached Files:

  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Do the deletions in AdwCleaner?

    Download OTL.exe by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Run Scan and let the program run uninterrupted.
    • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
    • You may need to use two posts to get it all.
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.