Inactive Task Manager not working all of a sudden

G

goose165513

Posts: 13   +0
Hey all,

My name is Chris and im new to this sort of stuff so im a lil iffy on it but I had a friend refer me here so im laying my trust on you guys and gals,

Anyways,

Just recently like a day or so ago, my task manager opens but then closes in a blink of an eye,
I restarted and restarted like crazy and did a system restore but to no avail,

I ran so many security scans its not funny, I currently am using norton 360, comodo, and spy bot, but I only use one at a time cause I was told that those would eventually "attack" each other and cause problems, but, as of now, due to my issue, I have them all turned on but spybot, yes I ran all scans from all of em but nothing showed anything but cookies,

I have disabled my Norton 360 anti virus but kept my Norton 360 Firewall up and running,
Comodo is on paronoid mode cause im tying to see if I catch anything not suppose to be running, so far, the closes I can get to my task manager is my Comodo's task thing, wich I can terminate from there, but I would like my task manager back cause this computer is my baby and its sick.

any help would greatly be appreciated

im running Windows 7 premium 32 bit dual amd athlon 2.4 processors with 4.5 gigs of ram (3 usable) and a 9800 GForce NVidia game card


please help, again my baby is sick and needs a cure


Thank you,
Chris




---added---
I havnt downloaded anything in the past week, except photoshop wich I uninstalled, but besides that, all that really happen so far was updates for games and system updates
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Thank you and I have done the 5 step process and it seemed to fix it, the malware found 4 things and I got rid of them as told and all is good, but I wont stop till im told its "clean". here are my logs so far
 
Malwarebytes Anti-Malware (Trial) 1.65.1.1000

Database version: v2012.10.19.06
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: SKITTLES [administrator]
Protection: Enabled
10/19/2012 4:49:04 AM
mbam-log-2012-10-19 (04-49-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246529
Time elapsed: 11 minute(s), 42 second(s)
Memory Processes Detected: 1
C:\ProgramData\lsass.exe (Trojan.Delf) -> 2768 -> Delete on reboot.
Memory Modules Detected: 1
C:\Users\Chris\AppData\Local\Temp\ctfmon.dll (Trojan.Agent.SZ) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Chris\AppData\Local\Temp\ctfmon.dll (Trojan.Agent.SZ) -> Delete on reboot.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Delete on reboot.
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.
(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-19 10:52:37
Windows 6.1.7600 Harddisk1\DR1 -> \Device\00000068 WDC_WD16 rev.10.0
Running: ufsurp44.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fwddypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x96439F26]
SSDT 860B9150 ZwAlertResumeThread
SSDT 860B9230 ZwAlertThread
SSDT 860B9BA8 ZwAllocateVirtualMemory
SSDT 86980D30 ZwAlpcConnectPort
SSDT 869DC7F8 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x96439286]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x96439B8C]
SSDT 869DCDA0 ZwCreateMutant
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x96439940]
SSDT 869DC518 ZwCreateSymbolicLinkObject
SSDT 869DB870 ZwCreateThread
SSDT 869DC608 ZwCreateThreadEx
SSDT 869DC8D8 ZwDebugActiveProcess
SSDT 860B9D78 ZwDuplicateObject
SSDT 860B9960 ZwFreeVirtualMemory
SSDT 869DCE90 ZwImpersonateAnonymousToken
SSDT 869DCF70 ZwImpersonateThread
SSDT 8697FB80 ZwLoadDriver
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9643954E]
SSDT 860B9860 ZwMapViewOfSection
SSDT 869DCCC0 ZwOpenEvent
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x96439D68]
SSDT 860B9F38 ZwOpenProcess
SSDT 860B9C98 ZwOpenProcessToken
SSDT 869DCB00 ZwOpenSection
SSDT 860B9E68 ZwOpenThread
SSDT 869DC708 ZwProtectVirtualMemory
SSDT 860B9310 ZwResumeThread
SSDT 860B95B0 ZwSetContextThread
SSDT 860B9690 ZwSetInformationProcess
SSDT 869DC9B8 ZwSetSystemInformation
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x964394B8]
SSDT 869DCBE0 ZwSuspendProcess
SSDT 860B93F0 ZwSuspendThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x964396D4]
SSDT 860B71C0 ZwTerminateProcess
SSDT 860B94D0 ZwTerminateThread
SSDT 860B9780 ZwUnmapViewOfSection
SSDT 860B9A50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82C91839 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB63F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82CBDBB0 12 Bytes [26, 9F, 43, 96, 50, 91, 0B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CBDBCC 4 Bytes [A8, 9B, 0B, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82CBDBD8 4 Bytes [30, 0D, 98, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CBDC2C 4 Bytes [F8, C7, 9D, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82CBDC6C 4 Bytes [86, 92, 43, 96]
.text ...
? System32\drivers\qsmwl.sys The system cannot find the path specified. !
.text autochk.exe 004011D1 42 Bytes [C4, 08, 5D, C3, CC, CC, CC, ...]
.text autochk.exe 004011FC 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401202 41 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text autochk.exe 0040122C 5 Bytes [8B, E5, 5D, C2, 08]
.text autochk.exe 00401232 47 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\Dwm.exe[352] ntdll.dll!NtAlpcSendWaitReceivePort 76F04500 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] ntdll.dll!NtClose 76F045B0 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] ntdll.dll!LdrUnloadDll 76F1BD1F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] ntdll.dll!LdrLoadDll 76F1F425 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] kernel32.dll!CreateProcessW 7697202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] kernel32.dll!CreateProcessA 76972062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] kernel32.dll!CreateProcessAsUserW 769A7A1C 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] GDI32.dll!DeleteDC 766B6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] GDI32.dll!CreateDCA 766B9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] GDI32.dll!CreateDCW 766BBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] GDI32.dll!GetPixel 766BC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[352] ADVAPI32.dll!CreateProcessAsUserA 770914FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!NtAlpcSendWaitReceivePort 76F04500 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!NtClose 76F045B0 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!NtTerminateThread 76F059C0 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!LdrUnloadDll 76F1BD1F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ntdll.dll!LdrLoadDll 76F1F425 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] kernel32.dll!CreateProcessW 7697202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] kernel32.dll!CreateProcessA 76972062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] kernel32.dll!CreateProcessAsUserW 769A7A1C 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] USER32.dll!RecordShutdownReason + 372 757906EA 7 Bytes JMP 00100930
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!DeleteDC 766B6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!CreateDCA 766B9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!CreateDCW 766BBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] GDI32.dll!GetPixel 766BC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[372] ADVAPI32.dll!CreateProcessAsUserA 770914FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[380] ntdll.dll!NtAlpcSendWaitReceivePort 76F04500 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[380] ntdll.dll!NtClose 76F045B0 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[380] ntdll.dll!LdrUnloadDll 76F1BD1F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[380] ntdll.dll!LdrLoadDll 76F1F425 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[380] kernel32.dll!CreateProcessW
 
Ok well I got the GMER files that I saved to my desktop but for some reason, when I try pasting them here, it freaks out my IE 9, Firefox, and Google Chrome so I will not be posting those at the moment, unless specified, cause it took me forever to post what I got up above.
 
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Chris at 10:44:47 on 2012-10-19
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1494 [GMT -7:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\lxdxcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Norton Management\Engine\3.1.0.24\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Comodo\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Management\Engine\3.1.0.24\ccSvcHst.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E11XP0RK\ufsurp44.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.1.1.2\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [AdobeBridge] <no file>
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{001CE504-BD4C-40EA-9F6B-4F59ADD3D00D} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6}\84F4D454D213333323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6}\D4F69627 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{37C0C739-02A8-4154-BA31-54E24D1BD1F6}\D4F6962713 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\n0j4s30k.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.122.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\chris\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-09-26 03:02; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\coFFPlgn
FF - ExtSQL: 2012-09-27 18:29; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\IPSFFPlgn
.
 
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1401010.002\SymDS.sys [2012-9-12 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys [2012-9-12 926880]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\mclient\0301000.018\ccSetx86.sys [2012-10-18 134304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys [2012-9-12 134304]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-8-3 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-3-11 19600]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-24 242240]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20121018.001\IDSvix86.sys [2012-10-18 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys [2012-9-12 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1401010.002\symnets.sys [2012-9-12 338592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-8-23 70352]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-19 399432]
R2 MCLIENT;Norton Management;c:\program files\norton management\engine\3.1.0.24\ccSvcHst.exe [2012-10-18 143928]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.1.1.2\ccSvcHst.exe [2012-9-12 143928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-23 1262400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-19 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-12 2673064]
R2 tvnserver;TightVNC Server;c:\program files\common files\comodo\tvnserver.exe [2012-1-27 828944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-12 106656]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500w7.sys [2011-3-29 1092160]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-4 136176]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2012-9-7 94208]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-19 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-21 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-4 136176]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-18 16128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-19 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-24 113120]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-23 1343400]
.
 
=============== Created Last 30 ================
.
2012-10-19 11:47:56 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2012-10-19 11:47:23 -------- d-----w- c:\programdata\Malwarebytes
2012-10-19 11:47:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-19 11:47:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-19 08:32:31 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-19 08:32:26 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-10-19 08:32:09 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0501000.01A
2012-10-19 08:32:09 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-10-19 08:32:06 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-10-19 08:11:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-19 08:11:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-19 08:08:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-10-19 07:47:57 -------- d-----w- c:\users\chris\Adobe Photoshop CS6
2012-10-19 07:45:29 -------- d-----w- c:\users\chris\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-10-19 07:45:23 -------- d-----w- c:\program files\Adobe Download Assistant
2012-10-19 06:01:02 -------- d-----w- c:\users\chris\appdata\local\LogMeIn Rescue Applet
2012-10-19 04:21:36 134304 ----a-r- c:\windows\system32\drivers\mclient\0301000.018\ccSetx86.sys
2012-10-19 04:21:32 -------- d-----w- c:\windows\system32\drivers\mclient\0301000.018
2012-10-19 04:21:32 -------- d-----w- c:\windows\system32\drivers\MCLIENT
2012-10-19 04:21:32 -------- d-----w- c:\program files\Norton Management
2012-10-19 03:39:08 -------- d-----w- c:\program files\Trion Worlds
2012-10-15 23:36:02 -------- d-----w- c:\users\chris\appdata\roaming\RealNetworks
2012-10-15 08:19:04 -------- d-----w- c:\users\chris\The.Elder.Scrolls.V.Skyrim.Hearthfire.DLC-RELOADED
2012-10-10 10:41:04 -------- d-----w- c:\windows\system32\apigidsys
2012-10-10 10:41:04 -------- d-----w- c:\program files\Zabaware
2012-10-10 10:40:52 -------- d-----w- c:\windows\msagent
2012-10-10 10:40:33 413696 ----a-w- c:\windows\system32\hapapi2.dll
2012-10-10 10:40:33 -------- d-----w- c:\program files\Haptek
2012-10-10 10:40:26 -------- d-----w- c:\windows\lhsp
2012-10-10 04:33:54 1157632 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 04:33:53 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 04:33:53 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 04:33:39 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 04:33:38 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-07 02:21:53 -------- d-----w- C:\end of nation
2012-10-07 01:36:14 -------- d-----w- c:\program files\End of Nations Beta
2012-10-07 01:17:31 -------- d-----w- c:\users\chris\appdata\roaming\EoN
2012-10-07 00:10:28 -------- d-----w- c:\users\chris\appdata\roaming\test
2012-10-05 06:24:03 -------- d-----w- c:\users\chris\appdata\local\Adobe
2012-09-30 09:15:04 -------- d-----w- c:\users\chris\[ www.Torrenting.com ] - The.Avengers.2012.DVDRip.XviD-NYDIC
2012-09-26 12:57:33 -------- d-----w- C:\Perfect World Entertainment
2012-09-26 12:48:51 258352 ----a-w- c:\windows\system32\unicows.dll
2012-09-26 11:24:55 -------- d-----w- c:\users\chris\appdata\local\PMB Files
2012-09-26 11:24:53 -------- d-----w- c:\programdata\PMB Files
2012-09-23 12:22:15 -------- d-----w- c:\users\chris\appdata\roaming\TeamViewer
2012-09-23 08:53:22 -------- d-----w- c:\users\chris\appdata\roaming\Subversion
2012-09-23 08:51:58 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-23 08:51:55 -------- d-----w- c:\windows\system32\directx
2012-09-22 10:01:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-09-22 10:01:56 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-09-22 10:01:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
==================== Find3M ====================
.
2012-10-09 10:06:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:06:53 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-12 08:34:11 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 17:10:47 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-23 13:40:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-23 13:40:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-23 13:40:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-20 04:36:08 138536 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-20 04:36:01 270408 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-20 04:36:01 270408 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-19 09:59:02 270408 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-16 23:00:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-11 01:26:42 585888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys
2012-08-10 23:54:04 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-08-08 05:18:19 926880 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys
2012-08-07 18:42:43 134304 ----a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys
2012-08-03 17:23:28 35064 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-08-03 17:23:28 35064 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
2012-08-02 17:05:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-01 08:15:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-28 09:54:00 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-28 03:25:32 368288 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys
2012-07-28 03:05:21 175264 ----a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys
2012-07-27 02:08:06 862664 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-27 02:08:06 534480 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-27 02:08:06 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-27 02:08:06 153536 ----a-w- c:\windows\system32\atl110.dll
2012-07-27 02:08:06 115656 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 07:55:31 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2012-07-24 08:27:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-24 04:51:34 1523688 ----a-w- c:\users\chris\SetupVirtualCloneDrive5425.exe
2012-07-23 01:34:24 338592 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys
2012-07-22 11:48:37 138056 ----a-w- c:\users\chris\appdata\roaming\PnkBstrK.sys
2012-07-22 04:40:38 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-22 04:40:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-07-22 04:40:38 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-22 04:36:11 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-22 04:36:10 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-07-22 04:36:10 3874816 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-07-22 04:36:10 3563520 ----a-w- c:\windows\system32\bcmihvui.dll
2012-07-22 04:36:10 1092160 ----a-w- c:\windows\system32\drivers\AE2500w7.sys
.
============= FINISH: 10:46:07.37 ===============
 
# AdwCleaner v2.005 - Logfile created 10/19/2012 at 11:12:33
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Chris - SKITTLES
# Boot Mode : Normal
# Running from : C:\Users\Chris\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-2036971334-3385096700-2234828222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n0j4s30k.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1327 octets] - [19/10/2012 11:12:02]
AdwCleaner[R2].txt - [1258 octets] - [19/10/2012 11:12:33]

########## EOF - C:\AdwCleaner[R2].txt - [1318 octets] ##########
 
That's fine. Good job...
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
I have attached it to this post as instructed, all it found was two unsigned files wish were skipped,
 

Attachments

  • TDSSKiller.2.8.13.0_20.10.2012_13.14.19_log.txt
    136.5 KB · Views: 1
Do the deletions in AdwCleaner?

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.
 
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.
 
You must log in or register to reply here.

Similar threads

pcnthuziast
W11 start menu bug
Replies
0
Views
400
pcnthuziast
pcnthuziast
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
H
Legion 5 15ARH05H Type-C Video Output Stopped Working
Replies
0
Views
389
Hal19
H

Latest posts

Back