Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Please help cant remove spyware

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
caseyd
Newbie


Joined: 10 Jan 2012
Last Visit: 14 Feb 2012
Posts: 8

PostPosted: Fri Feb 10, 2012 8:49 am    Post subject: Please help cant remove spyware Reply with quote

It seems i have astro burn and every time i open a website it has errors on page. not sure what is going on and im pretty new at this. i have these 2 logs and if you need any other info. let me know. any help is appreciated


here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:17 AM, on 2/10/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: FastestIE BHO - {54404F81-99CC-4FD3-9D29-92689B86C2CC} - C:\Program Files (x86)\FastestIE\FastestIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O2 - BHO: Somoto Toolbar - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Somoto Toolbar - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [iBryte Desktop Uninstall] cmd /C rd /Q /S "C:\Program Files (x86)\iBryte"
O4 - HKLM\..\RunOnce: [iBryte Data Uninstall] cmd /C rd /Q /S "C:\Users\casdefrang\AppData\LocalLow\iBryte"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {44D32BD3-31DA-4FD4-A0F4-B4782652B97B} - C:\Program Files (x86)\FastestIE\FastestIE.dll
O9 - Extra 'Tools' menuitem: FastestIE Options - {44D32BD3-31DA-4FD4-A0F4-B4782652B97B} - C:\Program Files (x86)\FastestIE\FastestIE.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10124 bytes





and my aswmbr log

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 08:34:48
-----------------------------
08:34:48.447 OS Version: Windows x64 6.1.7600
08:34:48.447 Number of processors: 2 586 0x602
08:34:48.463 ComputerName: CASEYDEFRANG UserName: casdefrang
08:34:53.361 Initialize success
08:35:01.724 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
08:35:01.724 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
08:35:01.740 Disk 0 MBR read successfully
08:35:01.740 Disk 0 MBR scan
08:35:01.740 Disk 0 Windows 7 default MBR code
08:35:01.755 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
08:35:01.755 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
08:35:01.771 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593994 MB offset 33761280
08:35:01.771 Service scanning
08:35:04.080 Modules scanning
08:35:04.095 Disk 0 trace - called modules:
08:35:04.111 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
08:35:04.127 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003300410]
08:35:04.127 3 CLASSPNP.SYS[fffff880015b643f] -> nt!IofCallDriver -> [0xfffffa8002d76280]
08:35:04.142 5 ACPI.sys[fffff88000eab781] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8002d73060]
08:35:04.158 Scan finished successfully
08:35:57.853 Disk 0 MBR has been saved successfully to "C:\Users\casdefrang\Desktop\MBR.dat"
08:35:57.853 The log file has been saved successfully to "C:\Users\casdefrang\Desktop\aswMBR log.txt"
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Sat Feb 11, 2012 12:29 am    Post subject: Reply with quote

Hi caseyd,

Firstly, welcome to the Spyware Warrior Forum. Smile
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !

  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic Help with Spyware Removal Forum Guidelines (PLEASE READ) where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator

Quote:
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. Smile
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Sat Feb 11, 2012 1:20 am    Post subject: Reply with quote

Hi caseyd,

Thank you again for your patience. Smile

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
HijackThis - Notice

Please Note: HijackThis is not a tool that should ever be used with 64-bit systems as it is incompatible given that it is unable to read 64-bit Registry Entries correctly and therefore provides misleading results. In addition, the tool no longer provides sufficient detail in order to effectively analyse the current status of a system and is why helpers ask for alternative scanning tools to be used.

Please also note that you were advised by Gary R in answer to your previous thread to read the Help with Spyware removal Forum Guidelines (PLEASE READ) topic and to post the DDS logs needed to help.

I would therefore be grateful, in taking on this thread to help you, that you make sure you read and understand each set of instructions and ask any questions you may have before proceeding.

Step 2:
Advisory - P2P Software Present!

IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
    BitTorrent
As long as you have the P2P program(s) installed, as per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program please indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double-click on Programs and Features.
  2. Locate the following program:

      BitTorrent

  3. Click on the Change/Remove button to uninstall it.
    Repeat instructions 2 and 3 for any other P2P programs you may have installed.
  4. When the program(s) have been uninstalled Close the Programs and Features and Control Panel windows.
Please Note:
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself, may be safe but the files may not. Therefore use P2P software at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

Reference citing risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 3:
DDS

Note: Disable any script blocking software you have running before running DDS.
  1. Please download DDS by sUBs. Save it to your Desktop.
    Alternate download link: here.
  2. Right-click on the DDS desktop icon and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. A black screen will open. Read the contents but do nothing.
  4. When DDS finishes Notepad will open two reports ... DDS.txt and Attach.txt
    The two report files are not saved anywhere. If you close Notepad before copying and pasting the contents, you will need to run DDS again.
  5. Copy and Paste the contents of both the DDS.txt and Attach.txt reports into your next reply.
Step 4:
Include in Next Post
  1. Did you have any problems carrying out the instructions?
  2. DDS.txt.
  3. Attach.txt.
  4. Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
caseyd
Newbie


Joined: 10 Jan 2012
Last Visit: 14 Feb 2012
Posts: 8

PostPosted: Sat Feb 11, 2012 8:09 am    Post subject: Reply with quote

Thank you for your help i really appreciate it!!!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by casdefrang at 8:05:19 on 2012-02-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1193 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = astroburn-search.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
mSearchAssistant =
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: FastestIE: {54404f81-99cc-4fd3-9d29-92689b86c2cc} - C:\Program Files (x86)\FastestIE\FastestIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [AdobeBridge]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {44D32BD3-31DA-4FD4-A0F4-B4782652B97B} - {C0CDA7E4-1369-4FA6-A679-546B34783099} - C:\Program Files (x86)\FastestIE\FastestIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{58B74DC8-4133-47C1-8874-FD637D0D96BF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D6EFBC3-AD5C-4371-B2E1-5A284F6846D1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D6EFBC3-AD5C-4371-B2E1-5A284F6846D1}\74B4546445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{706C886C-4FAF-45D6-B891-850624129008} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{90316F32-E7DD-4DCA-82F9-7D19ADC12594} : DhcpNameServer = 192.168.1.1
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: FastestIE: {54404F81-99CC-4FD3-9D29-92689B86C2CC} - C:\Program Files (x86)\FastestIE\FastestIE.dll
BHO-X64: FastestIE BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO-X64: RewardsArcadeSuite - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20120209.002\IDSviA64.sys [2012-2-9 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-12 126400]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-6-10 243232]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-02-10 16:43:57 388096 ----a-r- C:\Users\casdefrang\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-10 16:43:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-10 16:26:40 -------- d-----w- C:\Program Files (x86)\Special Uninstaller
2012-02-10 16:07:41 -------- d-----w- C:\Program Files\Perfect Uninstaller
2012-02-05 20:20:19 -------- d-----w- C:\Users\casdefrang\AppData\Roaming\Applian FLV and Media Player
2012-02-05 20:18:19 -------- d-----w- C:\Program Files (x86)\Applian Technologies
2012-02-05 20:18:01 -------- d-----w- C:\Users\casdefrang\AppData\Local\RewardsArcadeSuite
2012-02-05 20:18:00 -------- d-----w- C:\Program Files (x86)\RewardsArcadeSuite
2012-02-05 17:50:49 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-05 17:50:37 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-05 17:50:27 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-05 17:50:19 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-03 16:34:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-29 21:32:20 -------- d-----w- C:\Users\casdefrang\AppData\Roaming\DAEMON Tools Lite
2012-01-29 21:32:18 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-01-29 20:09:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-29 20:09:01 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-01-20 18:58:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-23 03:42:46 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 8:06:11.03 ===============
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Sat Feb 11, 2012 3:23 pm    Post subject: Reply with quote

Hi caseyd,
caseyd wrote:
Thank you for your help i really appreciate it!!!
You're welcome. Smile

However, please make sure you read the instructions given carefully.

I also requested to see the contents of the Attach.txt log file also produced by the DDS tool.

Note: If you closed the log files without saving them you will need to re-run the DDS step and then post the contents of both of the log files produced: DDS.txt and Attach.txt

Please also remember to answer any questions asked in the Include in Next Post section. Wink

Include in Next Post
  1. Did you have any problems carrying out the instructions?
  2. DDS.txt.
  3. Attach.txt.
  4. Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
caseyd
Newbie


Joined: 10 Jan 2012
Last Visit: 14 Feb 2012
Posts: 8

PostPosted: Sat Feb 11, 2012 7:24 pm    Post subject: Reply with quote

okay sorry i thought they were posted in the same txt file not individual ones.


here is the attach.txt.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/28/2011 10:43:26 PM
System Uptime: 2/11/2012 7:11:27 PM (0 hours ago)
.
Motherboard: eMachines | | ET1352
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 429.129 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP126: 2/5/2012 9:11:48 PM - Device Driver Package Install: Sony
RP127: 2/5/2012 9:12:23 PM - Device Driver Package Install: Sony
RP128: 2/5/2012 9:13:26 PM - Device Driver Package Install: JJS Display adapters
RP129: 2/10/2012 8:22:09 AM - Removed WeatherBug
RP130: 2/10/2012 8:43:34 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader X (10.1.2)
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Advertising Center
Applian FLV and Media Player 3.1.1.12
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Build-a-lot 2
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.1
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
CyberLink PowerDVD 9
Ease Audio Converter 5.30
eMachines Game Console
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Enolsoft Video Converter
Escape Rosecliff Island
Express Zip File Compression Software
Faerie Solitaire
FastestIE
FATE - The Traitor Soul
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0716
HiJackThis
Hotkey Utility
Identity Card
ImagXpress
IMinent Toolbar
Java Auto Updater
Java(TM) 6 Update 30
Jewel Quest Solitaire 3
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft Choice Guard
Microsoft Halo
Microsoft Halo Trial
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Monopoly
Movavi Video Converter 11
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
NCH FileBulldog Toolbar
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Internet Security
Norton Online Backup
NVIDIA ForceWare Network Access Manager
PDF Reader
Penguins!
Photoshop Camera Raw
Pixel Bender Toolkit
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
RewardsArcadeSuite
Scrabble Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Special Uninstaller version 2.0
Suite Shared Configuration CS4
The Price is Right
TMPGEnc 4.0 XPress Trial Version
TMPGEnc Video Mastering Works 5 Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Villagers - A New Home
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
WinRAR 4.01 (32-bit)
Yahoo! Software Update
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/4/2012 6:56:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
2/10/2012 8:53:45 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
2/10/2012 8:17:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user caseydefrang\casdefrang SID (S-1-5-21-2395918177-3537977205-1141239769-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/10/2012 5:42:02 AM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: Sync Error Processor ID: 0 The details view of this entry contains further information.
.
==== End Of File ===========================


and again the DDS.txt.


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by casdefrang at 19:16:00 on 2012-02-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1690 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = astroburn-search.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352&r=173601114403p0444v1l5r4741t232
mSearchAssistant =
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: FastestIE: {54404f81-99cc-4fd3-9d29-92689b86c2cc} - C:\Program Files (x86)\FastestIE\FastestIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [AdobeBridge]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {44D32BD3-31DA-4FD4-A0F4-B4782652B97B} - {C0CDA7E4-1369-4FA6-A679-546B34783099} - C:\Program Files (x86)\FastestIE\FastestIE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{58B74DC8-4133-47C1-8874-FD637D0D96BF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D6EFBC3-AD5C-4371-B2E1-5A284F6846D1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D6EFBC3-AD5C-4371-B2E1-5A284F6846D1}\74B4546445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{706C886C-4FAF-45D6-B891-850624129008} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{90316F32-E7DD-4DCA-82F9-7D19ADC12594} : DhcpNameServer = 192.168.1.1
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: FastestIE: {54404F81-99CC-4FD3-9D29-92689B86C2CC} - C:\Program Files (x86)\FastestIE\FastestIE.dll
BHO-X64: FastestIE BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: RewardsArcadeSuite: {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll
BHO-X64: RewardsArcadeSuite - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-11 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-12 126400]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-6-10 243232]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-02-10 16:43:57 388096 ----a-r- C:\Users\casdefrang\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-10 16:43:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-10 16:26:40 -------- d-----w- C:\Program Files (x86)\Special Uninstaller
2012-02-10 16:07:41 -------- d-----w- C:\Program Files\Perfect Uninstaller
2012-02-05 20:20:19 -------- d-----w- C:\Users\casdefrang\AppData\Roaming\Applian FLV and Media Player
2012-02-05 20:18:19 -------- d-----w- C:\Program Files (x86)\Applian Technologies
2012-02-05 20:18:01 -------- d-----w- C:\Users\casdefrang\AppData\Local\RewardsArcadeSuite
2012-02-05 20:18:00 -------- d-----w- C:\Program Files (x86)\RewardsArcadeSuite
2012-02-05 17:50:49 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-05 17:50:37 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-05 17:50:27 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-05 17:50:19 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-03 16:34:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-29 21:32:20 -------- d-----w- C:\Users\casdefrang\AppData\Roaming\DAEMON Tools Lite
2012-01-29 21:32:18 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-01-29 20:09:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-29 20:09:01 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-01-20 18:58:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-23 03:42:46 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:17:07.36 ===============

sorry if you need anything else just let me know
Back to top
View user's profile Send private message
caseyd
Newbie


Joined: 10 Jan 2012
Last Visit: 14 Feb 2012
Posts: 8

PostPosted: Sat Feb 11, 2012 7:29 pm    Post subject: Reply with quote

Do you have the original Windows installation media for your PC?

I believe i do.
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Sun Feb 12, 2012 10:43 am    Post subject: Reply with quote

Hi caseyd,

Thank you for the logs and feedback. Big Thumb Up

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
MGA Diagnostics
  1. Please download this tool from Microsoft and Save it to your Desktop.
  2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Click on the Continue button to proceed.
  4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
  5. When it has finished click on the Copy button.
  6. Click on Start and then click on the Start Search box in the Start Menu.
  7. Copy and Paste the following value into the open text entry box:
      notepad
  8. Then click on the magnifying glass symbol or press Enter.
  9. This will open an empty Notepad file.
  10. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
  11. Click on the OK button to exit the MGA Diagnostics program.
  12. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.
Step 2:
CKScanner
  1. Please download CKScanner and Save it to your Desktop.
    Make sure that CKScanner.exe is on your Desktop before running the application!
  2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Then click on the Search For Files button.
  4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
    A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
    Note: Please run the program ONCE only.
  5. Click on the Exit button to close the program.
  6. Double-click on the ckfiles.txt file to open it.
  7. Then Copy and Paste the entire contents of the file into your next reply.
Step 3:
Security Check
  1. Please download Security Check by screen317 and Save it to your Desktop.
    Alternate download site: Link 2
  2. Right-click on SecurityCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Press the Space Bar when you see the Press any key to continue... message.
    Please Note: This scan will take a short while to complete, so please be patient.
  4. When the scan has completed, a Notepad file will automatically open called checkup.txt.
  5. Save the file checkup.txt to your Desktop.
    Please Note: This output file is NOT automatically saved!
  6. Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
Step 4:
Include in Next Post
  1. Did you have any problems carrying out the instructions?
  2. mgadiag.txt.
  3. ckfiles.txt
  4. checkup.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
caseyd
Newbie


Joined: 10 Jan 2012
Last Visit: 14 Feb 2012
Posts: 8

PostPosted: Mon Feb 13, 2012 6:53 am    Post subject: Reply with quote

okay here are the new text files

MGADIAG.TXT



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-WJ2H8-R6B6D-7QJB7
Windows Product Key Hash: ckKNc+BBPDWmo1LUlOkraNjlQ34=
Windows Product ID: 00359-OEM-8992687-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {6AA79D7F-DD05-40EA-BF38-3E294177F320}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6AA79D7F-DD05-40EA-BF38-3E294177F320}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7QJB7</PKey><PID>00359-OEM-8992687-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2395918177-3537977205-1141239769</SID><SYSTEM><Manufacturer>eMachines</Manufacturer><Model>ET1352</Model></SYSTEM><BIOS><Manufacturer>American Megatrends, Inc.</Manufacturer><Version>P01-A2</Version><SMBIOSVersion major="2" minor="6"/><Date>20100402000000.000000+000</Date></BIOS><HWID>B1B83607018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800006-02-1033-7600.0000-1612010
Installation ID: 017050558531162242187142472583275915837514003200185905
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7QJB7
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 2/13/2012 6:39:13 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072EE7
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:17:2011 08:31
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAEAAwABAAEAAAABAAAAAQABAAEAeqjC7boe7umCy5IAqmiqAkYbucEYeQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 040210 APIC2103
FACP 040210 FACP2103
HPET 040210 OEMHPET0
MCFG 040210 OEMMCFG
WDRT 040210 NV-WDRT
SLIC ACRSYS ACRPRDCT
OEMB 040210 OEMB2103
AWMI 040210 OEMB2103
SSDT A M I POWERNOW


THIS IS THE CKFILES.TXT


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\1clickdownload\tmpgenc 4.0 xpress v4.7.4.299 retail + keygen.torrent
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.AA.11.VSAPTQ
----- EOF -----



AND THE CHECKUP.TXT


Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 30
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````
Back to top
View user's profile Send private message
Scolabar
SWW Honors Graduate


Joined: 24 Aug 2011
Last Visit: 27 Jun 2012
Posts: 105

PostPosted: Mon Feb 13, 2012 4:06 pm    Post subject: Reply with quote

caseyd,

Your logs show you are using illegal "cracked" software on your computer.

It is not the policy of this forum to aid and abet in the use of such software, as is clearly pointed out at the very beginning of the Help with Spyware removal Forum Guidelines (PLEASE READ) topic that should have been read prior to posting any logs..

It is therefore my recommendation that you reformat your hard drive, re-install Windows and stop using illegal software.

This topic will now be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

_________________
Malware Removal University - You too could train to help others
Member of ASAP and UNITE
Back to top
View user's profile Send private message
caseyd
Newbie


Joined: 10 Jan 2012
Last Visit: 14 Feb 2012
Posts: 8

PostPosted: Mon Feb 13, 2012 8:13 pm    Post subject: Reply with quote

Okay i was unaware that i had illigal software. how would i remove these from my computer? I will do whatever it takes to fix my computer, I am currently in college and my computer is important to me. I greatly appreciate the help i was given thus far.

I have never reformated a hard drive or re-installed windows.
By doing so will this help fix the bugs and remove the illigal software?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 21 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Mon Feb 13, 2012 10:39 pm    Post subject: Reply with quote

I'm afraid your protestations of innocence do not appear to sit well with the evidence of the logs you've supplied.

This forum does not support the use of pirated software, and this topic will now be closed.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group