Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus: Causes a bunch of system32 Errors

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus: Causes a bunch of system32 Errors

Unread postby moobly » February 3rd, 2012, 1:05 am

Hi, I've had a bug on this computer (i think) for awhile now. Everytime before, I had just system restored it thinking that it'd go away. However recently it got worse. It basically did not allow me to click anything on my screen, and when I did get the system restore menu up (by going to it first right during start up), it wouldn't let me restore (it said error during restore). Also, when I booted the laptop up on Safe Mode to restore, it errored half way though. Somehow I got it to restore however I think that its about time for me to try to get rid of it.

Here is the DDS Log + Attach.txt as instructed.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Eric at 23:57:26 on 2012-02-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1264 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC\msdcsc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\igfxext.exe
C:\Users\Eric\AppData\Roaming\.app\lassr.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [winupdater] C:\windows\system32\Windupdt\winupdate.exe
uRun: [winupdate] C:\windows\system32\install\winupdt.exe
uRun: [MicroUpdate] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSDCSC\msdcsc.exe
uRun: [Windows Defender] C:\Users\Eric\AppData\Roaming\.app\lassr.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Windows Defender] C:\Users\Eric\AppData\Roaming\.app\lassr.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mExplorerRun: [Windows Defender] C:\Users\Eric\AppData\Roaming\.app\lassr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Receiver.lnk - C:\windows\Installer\{C0B728CE-BF48-48C2-A19C-01563CCEDD9F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 128.8.76.2 128.8.74.2
TCP: Interfaces\{96744B23-5282-40E4-9DD1-792D2135EBBA} : DhcpNameServer = 128.8.76.2 128.8.74.2
TCP: Interfaces\{96744B23-5282-40E4-9DD1-792D2135EBBA}\A4A5940363 : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {49E1FFCF-CBEA-DA34-7C5F-6ADC8A6E4FDC} - C:\Users\Eric\AppData\Roaming\.app\lassr.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Windows Defender] C:\Users\Eric\AppData\Roaming\.app\lassr.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\bh4lpr08.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [2011-9-1 1151096]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110908.030\IDSviA64.sys [2011-9-8 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-9-4 130008]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-3-14 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2011-3-14 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-14 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-8 136824]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-14 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 136176]
S3 dmodusb;dmodusb.sys Digilent USB driver;C:\windows\system32\DRIVERS\dmodusb.sys --> C:\windows\system32\DRIVERS\dmodusb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-03 04:32:28 388096 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-03 04:32:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-03 03:58:12 -------- d-----w- C:\Users\Eric\AppData\Local\{8E87A20A-1CE6-4363-802B-CA386DD6596D}
2012-02-03 03:23:35 -------- d-----w- C:\Users\Eric\AppData\Local\{B2D12AE4-CF02-437B-9B3E-B61B5263CEF1}
2012-02-03 03:10:47 -------- d-----w- C:\Users\Eric\AppData\Local\{A4BC64C2-A1CE-411F-B6D4-E87BFB2B5A6E}
2012-02-03 02:50:10 -------- d-----w- C:\Users\Eric\AppData\Local\{4B902628-FC26-4400-B157-1B4B62B37B95}
2012-02-03 02:40:09 -------- d-----w- C:\Users\Eric\AppData\Local\{8BDD2A99-EB57-4793-AE18-487528CF89B2}
2012-02-01 01:44:30 -------- d-----w- C:\Users\Eric\AppData\Local\{128A4847-90CD-47BF-A56A-16047ED47F41}
2012-02-01 01:44:20 -------- d-----w- C:\Users\Eric\AppData\Local\{B1132C32-B87A-49F8-A2E5-6986D83E01A1}
2012-01-31 13:45:54 -------- d-----w- C:\Program Files (x86)\MSECache
2012-01-31 13:44:07 -------- d-----w- C:\Users\Eric\AppData\Local\{EE1E4A6B-AFF0-4D8C-B829-FD17301079BD}
2012-01-31 13:43:56 -------- d-----w- C:\Users\Eric\AppData\Local\{79FE470F-F5BC-4FB7-B1E6-C35079BB9C8F}
2012-01-31 13:09:24 -------- d-----w- C:\Users\Eric\AppData\Roaming\Elluminate
2012-01-31 07:39:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0123AED-3912-431C-A164-6A02ED88206C}\offreg.dll
2012-01-31 07:37:43 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0123AED-3912-431C-A164-6A02ED88206C}\mpengine.dll
2012-01-31 06:45:14 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\symefa64.sys
2012-01-31 06:45:14 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\symnets.sys
2012-01-31 06:45:13 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\srtsp64.sys
2012-01-31 06:45:13 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\symds64.sys
2012-01-31 06:45:13 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\srtspx64.sys
2012-01-31 06:45:13 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\ironx64.sys
2012-01-31 06:45:05 -------- d-----w- C:\windows\System32\drivers\NISx64\1207000.00D
2012-01-30 09:58:29 -------- d-----w- C:\Users\Eric\AppData\Local\{E92D7840-0E8B-4146-BD3E-595CF0EAC86C}
2012-01-30 09:58:19 -------- d-----w- C:\Users\Eric\AppData\Local\{9D35E171-B96C-45B1-A5D6-D95B555B01FC}
2012-01-29 21:58:07 -------- d-----w- C:\Users\Eric\AppData\Local\{ACB9338D-B4C5-4A65-B28D-3A03E6C342CE}
2012-01-29 21:57:57 -------- d-----w- C:\Users\Eric\AppData\Local\{E206F32C-7A0D-4F2C-83C7-C30E1B2BD649}
2012-01-29 04:00:15 -------- d-----w- C:\Users\Eric\AppData\Local\{EB6F549C-ECEB-44D5-8AE5-00E7D23AC18B}
2012-01-29 04:00:05 -------- d-----w- C:\Users\Eric\AppData\Local\{42B4E90B-BECA-45AF-91DE-F9817C72099C}
2012-01-28 06:22:12 -------- d-----w- C:\Users\Eric\AppData\Local\{7A6D3B2F-4428-413B-B3DE-FAC617CCD51A}
2012-01-28 06:22:02 -------- d-----w- C:\Users\Eric\AppData\Local\{249B3076-8BE5-4A78-8452-8E4DA3A8FD66}
2012-01-27 02:44:58 -------- d-----w- C:\Users\Eric\AppData\Local\{CFDA544B-0B05-49C3-BD1A-A80AEB5F216F}
2012-01-27 02:44:48 -------- d-----w- C:\Users\Eric\AppData\Local\{0C3508CC-4219-4874-AE58-C1B78FDFAFA5}
2012-01-26 19:58:50 -------- d-----w- C:\Users\Eric\AppData\Roaming\Helios
2012-01-26 19:58:19 -------- d-----w- C:\Program Files (x86)\TextPad 5
2012-01-26 14:44:23 -------- d-----w- C:\Users\Eric\AppData\Local\{4E611781-55FA-43F5-8158-2911A17715EF}
2012-01-26 14:44:13 -------- d-----w- C:\Users\Eric\AppData\Local\{CD233346-D302-48D9-867C-BE49255658D0}
2012-01-26 02:43:49 -------- d-----w- C:\Users\Eric\AppData\Local\{3CC9D676-F84E-4EC6-8BCB-B8054FEBEAF4}
2012-01-26 02:43:39 -------- d-----w- C:\Users\Eric\AppData\Local\{4C694B5C-6C4A-45DF-A0A2-C2132AB82DC0}
2012-01-25 13:20:15 -------- d-----w- C:\Users\Eric\AppData\Local\{86FD524D-D9CC-4C7A-99EB-E84F1780C6DC}
2012-01-25 13:20:05 -------- d-----w- C:\Users\Eric\AppData\Local\{25A91AA2-0487-48AB-941F-FA2168BCCEA5}
2012-01-25 01:19:39 -------- d-----w- C:\Users\Eric\AppData\Local\{192E4364-DD51-49DC-BFF9-AB8B48974952}
2012-01-25 01:19:29 -------- d-----w- C:\Users\Eric\AppData\Local\{D389C455-91F4-46BC-B6FF-581489C6333A}
2012-01-25 01:18:05 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-25 01:18:05 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-25 01:18:05 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-25 01:18:05 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-23 21:28:17 -------- d-----w- C:\Users\Eric\AppData\Local\{5A853C73-48B5-403C-BBB6-6A2B6B3D0F64}
2012-01-23 21:28:05 -------- d-----w- C:\Users\Eric\AppData\Local\{78EAB75D-D12E-4F63-BFAD-7C43E7875DB4}
2012-01-20 03:24:41 -------- d-----w- C:\Users\Eric\AppData\Local\{9A4C4CEB-C7C5-4D7C-AFA6-D3FD9CA1952E}
2012-01-20 03:24:20 -------- d-----w- C:\Users\Eric\AppData\Local\{FEECD1B9-0007-46DC-BCC8-7A7D4648FC22}
2012-01-20 01:53:38 -------- d-----w- C:\Users\Eric\AppData\Local\{78D54F59-BBFA-40C4-8725-C818352A7256}
2012-01-20 01:53:26 -------- d-----w- C:\Users\Eric\AppData\Local\{5C09ED79-0E5A-4254-BCBE-987635268BD2}
2012-01-19 21:07:08 -------- d-----w- C:\Users\Eric\AppData\Local\{4208C33F-AA89-4A03-B342-CF3533C0A1AB}
2012-01-19 21:06:47 -------- d-----w- C:\Users\Eric\AppData\Local\{93E33AC0-0151-4A84-BFE8-E3DE552BA573}
2012-01-19 09:06:35 -------- d-----w- C:\Users\Eric\AppData\Local\{84EF4036-8624-48C4-AA44-0F987CACBBA5}
2012-01-19 09:06:14 -------- d-----w- C:\Users\Eric\AppData\Local\{E62BEA2E-6F80-4617-9D34-FD229344DD0D}
2012-01-18 21:06:02 -------- d-----w- C:\Users\Eric\AppData\Local\{DFB3AA05-AF11-436E-87CD-51A90ACAB59F}
2012-01-18 21:05:41 -------- d-----w- C:\Users\Eric\AppData\Local\{3AB882FB-18A9-4663-A823-35486110EF77}
2012-01-18 09:05:30 -------- d-----w- C:\Users\Eric\AppData\Local\{D8D17EB3-01E0-456D-8633-3A976A58B73B}
2012-01-18 09:05:09 -------- d-----w- C:\Users\Eric\AppData\Local\{B490EFFC-98C3-4EF0-85B9-8E9224D3A9D0}
2012-01-17 21:04:58 -------- d-----w- C:\Users\Eric\AppData\Local\{C19AEC8F-F491-466A-B2A7-9DC6AF656FFA}
2012-01-17 21:04:38 -------- d-----w- C:\Users\Eric\AppData\Local\{3F402DDA-1D26-4D6D-98F2-66239C206D4E}
2012-01-17 09:04:24 -------- d-----w- C:\Users\Eric\AppData\Local\{CC9EA1D3-DDA1-4784-B8C4-EAAC3B3E7CB8}
2012-01-17 09:04:03 -------- d-----w- C:\Users\Eric\AppData\Local\{E5B687C6-71B1-4DD3-BAB0-A9C7DF588E4E}
2012-01-16 21:03:50 -------- d-----w- C:\Users\Eric\AppData\Local\{93942F6B-4BC7-42D4-96B8-D92EC37A1978}
2012-01-16 21:03:40 -------- d-----w- C:\Users\Eric\AppData\Local\{96BC69FF-8414-4D6A-BBAA-FD11CCE96334}
2012-01-15 16:39:30 -------- d-----w- C:\Users\Eric\AppData\Local\{6AB502F7-9799-459D-8E13-0DB084ACF669}
2012-01-15 16:39:09 -------- d-----w- C:\Users\Eric\AppData\Local\{13EDD6D2-293E-4421-958A-4192F7EB9080}
2012-01-15 04:38:58 -------- d-----w- C:\Users\Eric\AppData\Local\{781DE9F0-946E-456F-9AE7-5AFD65F7B5ED}
2012-01-15 04:38:48 -------- d-----w- C:\Users\Eric\AppData\Local\{F2E4CE8E-4964-4DEF-9088-883B3C4D2033}
2012-01-14 07:28:26 -------- d-----w- C:\Users\Eric\AppData\Local\{FFE9C33A-1CEC-43A4-8E46-1014703E3B28}
2012-01-14 07:28:16 -------- d-----w- C:\Users\Eric\AppData\Local\{5280315F-6179-4F25-AC79-3606519F702B}
2012-01-13 02:22:53 -------- d-----w- C:\Users\Eric\AppData\Local\{9DA264CC-A514-4AFC-AB7F-0940E8736862}
2012-01-13 02:22:43 -------- d-----w- C:\Users\Eric\AppData\Local\{3A73B43B-2EB1-477A-AE03-DB8B4C4ADBF5}
2012-01-12 02:30:16 -------- d-----w- C:\Users\Eric\AppData\Local\{A4CF659E-6ECB-4FAA-B384-668D57FC8BD2}
2012-01-11 14:29:43 -------- d-----w- C:\Users\Eric\AppData\Local\{975F440D-DA2C-44BB-8EA5-D59DFC405647}
2012-01-11 14:29:34 -------- d-----w- C:\Users\Eric\AppData\Local\{0F89DE4D-E470-4A63-8CE7-5074E9473EB2}
2012-01-10 23:11:11 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-10 23:11:11 1328640 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-10 23:11:10 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-10 23:11:10 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-10 23:11:08 1739160 ----a-w- C:\windows\System32\ntdll.dll
2012-01-10 23:11:08 1292592 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-10 23:11:07 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-10 23:11:07 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-10 21:08:50 -------- d-----w- C:\Users\Eric\AppData\Local\{54FB0C64-D046-4888-B1F6-6305B9AE5C4E}
2012-01-10 21:08:38 -------- d-----w- C:\Users\Eric\AppData\Local\{A97A136A-246C-478A-B571-813059D7B1E4}
2012-01-10 20:34:48 -------- d-----w- C:\Users\Eric\AppData\Local\{83893B0B-5652-4795-A3A1-50098706C2F7}
2012-01-08 22:47:11 -------- d-----w- C:\Users\Eric\AppData\Local\{321E51D8-43EE-4078-8B78-D8D4AC88B6E0}
2012-01-08 22:47:01 -------- d-----w- C:\Users\Eric\AppData\Local\{BDCF7615-5077-4217-8B12-D0C76E8CC090}
2012-01-08 05:28:36 -------- d-----w- C:\Users\Eric\AppData\Local\{82A02803-E5AC-4DFC-973D-1CAD1AC0A07E}
2012-01-08 05:28:26 -------- d-----w- C:\Users\Eric\AppData\Local\{7B27E62C-5A54-498E-A280-C65FC47D069A}
2012-01-07 03:51:06 -------- d-----w- C:\Users\Eric\AppData\Local\{7FBFF020-FC54-4EDC-92BD-7DC9731CD28C}
2012-01-07 03:50:45 -------- d-----w- C:\Users\Eric\AppData\Local\{C045C87A-8D30-4BCB-B6C6-A7771E029E03}
2012-01-06 15:50:34 -------- d-----w- C:\Users\Eric\AppData\Local\{858DE1BC-0973-468C-805D-427DA8C68EE2}
2012-01-06 15:50:13 -------- d-----w- C:\Users\Eric\AppData\Local\{78515E79-8AEF-47F8-9233-DF4458058501}
2012-01-06 03:50:02 -------- d-----w- C:\Users\Eric\AppData\Local\{0C782EAD-821D-4337-AB5E-68703B9FC26B}
2012-01-06 03:49:52 -------- d-----w- C:\Users\Eric\AppData\Local\{D47C5C3D-1F06-4CE4-853F-5EF81AF62B24}
2012-01-05 07:02:26 -------- d-----w- C:\Users\Eric\AppData\Local\DDMSettings
2012-01-05 07:01:13 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-01-05 07:00:57 -------- d-----w- C:\Program Files\DivX
2012-01-05 07:00:50 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-01-05 07:00:15 -------- d-----w- C:\Program Files (x86)\DivX
2012-01-05 06:59:08 -------- d-----w- C:\ProgramData\DivX
2012-01-05 03:16:26 -------- d-----w- C:\Users\Eric\AppData\Local\{8C29202C-926A-493B-A43E-CF6BC8362094}
2012-01-05 03:16:17 -------- d-----w- C:\Users\Eric\AppData\Local\{8B010327-F15E-4177-BD06-C5B6162D3744}
.
==================== Find3M ====================
.
2011-12-07 15:39:10 279096 ----a-w- C:\windows\System32\MpSigStub.exe
2011-11-24 05:00:47 3141632 ----a-w- C:\windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-11-05 05:26:29 1197568 ----a-w- C:\windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\windows\System32\tzres.dll
2011-09-28 07:39:27 229888 --shatr- C:\windows\SysWOW64\Windupdt\winupdate.exe
.
============= FINISH: 23:58:11.30 ===============


******Attach*********
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/3/2011 7:33:13 PM
System Uptime: 2/2/2012 10:55:03 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU | 1722/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 335.774 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP81: 1/26/2012 3:00:16 AM - Windows Update
RP82: 1/26/2012 2:57:43 PM - Installed TextPad 5.
RP83: 1/27/2012 2:19:17 AM - Windows Update
RP84: 1/31/2012 2:37:01 AM - Windows Update
RP85: 1/31/2012 8:46:02 AM - Installed Microsoft PowerPoint Viewer
RP86: 2/1/2012 3:00:13 AM - Windows Update
RP87: 2/2/2012 3:00:10 AM - Windows Update
RP89: 2/2/2012 11:31:40 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
AIM 7
Amazon Links
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
AutoHotkey 1.0.48.05
Bejeweled 2 Deluxe
Cake Mania - Lights, Camera, Action!(TM)
Chuzzle Deluxe
Citrix Receiver (Enterprise)
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(PNA)
Citrix Receiver(SSON)
Citrix Receiver(USB)
D3DX10
Digilent Software
DivX Setup
Download Updater (AOL LLC)
DreamerRO's 10.11
DreamerRO 12.1.11
FATE - The Traitor Soul
FilterPro Desktop
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 27
Jewel Quest - Heritage
Junk Mail filter update
Label@Once 1.0
MATLAB R2011a Student Version
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Mystery P.I. - The London Caper
Norton Internet Security
Online Plug-in
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Launcher
Slingo Supreme
TextPad 5
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/2/2012 9:55:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
2/2/2012 9:54:31 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
2/2/2012 9:54:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
2/2/2012 9:52:45 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The system cannot find the file specified.
2/2/2012 9:52:45 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
2/2/2012 9:52:45 PM, Error: Service Control Manager [7000] - The Intel(R) Management & Security Application User Notification Service service failed to start due to the following error: The system cannot find the file specified.
2/2/2012 9:52:44 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014841.
2/2/2012 9:52:44 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The paging file is too small for this operation to complete.
2/2/2012 9:52:42 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
2/2/2012 9:52:40 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/2/2012 9:52:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect.
2/2/2012 10:55:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8800695e94a, 0xfffff880033a1308, 0xfffff880033a0b70). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 020212-34445-01.
2/2/2012 10:27:37 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147024891
2/2/2012 10:27:18 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The paging file is too small for this operation to complete.
2/2/2012 10:27:18 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2012 10:26:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
2/2/2012 10:26:16 PM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2012 10:25:46 PM, Error: Service Control Manager [7023] - The Intel(R) Management & Security Application User Notification Service service terminated with the following error: %%-2147024882
2/2/2012 10:25:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TOSHIBA HDD SSD Alert Service service.
2/2/2012 10:25:35 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Not enough quota is available to process this command.
2/2/2012 10:16:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/2/2012 10:15:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/2/2012 10:15:27 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2012 10:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/2/2012 10:15:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/2/2012 10:15:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/2/2012 10:15:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/2/2012 10:15:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/2/2012 10:14:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ctxusbm DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2012 10:14:45 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2012 10:12:57 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024891.
.
==== End Of File ===========================



Thank you for all your help.
moobly
Active Member
 
Posts: 4
Joined: February 3rd, 2012, 1:00 am
Advertisement
Register to Remove

Re: Virus: Causes a bunch of system32 Errors

Unread postby Scolabar » February 3rd, 2012, 3:14 am

Hi Eric,

Firstly, welcome to the Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help i would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
    !
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Virus: Causes a bunch of system32 Errors

Unread postby Scolabar » February 3rd, 2012, 4:27 am

Hi moobly,

Thank you again for your patience. :)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Educational Computer?

Entries in the logs you have provided lead me to believe that this computer may be owned or partially-owned by an educational institution and connected to its network.
Please could you confirm whether or not this is the case? If not, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
MGA Diagnostics

  1. Please download this tool from Microsoft and Save it to your Desktop.
  2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Click on the Continue button to proceed.
  4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
  5. When it has finished click on the Copy button.
  6. Click on Start and then click on the Start Search box in the Start Menu.
  7. Copy and Paste the following value into the open text entry box:

      notepad

  8. Then click on the magnifying glass symbol or press Enter.
  9. This will open an empty Notepad file.
  10. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
  11. Click on the OK button to exit the MGA Diagnostics program.
  12. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

Step 3:
CKScanner

  1. Please download CKScanner and Save it to your Desktop.
    Make sure that CKScanner.exe is on your Desktop before running the application!
  2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Then click on the Search For Files button.
  4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
    A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
    Note: Please run the program once only.
  5. Click on the Exit button to close the program.
  6. Double-click on the ckfiles.txt file to open it.
  7. Then Copy and Paste the entire contents of the file into your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Is this computer owned or partially-owned by an educational institution and connected to its network? If not, please clarify for what purposes the computer is used.
  3. mgadiag.txt.
  4. ckfiles.txt.
  5. Do you have the original Windows installation media for your PC?

Scolabar
---------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Virus: Causes a bunch of system32 Errors

Unread postby moobly » February 3rd, 2012, 10:26 am

Hi, and thank you for helping.
Before I start the steps, I would like to say: No this is not a computer from an educational institution. However, I do have a program that allows me to remotely connect to one in order to use its programs (provided to me by the campus).

*edit: This computer is used for school work mostly
moobly
Active Member
 
Posts: 4
Joined: February 3rd, 2012, 1:00 am

Re: Virus: Causes a bunch of system32 Errors

Unread postby moobly » February 3rd, 2012, 7:31 pm

mgadiag text**********

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-4F8HK-M4P73-W8DQG
Windows Product Key Hash: Xs1iQgVeo0C+sObJxS7eu+FuBPQ=
Windows Product ID: 00359-OEM-8992687-00057
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {D288003D-A5EA-4AF8-8EB0-3F6699387BF8}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D288003D-A5EA-4AF8-8EB0-3F6699387BF8}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W8DQG</PKey><PID>00359-OEM-8992687-00057</PID><PIDType>2</PIDType><SID>S-1-5-21-1698190174-463768132-3334615134</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite C655</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>1.80</Version><SMBIOSVersion major="2" minor="6"/><Date>20110111000000.000000+000</Date></BIOS><HWID>66BA3607018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800057-02-1033-7600.0000-3002010
Installation ID: 018244643740795735942326889902917106447534649196474825
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: W8DQG
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 2/3/2012 6:12:53 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:12:2011 20:52
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEA6GHCU4AqCJ+yfli7xFSO7BJ8XF0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSINV TOSINV00
FACP TOSINV TOSINV00
HPET TOSINV TOSINV00
BOOT TOSINV TOSINV00
MCFG TOSINV TOSINV00
WDAT INTEL Calpella
ASF! TOSINV TOSINV00
SLIC TOSINV TOSINV00
SSDT INTEL SataAhci
ASPT INTEL Calpella
SSDT INTEL SataAhci



****
CK Scanner text


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.IUNAES
----- EOF -----




**This laptop is used for school purposes (writing reports, Matlab, Coding, etc)
Otherwise, this is owned by me, and me solely.

I don't think I have the original windows installation for this laptop. Would I need it?

Thankyou
moobly
Active Member
 
Posts: 4
Joined: February 3rd, 2012, 1:00 am

Re: Virus: Causes a bunch of system32 Errors

Unread postby Scolabar » February 3rd, 2012, 11:44 pm

Hi moobly,

Thank you for the logs and feedback. I am afraid I have some bad news for you. :(

Your logs show signs of a Backdoor infection, amongst others.

This means your attacker may have had full remote access to your computer and can use it as if he were sat in front of it.

You are strongly advised to do the following immediately:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. It will be a hassle but you should probably change all your account numbers.
  3. Inform your school/college/university IT department, particularly if you have connected to its network.
  4. From a clean computer, change *ALL* your passwords: (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon... any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, an attacker can still get all the new passwords and transaction records.
  5. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

As a result of the Backdoor nature of the infection, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to reformat and re-install the operating system (OS). This is a decision you will have to be make.

Guide to re-formatting and re-installing courtesy of wng_z3r0.

To help you decide, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I re-format and reinstall my OS
How and Where to backup your files
Restoring your backups

Please let me know how you intend to proceed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Virus: Causes a bunch of system32 Errors

Unread postby moobly » February 5th, 2012, 6:31 pm

I think I will reformat my laptop/reinstall my OS, Seeing as there are few other alternatives. How would I do this?
moobly
Active Member
 
Posts: 4
Joined: February 3rd, 2012, 1:00 am

Re: Virus: Causes a bunch of system32 Errors

Unread postby Scolabar » February 6th, 2012, 4:49 am

Hi moobly,

Thank you for the confirmation. I think that is the right decision.

moobly wrote:I think I will reformat my laptop/reinstall my OS, Seeing as there are few other alternatives. How would I do this?
I provided the information on how to reformat and re-install the system in my last post. ;)

Scolabar wrote:...

Guide to re-formatting and re-installing courtesy of wng_z3r0.

...
Please Note: I would strongly recommend that you back up all your user data, perform a low-level reformat of the hard drive and select the write 000's option to completely wipe any traces of data from the drive, for peace of mind. ;)

As you have decided to reformat and re-install your system I will arrange for this topic to be closed.

Good luck and stay safe. :thumbup:

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
Scolabar
MRU Honors Grad Emeritus
 
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: Virus: Causes a bunch of system32 Errors

Unread postby Cypher » February 7th, 2012, 6:47 am

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware