xMusicx
2011-01-23, 05:10
Sorry about the previous post. I have been trying to post in Tech support forums but this stupid virus drops the service whenever I try to post something or go on Microsoft websites, or access e-mail.
The problem started (probably) with FileCure. I'm assuming its a Trojan.Downloader because after that randomly installed itself. After that things got bad. NetAssistant randomly appeared and started hijacked sites on the favorites tab, then hijacked more sites. Now its gotten even worse and the computer freezes when in normal mode (currently running safe mode with networking). To compound the difficulty of the situation, multiple virus scanners/registry cleaners have been used :( (Wish I would have thought about it before doing that).
Rather anxious to get started (I'd rather avoid restoring to factory settings.
Its limitimiting how much I can upload, So it has to be in multiple posts.
DDS.txt
DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Nikki at 21:58:24.07 on Sat 01/22/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6874 [GMT -5:00]
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\Favorites\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=lx6810-01
mStart Page = hxxp://www.startsearcher.com
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=lx6810-01
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Norton Download Manager{N360S_NUC_prod_1.19_4.1.0.32}] C:\Users\Public\Downloads\Norton\{N360S_NUC_prod_1.19_4.1.0.32}\N360Downloader.exe /m
uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit/534.7_(KHTML,_like_Gecko)_Chrome/7.0.517.44_Safari/534.7" -"http://www.gamehouse.com/onlinegames/playgame-new.jsp?game=dinerdash"
mRun: [eRecoveryService]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
dRunOnce: [<NO NAME>]
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} - hxxp://cafeimg.hanmail.net/bgm6/DaumBgmPlayer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {9712E214-2095-4240-BE72-812D046DB980} = 4.2.2.4,4.2.2.6
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
============= SERVICES / DRIVERS ===============
R0 57578372;57578372 Boot Guard Driver;C:\Windows\System32\drivers\57578372.sys [2011-1-18 40464]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-18 28192]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys [2011-1-22 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys [2011-1-22 221232]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\System32\drivers\AVer88xHD64.sys [2009-1-18 432256]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RTS5121.sys [2009-2-27 204288]
S1 57578371;57578371;C:\Windows\System32\drivers\57578371.sys [2011-1-18 157712]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [2011-1-22 676912]
S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys [2011-1-22 615040]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSVia64.sys [2011-1-22 466992]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys [2011-1-22 149552]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys [2011-1-22 451120]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2011-1-22 126392]
S3 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-2-27 24576]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2009-8-18 27136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-5-17 308592]
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-01-23 02:40:57 -------- dc----w- C:\Program Files (x86)\ESET
2011-01-23 02:38:06 -------- d-----w- C:\Users\Nikki\AppData\Roaming\QuickScan
2011-01-23 01:10:07 -------- d-----w- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-23 01:10:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-01-23 00:52:07 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-01-23 00:52:07 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-01-23 00:52:07 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2011-01-23 00:52:07 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2011-01-23 00:51:50 -------- d-----w- C:\Program Files\Symantec
2011-01-23 00:51:42 615040 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys
2011-01-23 00:51:42 505392 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtsp64.sys
2011-01-23 00:51:42 451120 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys
2011-01-23 00:51:42 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys
2011-01-23 00:51:42 32304 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtspx64.sys
2011-01-23 00:51:42 221232 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys
2011-01-23 00:51:42 149552 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys
2011-01-23 00:51:36 -------- d-----w- C:\Windows\System32\drivers\N360x64\0401000.020
2011-01-23 00:51:36 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-01-23 00:51:35 -------- dc----w- C:\Program Files (x86)\Norton 360
2011-01-23 00:51:31 -------- dc----w- C:\Program Files (x86)\NortonInstaller
2011-01-22 23:38:21 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-21 01:38:52 -------- dc----w- C:\Program Files (x86)\AhnLab
2011-01-19 16:04:59 -------- dc----w- C:\Alex
2011-01-19 02:33:06 -------- dc----w- C:\Program Files (x86)\Kaspersky Lab
2011-01-18 05:43:47 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
011-01-18 05:43:18 40464 ----a-w- C:\Windows\System32\drivers\57578372.sys
2011-01-18 05:43:18 157712 ----a-w- C:\Windows\System32\drivers\57578371.sys
2011-01-18 05:00:21 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-01-17 02:32:41 -------- d-----w- C:\Users\Nikki\AppData\Roaming\Tific
2011-01-14 20:04:58 -------- dc----w- C:\N360_BACKUP
2011-01-01 21:00:32 -------- d-----w- C:\Users\Nikki\AppData\Local\CrashDumps
2010-12-28 00:56:51 -------- dc----w- C:\Program Files (x86)\Sibelius Software
2010-12-26 22:34:56 -------- d-----w- C:\Program Files\iPod
2010-12-26 22:34:54 -------- d-----w- C:\Program Files\iTunes
2010-12-25 00:09:53 -------- dc----w- C:\test
2010-12-24 21:21:39 -------- d-----w- C:\Users\Nikki\AppData\Local\Mozilla
==================== Find3M ====================
2010-12-22 12:09:29 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
============= FINISH: 21:59:56.24 ===============
Again really, really sorry about the multiple post! If someone could merge them that would be great!
Also Windows Update cannot run and the dds.scr was run in safe mode since it only freezes in regular mode.
The problem started (probably) with FileCure. I'm assuming its a Trojan.Downloader because after that randomly installed itself. After that things got bad. NetAssistant randomly appeared and started hijacked sites on the favorites tab, then hijacked more sites. Now its gotten even worse and the computer freezes when in normal mode (currently running safe mode with networking). To compound the difficulty of the situation, multiple virus scanners/registry cleaners have been used :( (Wish I would have thought about it before doing that).
Rather anxious to get started (I'd rather avoid restoring to factory settings.
Its limitimiting how much I can upload, So it has to be in multiple posts.
DDS.txt
DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Nikki at 21:58:24.07 on Sat 01/22/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6874 [GMT -5:00]
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Users\Nikki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nikki\Favorites\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=lx6810-01
mStart Page = hxxp://www.startsearcher.com
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=lx6810-01
uInternet Settings,ProxyServer = http=127.0.0.1:6711
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Norton Download Manager{N360S_NUC_prod_1.19_4.1.0.32}] C:\Users\Public\Downloads\Norton\{N360S_NUC_prod_1.19_4.1.0.32}\N360Downloader.exe /m
uRunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit/534.7_(KHTML,_like_Gecko)_Chrome/7.0.517.44_Safari/534.7" -"http://www.gamehouse.com/onlinegames/playgame-new.jsp?game=dinerdash"
mRun: [eRecoveryService]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
dRunOnce: [<NO NAME>]
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} - hxxp://cafeimg.hanmail.net/bgm6/DaumBgmPlayer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {9712E214-2095-4240-BE72-812D046DB980} = 4.2.2.4,4.2.2.6
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
============= SERVICES / DRIVERS ===============
R0 57578372;57578372 Boot Guard Driver;C:\Windows\System32\drivers\57578372.sys [2011-1-18 40464]
R0 nvamacpi;Nvidia Away Mode System;C:\Windows\System32\drivers\nvamacpi.sys [2009-1-18 28192]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys [2011-1-22 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys [2011-1-22 221232]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\System32\drivers\AVer88xHD64.sys [2009-1-18 432256]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RTS5121.sys [2009-2-27 204288]
S1 57578371;57578371;C:\Windows\System32\drivers\57578371.sys [2011-1-18 157712]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx64.sys [2011-1-22 676912]
S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys [2011-1-22 615040]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSVia64.sys [2011-1-22 466992]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys [2011-1-22 149552]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys [2011-1-22 451120]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2011-1-22 126392]
S3 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2009-2-27 24576]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2009-8-18 27136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-5-17 308592]
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-01-23 02:40:57 -------- dc----w- C:\Program Files (x86)\ESET
2011-01-23 02:38:06 -------- d-----w- C:\Users\Nikki\AppData\Roaming\QuickScan
2011-01-23 01:10:07 -------- d-----w- C:\Windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-23 01:10:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-01-23 00:52:07 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-01-23 00:52:07 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-01-23 00:52:07 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2011-01-23 00:52:07 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2011-01-23 00:51:50 -------- d-----w- C:\Program Files\Symantec
2011-01-23 00:51:42 615040 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\cchpx64.sys
2011-01-23 00:51:42 505392 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtsp64.sys
2011-01-23 00:51:42 451120 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\symtdiv.sys
2011-01-23 00:51:42 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymDS64.sys
2011-01-23 00:51:42 32304 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\srtspx64.sys
2011-01-23 00:51:42 221232 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\SymEFA64.sys
2011-01-23 00:51:42 149552 ----a-r- C:\Windows\System32\drivers\N360x64\0401000.020\Ironx64.sys
2011-01-23 00:51:36 -------- d-----w- C:\Windows\System32\drivers\N360x64\0401000.020
2011-01-23 00:51:36 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-01-23 00:51:35 -------- dc----w- C:\Program Files (x86)\Norton 360
2011-01-23 00:51:31 -------- dc----w- C:\Program Files (x86)\NortonInstaller
2011-01-22 23:38:21 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-21 01:38:52 -------- dc----w- C:\Program Files (x86)\AhnLab
2011-01-19 16:04:59 -------- dc----w- C:\Alex
2011-01-19 02:33:06 -------- dc----w- C:\Program Files (x86)\Kaspersky Lab
2011-01-18 05:43:47 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
011-01-18 05:43:18 40464 ----a-w- C:\Windows\System32\drivers\57578372.sys
2011-01-18 05:43:18 157712 ----a-w- C:\Windows\System32\drivers\57578371.sys
2011-01-18 05:00:21 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-01-17 02:32:41 -------- d-----w- C:\Users\Nikki\AppData\Roaming\Tific
2011-01-14 20:04:58 -------- dc----w- C:\N360_BACKUP
2011-01-01 21:00:32 -------- d-----w- C:\Users\Nikki\AppData\Local\CrashDumps
2010-12-28 00:56:51 -------- dc----w- C:\Program Files (x86)\Sibelius Software
2010-12-26 22:34:56 -------- d-----w- C:\Program Files\iPod
2010-12-26 22:34:54 -------- d-----w- C:\Program Files\iTunes
2010-12-25 00:09:53 -------- dc----w- C:\test
2010-12-24 21:21:39 -------- d-----w- C:\Users\Nikki\AppData\Local\Mozilla
==================== Find3M ====================
2010-12-22 12:09:29 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 16:29:18 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-28 15:44:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-28 14:05:21 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-28 13:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
============= FINISH: 21:59:56.24 ===============
Again really, really sorry about the multiple post! If someone could merge them that would be great!
Also Windows Update cannot run and the dds.scr was run in safe mode since it only freezes in regular mode.