-
I have been having issues the last couple days. I keep getting a file on my desktop titles pljtxaetzk.tmp. I keep deleting and it keeps coming back, it says it is 0 kb. My Norton Internet Security keeps popping up with files and such that it finds as problems and I have to restart. Some of the files are microsoftdata.dll, mousenotifierbackup.dll, conduitdata.dll and slp7162874015064228029.tmp. There are probally a few more, but just wanted to list a couple. I had also been having to shutdown IE alot, but since running spybot S&D it has not happened again. Every once in awhile I do get full IE windows opening up for various websites.
Here is the dds log.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by Brian at 15:39:58 on 2011-12-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4791.2538 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://manuals.info.apple.com/en_US/iphone_user_guide.pdf
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [winupd] C:\Users\Brian\AppData\Local\Temp:winupd.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Users\Brian\AppData\Local\Temp\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2AE834AC-9CD1-4140-B188-7725B5817292} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{50B7350A-D023-42FE-8124-23FED783F6A6} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20111223.001\IDSviA64.sys [2011-12-23 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-11 126400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-20 1153368]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-11 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-24 19:47:13 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-24 19:47:13 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-24 19:47:13 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-24 19:47:13 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-24 19:45:59 -------- d-----w- C:\Users\Brian\AppData\Local\{13A24111-64BE-4A3C-9C2F-B30DCA8B3C47}
2011-12-24 04:08:24 -------- d-----w- C:\Users\Brian\AppData\Local\{67FBAD34-E2C8-43C3-B958-5866076D9A72}
2011-12-24 03:53:53 -------- d-----w- C:\Users\Brian\AppData\Local\{8C3F97E5-FBBE-4F01-A56D-DAB068BE2108}
2011-12-24 03:35:22 -------- d-----w- C:\Users\Brian\AppData\Local\{10516534-CE20-4BCD-AB94-BB195B0ACD34}
2011-12-23 13:31:58 -------- d-----w- C:\Users\Brian\AppData\Local\{21DFFD81-C6CD-4C84-BB1B-7EB000EE8BEC}
2011-12-23 13:22:51 -------- d-----w- C:\Users\Brian\AppData\Local\{3DB1FC43-1FF4-4238-9508-5910F28A655B}
2011-12-22 05:24:04 -------- d-----w- C:\Users\Brian\AppData\Local\{1FBBE902-0E63-4F1C-898A-4DE7275EDE34}
2011-12-22 05:19:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-12-22 05:09:43 -------- d-----w- C:\Users\Brian\AppData\Local\{0323A6C2-5401-4730-BFF0-FC59090C619F}
2011-12-22 04:15:46 -------- d-----w- C:\Users\Brian\AppData\Local\{615644A4-EF1E-450D-8DD5-D231BCA684F3}
2011-12-22 04:08:52 -------- d-----w- C:\Users\Brian\AppData\Local\{7F4EA752-DBD9-4C2E-BB68-96CB44DF4D46}
2011-12-21 00:41:46 -------- d-----w- C:\Users\Brian\AppData\Local\{F688EEAB-249F-4A65-93EE-79A10636AA61}
2011-12-20 23:37:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-20 23:37:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-20 23:33:31 -------- d-----w- C:\Users\Brian\AppData\Local\{A93B86BC-9614-40E0-9387-EEEECC8EB676}
2011-12-20 23:17:02 -------- d-----w- C:\Users\Brian\AppData\Local\{A6BDDB56-B167-4049-9C31-0FD4286FF071}
2011-12-19 10:18:20 -------- d-----w- C:\Users\Brian\AppData\Local\{92575ECC-CC2B-42E1-9925-DDB1B414DDEC}
2011-12-19 03:13:49 -------- d-----w- C:\Users\Brian\AppData\Local\{6B0DF4CA-76AF-410F-81EB-5308C93011B0}
2011-12-19 03:05:56 -------- d-----w- C:\Users\Brian\AppData\Local\{5D8E5A8D-7FEB-4604-921C-A540BF7494DB}
2011-12-19 01:45:12 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-19 01:45:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-12-19 01:45:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-19 01:45:01 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-19 01:45:00 1013248 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-12-19 01:43:10 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-12-19 01:43:10 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-12-19 01:43:10 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-12-19 01:43:10 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-12-18 21:19:24 -------- d-----w- C:\Users\Brian\AppData\Local\{2B929096-C597-4558-BD70-BDE9B1481A50}
2011-12-18 19:02:04 -------- d-----w- C:\Users\Brian\AppData\Local\{171FDA0A-96D9-4889-8E04-12990CDA81F4}
2011-12-18 15:01:54 -------- d-----w- C:\Users\Brian\AppData\Local\{114C2693-6C2B-45AA-86DA-AB0E607DB0F2}
2011-12-18 01:47:10 -------- d-----w- C:\Users\Brian\AppData\Local\{61027C6A-5F76-46A1-8B21-1BE0862A2541}
2011-12-17 18:07:36 115712 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-12-17 14:55:48 -------- d-----w- C:\Users\Brian\AppData\Local\{B00317C2-9A96-4944-9C32-7D8C4C0FAEAD}
2011-12-17 14:43:23 -------- d-----w- C:\Users\Brian\AppData\Local\{D9D6C1A9-A143-4F66-9358-C394FFBBF8BB}
2011-12-17 14:18:55 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-12-17 14:18:55 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-12-17 14:18:55 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-17 14:18:54 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-12-17 14:18:54 814040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-12-17 14:18:54 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-12-17 14:18:54 2124760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-12-17 14:18:54 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-12-17 13:26:48 -------- d-----w- C:\Users\Brian\AppData\Local\{8F77286C-F4EF-44D0-8B0D-1EF32DDC4436}
2011-12-17 05:40:38 -------- d-----w- C:\Users\Brian\AppData\Local\{29F3492F-83DD-40E6-8E37-2A18A36DBD5A}
2011-12-16 00:33:38 -------- d-----w- C:\Users\Brian\AppData\Local\{EE621C8A-7869-4A69-8098-6B0BE8F035F0}
2011-12-14 23:46:35 -------- d-----w- C:\Users\Brian\AppData\Local\{B5511260-4D64-4EFE-BE23-E3CF344AFF2E}
2011-12-14 04:10:23 -------- d-----w- C:\Users\Brian\AppData\Local\{9B3289EB-B654-4EA0-8FC1-E98F4BFB8464}
2011-12-12 23:21:38 -------- d-----w- C:\Users\Brian\AppData\Local\{47365A9A-F5F6-4DBE-B8CA-D49B830CC84F}
2011-12-11 05:02:52 -------- d-----w- C:\Users\Brian\AppData\Local\{EB6E08F8-B728-4E55-AB26-7A706219D863}
2011-12-10 15:07:51 -------- d-----w- C:\Users\Brian\AppData\Local\{A9DE6F97-0504-43A4-AC3F-6C08DBF059CD}
2011-12-09 15:48:16 -------- d-----w- C:\Users\Brian\AppData\Local\{6871A0C2-7CF5-497C-82A5-60744AE1BCE1}
2011-12-09 00:59:38 -------- d-----w- C:\Users\Brian\AppData\Local\{88937DC2-3EAA-4104-8B69-CCF9C736BF18}
2011-12-07 23:31:32 -------- d-----w- C:\Users\Brian\AppData\Local\{B0F52AC8-FCA4-482C-BE91-E60ABD4F391B}
2011-12-07 04:26:35 -------- d-----w- C:\Users\Brian\AppData\Local\{3D691AAA-82EE-427D-BD84-5C1ACCCD2767}
2011-12-05 23:39:56 -------- d-----w- C:\Users\Brian\AppData\Local\{C39335D9-84EE-483D-97AF-A2DC26B6CFFF}
2011-12-03 14:58:43 -------- d-----w- C:\Users\Brian\AppData\Local\{2C164740-84CE-4CB6-8373-6BF9504B66D7}
2011-12-03 14:36:50 -------- d-----w- C:\Users\Brian\AppData\Local\{29086474-E78B-4486-9BDF-4DCBCB08914F}
2011-12-02 04:00:44 -------- d-----w- C:\Users\Brian\AppData\Local\{25376C85-FB6D-4584-88C4-1B6AA0D9BDFA}
2011-12-01 16:23:08 -------- d-----w- C:\Users\Brian\AppData\Local\{CFE4861A-27F9-49CE-A198-1438B34AE5E2}
2011-12-01 01:16:50 -------- d-----w- C:\Users\Brian\AppData\Local\{9B3E72D0-D94C-4EC3-8165-B6802ABCCE56}
2011-11-30 10:10:06 -------- d-----w- C:\Users\Brian\AppData\Local\{1B91010A-0C78-4051-91C8-5C80A08CF3AC}
2011-11-29 01:21:49 -------- d-----w- C:\Users\Brian\AppData\Local\{55EB4050-BB4D-48A6-BC7D-8C4895059E95}
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 15:40:47.53 ===============
I forgot to mention that I am having problems with adobe. I have Adobe reader 9.4.5 and canot update or remove because it says there is already a instalation in progress.
-
hi photographer,
If you still need help:
1) Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result."
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
2) Please download the free version of Malwarebytes to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
-
Things are worse
Yes I am still having issues, as a matter of fact it will not boot. I get the HP splash screen then the screen from bios showing hard drives then all I have is a blinking cursor. I was talking to a buddy of mine and he had me get the Hirens boot cd and try booting with that. I did boot into mini xp and then accidently booted to hard drive and it did. I did run malware bytes and it did find 11 trojans. In telling him the problems he thinks it is Win7 antispyware 2012 that I got. I will run TDSS killer and see what happens. Thank you for response.
-
Ran TDSS Killer
It found a file Rootkit.boot.Pihar.b, location Physical drive:\Device\harddisk0\DR0. It is described as malware object, high risk. I try to "cure" it, but I get message "Can't cure MBR. Write standard boot code?". At this point I can chose yes or no and I chose no as I do not know what yes will do. Looking for more guidance.
-
Could be because you have a custom MBR. Is the machine a commercially purchased computer like HP, Acer Dell etc. Sure it dosnt say non-standard boot code.
-
Mbr
Yes it is an HP. No it does say standard boot code.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
