smitfraud-c.generic

[diane7]

This is my parents pc, they are in their 80s, the computer is their lifeline. I am not that savvy with tech stuff so please bear with me . Hope you can help as I am a bit unsure of what I am doing. I ran a check with spybot and found that smitfraud-c.genric but I can tell you this computer is a mess. It is barely running. Norton was of no help and they even came in but just ended up giving us a case number. When they ran the norton tool it showed no problems.


I have the attached.txt but it is not allowing me to compress it. Please advise. Thanks so much in advance for your time.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_32
Run by member at 19:22:30 on 2013-02-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5110.2277 [GMT -8:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\MICROS~2\OFFICE11\OUTLOOK.EXE
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uLocal Page = www.google.com
uSearch Bar = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files (x86)\eGames\egamestoolbar.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\member\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
TB: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\Program Files (x86)\eGames\egamestoolbar.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\member\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\CoIEPlg.dll
uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29R210JY05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
StartupFolder: C:\Users\member\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Windows\Speech\ERUNTcorrectone\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{EA537523-3F90-44BF-960A-440561B31138} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\member\AppData\Roaming\Mozilla\Firefox\Profiles\p8ye63aw.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=16148
FF - prefs.js: keyword.URL - hxxp://urlseek10.vmn.net/search.php?type=dns&tbn=egames3_1dn&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-25 15:20; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
FF - ExtSQL: 2013-02-25 18:43; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2013-2-22 95392]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1401010.002\SymDS64.sys [2013-2-22 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1401010.002\SymEFA64.sys [2013-2-22 1132192]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-8 1388120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1401010.002\ccSetx64.sys [2013-2-22 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130223.001\IDSviA64.sys [2013-2-25 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1401010.002\Ironx64.sys [2013-2-22 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1401010.002\symnets.sys [2013-2-22 432800]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-5-6 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-5-6 55296]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-17 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [2013-2-22 143928]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2012-5-6 291352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-23 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-9 233472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-4-5 91304]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2010-5-16 446976]
S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]
.
=============== Created Last 30 ================
.
2013-02-23 04:16:04 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2013-02-23 02:57:45 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-02-23 02:57:45 -------- d-----w- C:\Program Files\Symantec
2013-02-23 02:57:45 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-02-23 02:57:18 776352 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\srtsp64.sys
2013-02-23 02:57:18 493216 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymDS64.sys
2013-02-23 02:57:18 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\symnets.sys
2013-02-23 02:57:18 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\srtspx64.sys
2013-02-23 02:57:18 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymELAM.sys
2013-02-23 02:57:18 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\Ironx64.sys
2013-02-23 02:57:18 168096 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\ccSetx64.sys
2013-02-23 02:57:18 1132192 ----a-r- C:\Windows\System32\drivers\N360x64\1401010.002\SymEFA64.sys
2013-02-23 02:56:54 -------- d-----w- C:\Windows\System32\drivers\N360x64\1401010.002
2013-02-23 02:56:52 -------- d-----w- C:\Program Files (x86)\Norton 360
2013-02-23 02:56:46 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2013-02-23 01:46:47 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS
2013-02-23 01:30:54 20480 ----a-w- C:\Windows\svchost.exe
2013-02-21 05:58:12 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2E27.tmp
2013-02-21 05:58:12 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2E17.tmp
2013-02-14 08:03:20 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:03:20 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 06:54:00 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-14 06:53:59 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-14 06:53:59 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-14 06:53:56 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-14 06:53:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-14 06:53:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-14 06:53:54 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-14 06:53:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-14 06:53:54 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-14 06:53:54 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-14 06:53:52 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-14 06:53:52 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-02-17 08:16:02 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-17 08:16:02 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-02-04 18:18:40 689552 ----a-w- C:\Program Files (x86)\2pUninstall Coupon Alert.dll
2012-02-04 18:18:40 161720 ----a-w- C:\Program Files (x86)\2pres.dll
2011-03-19 22:50:01 684032 ----a-w- C:\Program Files (x86)\Uninstall Coupon Alert.dll
.
============= FINISH: 19:23:14.72 ===============

[JonTom]

Hello diane7 and

My name is JonTom

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

I am not that savvy with tech stuff so please bear with me

Thats no problem whatsoever. If there is anything you are not sure about just ask - its what I am here for

I can definitely see malware on this machine but before we begin any fixing I will need a little more information.

Please describe as best you can exactly what symptoms the machine is displaying. Is it just running slow? Are you being redirected when you connect to the net? Are there any error messages?

I have the attached.txt but it is not allowing me to compress it. Please advise.

There is no need to attach any logs, just post them directly into your replies like you did with the dds.txt log.

As well as reviewing the log you tried to attach, I would also like to see the reports from the following tools:

1. aswMBR
   
   
   
   • Download aswMBR.exe to your desktop.
   • Double click the aswMBR.exe to run it.
   • When asked if you want to download Avast's virus definitions please select Yes.
   • Click the "Scan" button to start scan.
   
   
   
   
   
   • On completion of the scan click save log, save it to your desktop and post in your next reply.
   
   
   
   
   
   The following tool may give you the option of deleting/curing anything that is detected. At this time please DO NOT allow the machine to cure or remove anything (I would like to review the report first before we do anything).
   
   
2. TDSS Killer
   
   
   
   • Please read carefully and follow these steps.
   • Download TDSSKiller and save it to your Desktop.
   • Extract its contents to your desktop.
   • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
   • When the window opens, click on Change Parameters.
   • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
   • Click on Start Scan.
   • If an infected file is detected, the default action will be Cure, click on SKIP.
   • If a suspicious file is detected, the default action will be Skip, click on Continue.
   • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
   • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
   
   
   Please describe the machines main symptoms and post the DDS attach.txt log, the aswMBR log and the TDSSKiller log in your next reply. If you need to make more than one post to fit all of the information in go right ahead.
   
   If you encounter any difficulties just come back here and let me know
   

[diane7]

Thank you Jon Tom for your assistance and patience. The computer has toolbars and unwanted stuff that just start downloading things like shopathome junk while I was preparing the logs for you. I knew this because Norton would present the stuff as safe. It is slow beyond belief and the font on one of the user accounts that my mom uses is completely gone or messed up to the point I cant even get any settings to change. Per your request here is the other log:

THANK YOU!!!!!
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2009 11:32:52 AM
System Uptime: 2/26/2013 1:00:52 PM (6 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 394.539 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.167 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626476&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP494: 2/12/2013 2:09:04 PM - Scheduled Checkpoint
RP495: 2/14/2013 12:01:17 AM - Windows Update
RP496: 2/14/2013 4:03:10 PM - Installed TurboTax 2012 wcaiper
RP497: 2/15/2013 11:59:15 PM - Norton 360 Registry Clean
RP498: 2/23/2013 3:18:11 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
3Dice Casino
Acrobat.com
Activate Norton Online Backup
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Bejeweled 2 Deluxe
Bejeweled 3
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Best of Slots II
Big Fish Games: Game Manager
CCleaner
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
eGames GameButler
eGames Toolbar
ERUNT 1.1j
Facebook Video Calling 1.2.0.159
FreeCell Wonderland
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hallmark Card Studio 2
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.2.1.1
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Officejet 4620 series Basic Device Software
HP Officejet 4620 series Help
HP Officejet 4620 series Product Improvement Study
HP Photo Creations
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Internet Explorer (Enable DEP)
iSEEK AnswerWorks English Runtime
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 32
LabelPrint
LightScribe System Software
Mahjong Escape (TM) - Ancient Japan
Mahjong Escape: Ancient China 1.0.0.5
Mahjongg Dimensions
Mahjongg Dimensions Deluxe (tb) (remove only)
Mahjongg Master Egyptian Edition
Masque Slots
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v3 wireless USB 2.0 adapter
Norton 360
Pando Media Booster
PC Matic 1.1.0.36
PictureMover
Playalot Games
Power2Go
PowerDirector
PowerRecover
Quicken 2001 Deluxe
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
ShopAtHome.com Helper
ShopAtHome.com Toolbar
Sierra Utilities
Skype Click to Call
Skype™ 5.10
Slots from Bally Gaming
SnapShot
Solitaire Master 4
Spybot - Search & Destroy
System Checkup 3.1
System Requirements Lab for Intel
The Weather Channel Desktop 6
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Video Mover
Web Publishing Wizard
.
==== Event Viewer Messages From Past Week ========
.
2/26/2013 12:02:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca626b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022613-33290-01.
2/26/2013 1:01:17 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: This driver has been blocked from loading
2/26/2013 1:01:17 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\mrtRate.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/25/2013 11:58:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8007814bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022513-48703-01.
2/24/2013 10:32:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cfee45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022413-46956-01.
2/24/2013 10:30:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
2/24/2013 10:30:26 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/24/2013 10:29:39 PM, Error: Service Control Manager [7022] - The Intuit Update Service v4 service hung on starting.
2/23/2013 3:06:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cf6e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022313-19936-01.
2/22/2013 7:30:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000600dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cbee45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-21980-01.
2/22/2013 7:24:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:18:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/22/2013 7:16:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
2/22/2013 7:16:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:16:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:16:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:16:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:16:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:16:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:16:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:16:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:16:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:16:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/22/2013 7:16:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8007843bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-25131-01.
2/22/2013 7:11:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2013 7:11:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/22/2013 7:11:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/22/2013 7:11:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/22/2013 7:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/22/2013 7:10:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
2/22/2013 7:10:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000002000027ef, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cf3e45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-25225-01.
2/22/2013 7:04:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800796abb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-26020-01.
2/22/2013 6:55:54 PM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
2/22/2013 6:54:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/22/2013 6:54:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/22/2013 6:54:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/22/2013 6:52:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d0de45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-28126-01.
2/22/2013 6:46:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f8ccda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-32479-01.
2/22/2013 6:02:45 PM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/22/2013 5:31:14 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/22/2013 5:31:14 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
2/22/2013 4:56:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/22/2013 4:55:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
2/22/2013 4:44:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fbacda, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-50294-01.
2/22/2013 4:31:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80001f0ce45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-79841-01.
2/21/2013 12:07:25 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80078b2bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022113-19375-01.
2/21/2013 1:21:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c8f1c8, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022113-22339-01.
2/21/2013 1:17:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000401cd010c, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cefe45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022113-23212-01.
2/20/2013 10:07:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca226b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022013-19141-01.
2/20/2013 10:02:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80078c4bb0, 0x0000000000000000, 0x000000007ef88000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022013-18033-01.
.
==== End Of File ===========================


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-26 19:56:27
-----------------------------
19:56:27.627 OS Version: Windows x64 6.1.7601 Service Pack 1
19:56:27.627 Number of processors: 2 586 0x170A
19:56:27.628 ComputerName: MEMBER-PC UserName: member
19:56:31.016 Initialize success
20:21:37.789 AVAST engine defs: 13022601
20:23:42.482 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:23:42.486 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 8
20:23:42.491 Device \Driver\iaStor -> MajorFunction fffffa80078715e8
20:23:42.495 Disk 0 MBR read successfully
20:23:42.500 Disk 0 MBR scan
20:23:42.507 Disk 0 unknown MBR code
20:23:42.513 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:23:42.530 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464654 MB offset 206848
20:23:42.562 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12184 MB offset 951818240
20:23:42.601 Disk 0 scanning C:\Windows\system32\drivers
20:23:51.274 Service scanning
20:24:12.243 Modules scanning
20:24:12.256 Disk 0 trace - called modules:
20:24:12.263 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80078715e8]<<
20:24:12.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052fd530]
20:24:12.278 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fe7050]
20:24:12.284 \Driver\iaStor[0xfffffa80077dfb70] -> IRP_MJ_CREATE -> 0xfffffa80078715e8
20:24:14.621 AVAST engine scan C:\Windows
20:24:17.192 AVAST engine scan C:\Windows\system32
20:27:34.618 AVAST engine scan C:\Windows\system32\drivers
20:27:56.069 AVAST engine scan C:\Users\member
20:29:53.361 File: C:\Users\member\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@arcadeweb.com\components\arcadewebfirefox.dll **INFECTED** Win32:Adware-gen [Adw]
20:30:13.153 AVAST engine scan C:\ProgramData
20:31:13.751 File: C:\ProgramData\Microsoft\Windows\DRM\2E17.tmp **INFECTED** Win32:Malware-gen
20:31:13.803 File: C:\ProgramData\Microsoft\Windows\DRM\2E27.tmp **INFECTED** Win32:Malware-gen
20:33:56.627 Scan finished successfully
20:34:30.411 Disk 0 MBR has been saved successfully to "C:\Users\member\Documents\MBR.dat"
20:34:30.420 The log file has been saved successfully to "C:\Users\member\Documents\aswMBR.txt"

[diane7]

Here is the last log you requested.

20:01:33.0859 2940 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:01:33.0984 2940 ============================================================
20:01:33.0984 2940 Current date / time: 2013/02/27 20:01:33.0984
20:01:33.0984 2940 SystemInfo:
20:01:33.0984 2940
20:01:33.0984 2940 OS Version: 6.1.7601 ServicePack: 1.0
20:01:33.0984 2940 Product type: Workstation
20:01:33.0984 2940 ComputerName: MEMBER-PC
20:01:33.0984 2940 UserName: member
20:01:33.0984 2940 Windows directory: C:\Windows
20:01:33.0984 2940 System windows directory: C:\Windows
20:01:33.0984 2940 Running under WOW64
20:01:33.0984 2940 Processor architecture: Intel x64
20:01:33.0984 2940 Number of processors: 2
20:01:33.0984 2940 Page size: 0x1000
20:01:33.0984 2940 Boot type: Normal boot
20:01:33.0984 2940 ============================================================
20:01:34.0967 2940 BG loaded
20:01:35.0731 2940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:01:35.0747 2940 ============================================================
20:01:35.0747 2940 \Device\Harddisk0\DR0:
20:01:35.0747 2940 MBR partitions:
20:01:35.0747 2940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:01:35.0747 2940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38B87000
20:01:35.0747 2940 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38BB9800, BlocksNum 0x17CC000
20:01:35.0747 2940 ============================================================
20:01:35.0778 2940 C: <-> \Device\Harddisk0\DR0\Partition2
20:01:36.0698 2940 D: <-> \Device\Harddisk0\DR0\Partition3
20:01:36.0698 2940 ============================================================
20:01:36.0698 2940 Initialize success
20:01:36.0698 2940 ============================================================

[JonTom]

Hello diane7

Thank you for the attach.txt and for aswMBR.

Was that all the TDSSKiller scan produced? It looks as though the log may have been cut off. Please re-check to see if there is any more of it to post in your next reply.

If there is'nt anything else there, just come back and let me know.

[diane7]

I believe there was more to it as well. As it was scanning Norton jumped in and quarantined something but as of now I dont see that report.

[JonTom]

Hello diane7

As it was scanning Norton jumped in and quarantined something but as of now I dont see that report.

Thats okay, just temporarily disable your Norton product and re-run the TDSSKiller scan as described.

Information about how to disable N360 can be found here

Once the scan has completed, save the log then re-engage Norton, then come back here and post the log for me to review.

If you run into any trouble just let me know

[diane7]

Im having a problem. I cant copy and paste as its way to big per your limits and wont allow it. I tried to upload it and I got the same result. Im sorry I need more direction as to how I can get this to you. Much appreciated, di

[JonTom]

Hello diane7

Im sorry I need more direction as to how I can get this to you.

No problem at all.

Simply copy and paste it piece by piece into multiple posts. If you need to make lots of posts thats fine.

If you need any further help just let me know

[diane7]

22:34:23.0181 6788 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:34:23.0714 6788 ============================================================
22:34:23.0714 6788 Current date / time: 2013/03/01 22:34:23.0714
22:34:23.0714 6788 SystemInfo:
22:34:23.0714 6788
22:34:23.0714 6788 OS Version: 6.1.7601 ServicePack: 1.0
22:34:23.0714 6788 Product type: Workstation
22:34:23.0714 6788 ComputerName: MEMBER-PC
22:34:23.0715 6788 UserName: member
22:34:23.0715 6788 Windows directory: C:\Windows
22:34:23.0715 6788 System windows directory: C:\Windows
22:34:23.0715 6788 Running under WOW64
22:34:23.0715 6788 Processor architecture: Intel x64
22:34:23.0715 6788 Number of processors: 2
22:34:23.0715 6788 Page size: 0x1000
22:34:23.0715 6788 Boot type: Normal boot
22:34:23.0715 6788 ============================================================
22:34:24.0090 6788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:34:24.0106 6788 ============================================================
22:34:24.0106 6788 \Device\Harddisk0\DR0:
22:34:24.0106 6788 MBR partitions:
22:34:24.0106 6788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:34:24.0106 6788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38B87000
22:34:24.0106 6788 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38BB9800, BlocksNum 0x17CC000
22:34:24.0106 6788 ============================================================
22:34:24.0135 6788 C: <-> \Device\Harddisk0\DR0\Partition2
22:34:24.0172 6788 D: <-> \Device\Harddisk0\DR0\Partition3
22:34:24.0172 6788 ============================================================
22:34:24.0172 6788 Initialize success
22:34:24.0172 6788 ============================================================
22:34:31.0320 5884 ============================================================
22:34:31.0320 5884 Scan started
22:34:31.0320 5884 Mode: Manual; TDLFS;
22:34:31.0320 5884 ============================================================
22:34:31.0511 5884 ================ Scan system memory ========================
22:34:31.0511 5884 System memory - ok
22:34:31.0512 5884 ================ Scan services =============================
22:34:31.0657 5884 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:34:31.0661 5884 1394ohci - ok
22:34:31.0677 5884 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:34:31.0682 5884 ACPI - ok
22:34:31.0708 5884 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:34:31.0710 5884 AcpiPmi - ok
22:34:31.0823 5884 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc