Nginx in IE9 - can't get rid of it

I have searched online and in these forums and tried everything I can think of.  I have Norton 360 version 6 and it does not seem to have protected me here.

 

  • Cleared cache
  • Reset IE
  • Used relevant MS Fix It utilities
  • Installed and ran Microsoft Security Essentials
  • Installed and ran Norton Power Eraser

I am really frustrated that I can't get rid of this.  

 

PLEASE HELP.


lhardenbrook wrote:

I have searched online and in these forums and tried everything I can think of.  I have Norton 360 version 6 and it does not seem to have protected me here.

 

  • Cleared cache
  • Reset IE
  • Used relevant MS Fix It utilities
  • Installed and ran Microsoft Security Essentials
  • Installed and ran Norton Power Eraser

I am really frustrated that I can't get rid of this.  

 

PLEASE HELP.


Welcome,

I'm not sure about the rest of it but you do have a conflict with MSE and 360 in the same system. Please delete MSE. You may have to reinstall 360 because the conflict may have corrupted it.

Does the problem only affect IE?

Keep us posted

RE: Conflict w/ MS Security / N360: I disabled Norton long enough to install and run the check per the MS and Norton boards recommendations re: this issue, then removed it.  I did all that in one day - yesterday.  I normally only run Norton 360.  

 

Yes, the problem only affects IE and only seems to affect Google.com. 

 

LH

 

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

 

Unfortunately, with the amount of threads means the waiting time is longer, Norton continually Blocking files won't hurt your system but is is just annoying, Please wait and be patient.   I am  trying to keep up, spending hours here to script and clean machines on a first come/first served basis. If you or someone adds to your thread It will be pushed back in line due to the new update.  I use the boards in reverse to what is seen

 

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

 

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

 

Please read carefully

 

1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)

 

Double click the aswMBR.exe icon to run itit will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.

 

Quads

Scan log is attached.

And thank you for your help thus far.

 

As a note, I don't recall installing the TrendMicro antivirus software it says is installed.  I will not remove that (or anthing else) until you provide instructions, but it IS weird, and I don't think I want it.  For the record, I am a pretty savvy computer user - I work in technology (though I am more an apps type than a programmer or hardware type) - and I am genuinely surprised to see software on here that I don't recall installing.

 

You can uninstall Trend Micro

 

You also did not follow the instructions, read carefully

 

Please read carefully

 

1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)

 

Double click the aswMBR.exe icon to run itit will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.

 

Quads

I feel pretty confident that I did follow your instructions - to the letter.  But clearly you fee I did not, so let me walk through the three possible points of error that I can identify. 

 

NOTE: I did go ahead and remove TrendMicro.

 

Possible Error 1: I ran the scan / prepared the log file incorrectly. 

I followed that process again, and even took screenshots at every step (in case you want me to post them somewhere for you to review to make sure I did not mess it up.

 

Possible Error 2: I uploaded the wrong file.

I did forget to note where it was dropping the log file the first time and had to click the Save Log button again to see where it put it (but then canceled w/o completing the scan), so on the off chance that messed up the file I uploaded, wrote down the name and location of the file this time when I ran it.  It seems I got the file right the first time, but have attached the new log file here. If the file does not look like you'd expect, see Possible Error 1 and you can request the screenshots of what I did.

 

Possible Error 3:  I attached the log file rather than pasted its contents.

This one gives me pause, because I did read carefully. A. Your instructions say "Please attach log in the post back...", and B there is an Attachments section for each post (with relevant attaching-type buttons and functions).  I reviewed other people's posts and most (though not all) DO paste, not attach, but a careful reading of the instructions would not help me reach the conclusion that was what I needed to do. I've done both - attached and pasted - as I am still not certain this was the error.  

 

NOTE: The log pasted and attached below does not reflect the step where the virus definitions from Avast are downloaded. That is because I ran two scans today - one before I remembered I could remove TrendMicro and one after.  I am assuming it did not ask me to download Avast definitions at the second scan because it had already done so in the first scan today. 

 

Laura

 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-07-26 10:49:04

-----------------------------

10:49:04.884    OS Version: Windows x64 6.1.7601 Service Pack 1

10:49:04.884    Number of processors: 8 586 0x2A07

10:49:04.886    ComputerName: MININT-O0MVTS8  UserName:

10:49:06.169    Initialize success

10:49:25.492    AVAST engine defs: 12072601

10:49:36.992    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:49:36.997    Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3

10:49:37.020    Disk 0 MBR read successfully

10:49:37.025    Disk 0 MBR scan

10:49:37.036    Disk 0 Windows 7 default MBR code

10:49:37.052    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       462937 MB offset 2048

10:49:37.098    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14001 MB offset 948097024

10:49:37.166    Disk 0 scanning C:\Windows\system32\drivers

10:49:52.330    Service scanning

10:50:25.888    Modules scanning

10:50:25.905    Disk 0 trace - called modules:

10:50:25.927    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll

10:50:25.937    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049d2790]

10:50:26.282    3 CLASSPNP.SYS[fffff88001da843f] -> nt!IofCallDriver -> [0xfffffa80048d6af0]

10:50:26.293    5 stdcfltn.sys[fffff88001cedc52] -> nt!IofCallDriver -> [0xfffffa800474a580]

10:50:26.304    7 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004751050]

10:50:27.419    AVAST engine scan C:\Windows

10:50:30.216    AVAST engine scan C:\Windows\system32

10:55:34.272    AVAST engine scan C:\Windows\system32\drivers

10:55:57.179    AVAST engine scan C:\Users\Laura's Red Vostro

11:06:04.471    AVAST engine scan C:\ProgramData

11:08:07.467    Scan finished successfully

11:15:13.902    Disk 0 MBR has been saved successfully to "C:\Users\Laura's Red Vostro\Desktop\MBR.dat"

11:15:13.915    The log file has been saved successfully to "C:\Users\Laura's Red Vostro\Desktop\aswMBR3.txt"

Thi is the difference

 

10:49:04.886    ComputerName: MININT-O0MVTS8  UserName:

10:49:06.169    Initialize success

10:49:25.492    AVAST engine defs: 12072601

10:49:36.992    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

 

 

Please read carefully Read all of this message first

 

Download Combofix http://www.bleepingcomputer.com/download/anti-virus/combofix


  • Ensure that Combofix is saved directly to the Desktop <--- Very important  (Not in the download(s) or Temp folders)

  • Disable all security programs as they will have a negative effect on Combofix, Disabled for say 1 hour or more.
  • Close any open browsers and any other programs you might have running

Doiwnload the attached CFscript.txt, , For some browsers Right Click the attachment on the forum and select "Save AS" or similar to Download it. See screenshot below.

 

Right Click download.jpg

 

Now  drag the CFScript.txt into the ComboFix.exe  

 


  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Quads

Thank you!

 

1. Changed the Chrome dowload location to the desktop.

2. Downloaded Combofix to desktop.

3. Diabled Norton for 5 hours

4. Closed all programs but Chrome browser w/ Norton boards page.

5. Downloaded CFscript.txt to desktop.

6. Am shutting down Chrom window on this machine and starting scan.  Will post results when scan is complete. 

I realize that you said to close all programs before downloading CFscript.txt, but I could not see how to do that unless I downloaded on another machine and brought it over via USB.  I assume that this step being out of order is okay.  

 

Laura

The scan completed.  The log file is attached. 

As a note, I accidentally launched IE to post this instead of Chrome, and the Welcome to Nginx! message is still there. 

 

Laura

ComboFix 12-07-27.03 - Laura's Red Vostro 07/27/2012   9:17.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3990.2243 [GMT -5:00]

Running from: c:\users\Laura's Red Vostro\Desktop\ComboFix.exe

Command switches used :: c:\users\Laura's Red Vostro\Desktop\CFscript.txt

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Laura's Red Vostro\AppData\Local\assembly\tmp

c:\users\Laura's Red Vostro\Documents\~WRL0003.tmp

c:\users\Laura's Red Vostro\Documents\~WRL0746.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2012-06-27 to 2012-07-27  )))))))))))))))))))))))))))))))

.

.

2012-07-27 13:34 . 2012-07-16 07:40         9133488                ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF498817-6704-43B7-BA9D-F7E19C67D633}\mpengine.dll

2012-07-24 01:33 . 2012-07-24 02:06         --------   d-----w-                c:\users\Laura's Red Vostro\AppData\Local\NPE

2012-07-23 14:27 . 2012-07-23 14:27         --------   d-----w-                c:\program files (x86)\Microsoft Silverlight

2012-07-12 12:58 . 2012-06-12 03:08         3148800                ----a-w-                c:\windows\system32\win32k.sys

2012-07-05 17:39 . 2012-07-05 17:39         --------   d-----w-                c:\users\Laura's Red Vostro\AppData\Local\My Games

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-13 19:48 . 2012-05-15 17:19         426184  ----a-w-                c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-13 19:48 . 2011-10-06 21:14         70344    ----a-w-                c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-19 12:54         38424    ----a-w-                c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 12:54         2428952                ----a-w-                c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 12:54         57880    ----a-w-                c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 12:54         44056    ----a-w-                c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 12:54         701976  ----a-w-                c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 12:54         2622464                ----a-w-                c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 12:54         99840    ----a-w-                c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-19 12:53         186752  ----a-w-                c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-19 12:53         36864    ----a-w-                c:\windows\system32\wuapp.exe

2012-05-31 17:25 . 2010-11-21 03:27         279656  ------w- c:\windows\system32\MpSigStub.exe

2012-05-24 18:15 . 2011-10-21 18:38         175736  ----a-w-                c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-05-19 12:40 . 2012-05-19 12:40         163048  ----a-w-                c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-04 11:06 . 2012-06-13 13:05         5559664                ----a-w-                c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 13:05         3968368                ----a-w-                c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 13:05         3913072                ----a-w-                c:\windows\SysWow64\ntoskrnl.exe

2012-05-03 13:46 . 2012-05-03 13:46         255352  ----a-w-                c:\windows\SysWow64\awrdscdc.ax

2012-05-01 05:40 . 2012-06-13 13:05         209920  ----a-w-                c:\windows\system32\profsvc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]

2011-12-22 21:17              262312  ----a-w-                c:\program files (x86)\blekkotb\auxi\blekkoAu.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

2011-12-22 21:16              86696    ----a-w-                c:\program files (x86)\blekkotb\blekkoDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2011-12-22 86696]

.

[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12              94208    ----a-w-                c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12              94208    ----a-w-                c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12              94208    ----a-w-                c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-10-06 1242448]

"CDSBupd.exe"="c:\program files (x86)\ConceptDraw Office 2\Solution Browser\CDSBupd.exe" [2011-09-22 3003936]

"Akamai NetSession Interface"="c:\users\Laura's Red Vostro\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-12-21 206504]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\users\Laura's Red Vostro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages     REG_MULTI_SZ                DPPassFilter scecli

Security Packages            REG_MULTI_SZ                kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 136176]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-07-27 158976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-07 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-19 25960]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120726.001\IDSvia64.sys [2012-06-14 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-10-07 3137840]

 

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-17 138912]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ                Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:48]

.

2012-07-18 c:\windows\Tasks\DriverNavigator Scheduled Scan.job

- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-10-18 17:03]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:59]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:59]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571060193-4280248208-4055258757-1003Core.job

- c:\users\Laura's Red Vostro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 01:28]

.

2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-571060193-4280248208-4055258757-1003UA.job

- c:\users\Laura's Red Vostro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 01:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12              97792    ----a-w-                c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12              97792    ----a-w-                c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12              97792    ----a-w-                c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12              97792    ----a-w-                c:\users\Laura's Red Vostro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-04-09 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 66.39.194.4 66.28.0.45

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]

"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe

.

**************************************************************************

.

Completion time: 2012-07-27  10:50:18 - machine was rebooted

ComboFix-quarantined-files.txt  2012-07-27 15:50

.

Pre-Run: 262,946,631,680 bytes free

Post-Run: 262,986,727,424 bytes free

.

- - End Of File - - C37B73679EA88818AD14CEA550274594

I am finished with this thread (system).

 

Quads

The issue is not resolved.  Do I need to consult someone else?


lhardenbrook wrote:

The issue is not resolved.  Do I need to consult someone else?


If Quads has said he is finished then you will have to look eslewhere for assistance.

Here are some possibilities

 

http://www.bleepingcomputer.com
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/

 

Good luck

It's what you are doing, so I am finished.

 

Quads

Quads-I am confused-are you dropping thread because user did not follow ur instructions or because you have reached limit of ur technical ability to provide solution? Tks

It is obviously because of failure to follow instructions, several times.

No, this is easier to deal with than the likes of Max++, maxSS, Pihar etc.  it does not come close.

 

Quads