Over 1 million tech questions and answers.

Infected MBR - Norton power eraser says rikvm_C6F09094.sys is a bad file but the file remains and never gets fixed

Q: Infected MBR - Norton power eraser says rikvm_C6F09094.sys is a bad file but the file remains and never gets fixed

Please review steps already taken here:

http://www.bleepingcomputer.com/forums/topic435318.html/page__gopid__2531767#entry2531767

DDS results:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by HP at 23:13:02 on 2011-12-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5429 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\ProgramData\bProtector\bProtect.exe
C:\ProgramData\bProtector\bProtect.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\lxcrcoms.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732} : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\35F6C6F66756C697 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\568747562796F62736C65616E696E67637F6C6574796F6E637 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\C696E6B637973723030303D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: protector.dll
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
BHO-X64: SpecialSavings - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO-X64: File2LinkIB - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB-X64: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun-x64: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: protector.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\57ofjqp1.default\
FF - prefs.js: browser.search.selectedengine - yahoo
FF - prefs.js: keyword.url - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSviA64.sys [2011-12-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-12 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 bProtector;bProtector;C:\ProgramData\bProtector\bProtect.exe [2011-12-30 803328]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-12 13336]
R2 InstallBrainService;InstallBrain Updater Service;C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe [2011-12-30 273912]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-31 652872]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-10-6 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-12 2655768]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/07/12 10:57:26;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-7-12 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-31 06:29:08 -------- d-----w- C:\Users\HP\AppData\Roaming\Malwarebytes
2011-12-31 06:29:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-31 06:28:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-31 06:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-31 06:15:23 -------- d-----w- C:\Windows\SysWow64\Extensions
2011-12-30 06:57:17 748544 ----a-w- C:\Windows\SysWow64\protector.dll
2011-12-30 06:57:17 -------- d-----w- C:\ProgramData\bProtector
2011-12-30 06:57:02 -------- d-----w- C:\Program Files (x86)\file2linkib
2011-12-30 06:56:59 -------- d-----w- C:\Users\HP\AppData\Roaming\PerformerSoft
2011-12-30 06:56:57 19000 ----a-w- C:\Windows\System32\roboot64.exe
2011-12-30 06:56:53 -------- d-----w- C:\Program Files (x86)\SpecialSavings
2011-12-30 06:56:52 -------- d-----w- C:\Program Files (x86)\InstallBrainService
2011-12-30 06:42:15 89088 ----a-w- C:\mbr.exe
2011-12-30 06:26:44 -------- d-----w- C:\Program Files (x86)\Unlocker
2011-12-30 06:19:41 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-30 06:19:41 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-30 06:19:41 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-30 06:19:41 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-29 17:03:53 -------- d-----w- C:\Users\HP\AppData\Roaming\Visan
2011-12-29 17:03:53 -------- d-----w- C:\ProgramData\Visan
2011-12-29 05:25:53 -------- d-----w- C:\Users\HP\AppData\Local\{081ADEB0-0F7F-434C-96DA-63C861595D78}
2011-12-28 20:13:28 -------- d-----w- C:\Users\HP\AppData\Local\{D3F5FA03-0B95-4FB1-8904-EF193334CDDC}
2011-12-28 17:49:00 -------- d-----w- C:\Users\HP\AppData\Local\{2CD1F520-531A-466F-9CB7-82BF0B29BB6E}
2011-12-28 06:25:12 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-28 06:24:30 -------- d-----w- C:\Program Files\ATI Technologies
2011-12-28 06:22:34 -------- d-----w- C:\ATI
2011-12-24 04:32:00 -------- d-----w- C:\Users\HP\AppData\Local\IsolatedStorage
2011-12-20 07:23:42 -------- d-----w- C:\Users\HP\AppData\Local\{8C755118-96A5-4230-9BDA-9323A224B252}
2011-12-19 05:40:00 -------- d-----w- C:\Users\HP\AppData\Local\{FFDA8ACF-612B-4457-946C-45B0C67AC99E}
2011-12-17 20:10:11 -------- d-----w- C:\Users\HP\AppData\Local\{EE3921A3-8DFF-46A7-9898-23D4DB09F296}
2011-12-17 10:51:40 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2011-12-17 10:51:40 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-12-17 10:51:40 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-12-14 07:38:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 07:38:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-14 07:36:50 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 07:36:46 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 07:36:44 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:36:38 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 07:36:23 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-12-14 07:36:18 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-12-13 21:31:39 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-13 21:24:45 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-13 21:24:43 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-13 21:24:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-13 21:23:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-13 21:23:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-08 11:16:03 -------- d-----w- C:\Users\HP\AppData\Roaming\COWON
2011-12-08 11:10:28 -------- d-----w- C:\Program Files (x86)\JetAudio
2011-12-08 11:10:28 -------- d-----w- C:\Program Files (x86)\Common Files\COWON
2011-12-08 09:28:36 -------- d-----w- C:\Users\HP\AppData\Local\{F727249E-46C2-49CF-A1A7-CD5C879B4485}
2011-12-07 08:38:03 -------- d-----w- C:\ProgramData\YouTube Downloader
2011-12-07 08:37:57 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-12-06 07:53:29 -------- d-----w- C:\Users\HP\AppData\Local\NPE
2011-12-06 06:19:09 -------- d-----w- C:\Users\HP\AppData\Local\{1BC9D4B9-C96B-4CD0-9D67-159F6EBED923}
.
==================== Find3M ====================
.
2011-12-30 15:51:11 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-29 16:52:46 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-29 07:45:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll
2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-11-10 03:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-11-10 03:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-10-22 01:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-10-22 01:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
2011-10-22 01:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-10-22 01:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-10-17 17:40:50 93712 ---ha-w- C:\Windows\System32\drivers\AtihdW76.sys
2011-10-15 07:06:18 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-15 07:06:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-08 23:34:19 8593920 ---ha-w- C:\Windows\System32\drivers\NETwNs64.sys
2011-10-08 23:34:18 799232 ----a-w- C:\Windows\System32\NETwNc64.dll
2011-10-08 23:34:18 2750464 ----a-w- C:\Windows\System32\NETwNr64.dll
2011-10-06 19:51:04 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-10-06 18:03:03 51496 ---ha-w- C:\Windows\System32\drivers\stflt.sys
.
============= FINISH: 23:14:39.89 ===============
Running 64bit Windows so no Gmer log

RELEVANCY SCORE 200
Preferred Solution: Infected MBR - Norton power eraser says rikvm_C6F09094.sys is a bad file but the file remains and never gets fixed

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected MBR - Norton power eraser says rikvm_C6F09094.sys is a bad file but the file remains and never gets fixed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stopPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

Read other 21 answers
RELEVANCY SCORE 120

The following file keeps coming up as bad when I scan with Norton Power Eraser:

C:\windows\system32\drivers\rikvm_C6F09094.sys

Have asked various companies if this file is one of theirs and they say no but also suggest it's not a bad file. Have no idea where this file came from and my computer continues to have difficulty. Difficulty such as not being able to play my computer games. Computers slows and my computer is no slouch. Have completed a complete recovery and file is still there. Mind you, I completed Norton Power Eraser after installing printer and a few programs. However, I noticed a thread started on this very issue which is now locked and wanted help as well. I have been scanning my computer with Norton 360, Spy Doctor and I've scanned it once with AVG and it comes up clean. Please help and I would be interested in how my fellow member here resolves this very issue.

A:C:\windows\system32\drivers\rikvm_C6F09094.sys keeps showing when using norton power eraser

Welcome aboard Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.NOTE. Make sure to reverse the above changes, when done with this step.Upload following files to http://www.virustotal.com/ for security check:- C:\windows\system32\drivers\rikvm_C6F09094.sys IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.Post scan results.

Read other 7 answers
RELEVANCY SCORE 94

Hello, Samuel Here ( SamySam )

Well my computer used to have a Backdoor.ngr and used to redirect me from certain sites
i got rid of those and I thought my computer was not clean yet, so i had a go at Norton power eraser
it told me that Explorer.exe was infected and said that NPE (Norton power eraser) could not repair this file
a few hours later I came across 38 files all named after running programs + recently unistalled programs
,they all had it in there file name and after it had a "- crack" WTH?

Example:

Adobe - crack.exe
internet explorer - crack.exe
Steam - crack.exe

The logos for all these weird files was the logo for Combat Arms ( a Shooting game )

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
||||||||||||||||||||||||||||||||||||||>\
GMER Will NOT let me deselect IAT/EAT|>+---->
||||||||||||||||||||||||||||||||||||||>/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Symptoms:
on start-up I get a error saying "the program failed to start error code blah blah" I cant remember the code because the error disappears
but it goes along the lines of 0x0006 not sure of the rest.

Explorer.exe using at least 75,000-120,000 in task manager

Slow start-up times

those weird "- crack" files a reappearing after deleting And emptying the recycle Bin

Had a W32.Shadesrat that norton "supposedly" removed
DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Samuel at 20:43:56 on 2012-06-16
Microsoft ... Read more

A:Norton Power Eraser says explorer.exe is infected

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 65 answers
RELEVANCY SCORE 92.8

Hello there,
I've experienced some problems with Norton Power Eraser and just wanted to know if anybody does have another idea of what I could try. Hope this is the right subforum for this, but as I'm not quite sure what exactly causes the problem I suppose its accurate to post here.
Here's the scenario: I can run NPE on my pc without problems, a normal scan (including rootkits) works just fine, scanning all partitions except C (the windows one) works fine as well, but whenever I try to scan C I get the error message "Norton Power Eraser has successfully restored internet connection. Hosts file and NPE proxy settings may have been modified."
Now thats not a new issue and it has been dealt with in the Norton support forum in some threads but the soultions offered there didn't work for me. First I tried running NPE in safemode without any changes. Then I turned off my routers firewall as suggested in this thread: https://community.norton.com/t5/Other-Norton-Products/Norton-Power-Eraser-Has-Successfully-Restored-...
I've got a Fritzbox 7170 by AVM so its not precisely possible to "turn off" the firewall. However, a quick google search showed that this is equivalent to labelling the computer as "exposted host" with this router as it will basically open all ports for that pc. So I did that but again NPE was unable to complete a scan on the windows partition (safe mode didn't work as well).
After that I even reinstalled my windows and formated the whole hard drive but agian NPE was... Read more

A:Norton Power Eraser problem - possibly infected?

Are you using Norton Power Eraser for malware disinfection?Norton Power Eraser is specially designed to detect and eliminate malware threats using aggressive methods.If not, be aware that not many members here use Norton (Symantec) products. If no one replies with any suggestions, you may want to contact ...* Norton (Symantec) Live Chat Support* Norton (Symantec) Phone Support* Norton (Symantec) Product Support* Norton Community Users Discussion Forum

Read other 4 answers
RELEVANCY SCORE 85.6

Norton Antivirus found rikvm_C6F09094.sys infected. I downloaded Norton Power Eraser that wanted to remove the program. I saw that it was a registry program and did not remove it, but do not know how to fix the potential threat in my registry. Please help.

A:Norton Antivirus found rikvm_C6F09094.sys infected

NOw I run Norton after a reboot and get nothing

Read other 6 answers
RELEVANCY SCORE 79.6

Here is the link to my previous posts that have brought me hereThe first MBR.exe failed to run properly here is the log.-Copied from file: "mbr.log"Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 6.1.7601 device: opened successfullyuser: error reading MBR error: Read The handle is invalid.kernel: error reading MBR -End-Then I was instructed to run MBRCheck.exe instead and here are the results.-Copied from file "MBRCheck_09.09.11_23.49.45.txt"MBRCheck, version 1.2.3? 2010, ADCommand-line: Windows Version: Windows 7 Home Premium EditionWindows Information: Service Pack 1 (build 7601), 64-bitBase Board Manufacturer: Hewlett-PackardBIOS Manufacturer: Hewlett-PackardSystem Manufacturer: Hewlett-PackardSystem Product Name: HP Pavilion dv7 Notebook PCLogical Drives Mask: 0x0000003cKernel Drivers (total 182):0x02E12000 \SystemRoot\system32\ntoskrnl.exe0x033FB000 \SystemRoot\system32\hal.dll0x00BAB000 \SystemRoot\system32\kdcom.dll0x00C58000 \SystemRoot\system32\mcupdate_GenuineIntel.dll0x00CA7000 \SystemRoot\system32\PSHED.dll0x00CBB000 \SystemRoot\system32\CLFS.SYS0x00D19000 \SystemRoot\system32\CI.dll0x00DD9000 \SystemRoot\System32\drivers\SMR210.SYS0x00C00000 \SystemRoot\System32\drivers\FLTMGR.SYS0x00E51000 \SystemRoot\system32\drivers\Wdf01000.sys... Read more

A:Infection in my MBR, File: rikvm_C6F09094.sys

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Nothing suspicious was found on your DDS log.We can check further.Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and ... Read more

Read other 7 answers
RELEVANCY SCORE 78.8

Norton Power Eraser, a free tool by Symantec, "uses aggressive methods" to detect and remove "crimeware". It can display many false positives and, therefore, is intended to be used when all other options have been exhausted.

It's still in beta but you wouldn't know until you download it.

http://security.symantec.com/nbrt/ov...origin=default








  
Quote: Originally Posted by PieterV (Symantec Employee)


I would like to re-iterate how aggressive mode works, and that the reported files are not considered FP's if only detected in aggressive mode.

Aggressive mode is the last line of defense, you already tried normal mode, and you suspect that you are still infected, then you try aggressive mode.

Normal mode uses a combination of local heuristics and signatures, as well as cloud signatures and reputation.

Aggressive mode uses cloud reputation data only, and any file that is not known good is considered bad.
This is important, if the file would be marked as Norton Trusted in the product, then it will not be detected.
If the file is NOT marked Norton Trusted, then it will be detected.

This means that unless a file is known to be completely trustworthy, it will be detected.
That is why this is aggressive mode, i.e. if not known good then it is bad.

E.g. newly released files may be detected.
E.g. files used by a very small number of users may be detected.
E.g. files that are unique (ha... Read more

A:Norton Power Eraser

Is it something like Hitman pro?

Read other 3 answers
RELEVANCY SCORE 78.8

I installed Norton Deluxe. How can I run Norton Power Eraser?

I am going to run NPE seperately. I could not find its file.
 

A:Norton Power Eraser

NPE is in the 'tools' section of Norton Security.

Or you could just download NPE itself.

Norton Power Eraser | Free Tool | Easily remove scamware that traditional virus scanning can?t detect.

There are three tools that always seem to find strange malware. NPE, Trend Housecall and Adlice Rogue Killer.
 

Read other 0 answers
RELEVANCY SCORE 78.8

I used norton power eraser on my windows 8 and I restarted it just like it said but it just took me to a black screen. I try to turn the computer off but I'm still stuck on the black screen, the cursor is visible but nothing is happening. Is this part of the program or is something messed upMoved from Intros to more appropriate forum. ~~Mod edit boopme

A:Norton power eraser

Can you boot into Safe Mode?
 
Norton power eraser creates a restore point before running a scan.
 
Windows 8 System Restore Guide
 
 
 
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.

Read other 3 answers
RELEVANCY SCORE 78.8

It's been a while since I've used this tool. I remember it used to be very prone to FP's. Has it changed for better or for worse?


Thanks.
 

Read other answers
RELEVANCY SCORE 78.8

Anyone have experience with or knowledge of Norton Power Eraser?

Brief description and download link:
http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

Eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect. Click to expand...

It is described as a beta and aggressive so that the user has to be especially aware that false positives are possible and care must be used. It appears to be recommended as a tool of last resort when others come up 'empty' but suspicion still remains.
Review here:
http://www.pcmag.com/article2/0,2817,2362915,00.asp
I have run it and it reported no risks under 'Normal' and 6 returns under 'aggressive' that turned out to be benign.
( I wasn't expecting any problems )
The app does not install, but it does require access to the Symantec servers.
 

A:Norton Power Eraser

Read other 16 answers
RELEVANCY SCORE 78.8

My son has been using my laptop of late, and things started happening. Windows Instant Messaging is now on my desktop. My internet settings keep changing. I get a Blue Tooth error message.
Norton 360 doesn't find anything. Norton Power Eraser (NPE) located a file rikvm_C6F09094.sys, and "removes" it, but it keeps coming back. Anyone else encountered this fun little friend?

A:Norton Power Eraser

Do you use a Cyberlink Webcam?it would seem that the driver is related to CyberLink and not a rootkit.Please download SystemLook from jpshortstuff and save it to your DesktopLink 1Link 2Double-click the SystemLook and copy/paste the following into the box
:regfind
rikvm
C6F09094
Hit the Look button. Let it finish the scan, this may take a while.A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Read other 5 answers
RELEVANCY SCORE 78.8

can anyone tell me if they think norton power eraser is safe to use? I have an older dell computer about 5 - 6 years old it has windows 7 on it. I like norton and do use the full systems scan once a month. Will i have any risk running norton power eraser? thnaks
 

Read other answers
RELEVANCY SCORE 78.8

To start with the computer I'm using to write this is not the computer I need help for.Thus no sysinfo provided.My girlfriend used norton power eraser on MY COMPUTER while I was away for a week because she said "it seemed like it was infected".Now I can't even get it to start.It won't even recognize the monitor or anything else so I can't access it at all.I suspect she wiped the hard drive.But I'm not familiar with this power eraser so I don't know for sure.Am I correct & if so is there anything I can do to recover from this?Any assistance would be greatly appreciated.Thanks in advance.
 

A:Norton Power Eraser

Now I can't even get it to startClick to expand...

what happens- any noise can you hear the fans - does the PC bleep - do you get any keyboard light at all ?
 

Read other 2 answers
RELEVANCY SCORE 78.8

Hello TSG Forum:

I am using Norton AV on Win 2K. An incoming email set off the AV this morning, and it said that there was a virus on my computer. In the activity log it says:

The file
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NAV23.tmp
is infected with the [email protected]!enc virus.
Unable to repair this file.
Access to the file was denied.

But, when I go to this directory C:\Documents and Settings\Administrator\Local Settings\Temp I can't see any file in there called NAV23.tmp (I have switched on 'show hidden files'.) Also, if I do a scan of that folder (or the entire hard-drive) it comes back virus free. My questions are:

1. Why can I not find the file NAV23.tmp on my computer since the AV says it is infected with a virus.

2. What is going on here? Does the virus copy itself to some other file and delete the NAV23.tmp? Why does the AV scan say computer is virus free? Is something else going on I should know about?

Thanks.
 

A:Norton AV: Says File is Infected, But Can't Find File.

Read other 9 answers
RELEVANCY SCORE 78

I used NPE and it detected something in my registry that needed fixing. After the process was finished, my computer started running real slow. I screened the results. Is my computer sick?



Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 18363, Installed 20191219153207.000000-240
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, Intel64 Family 6 Model 60 Stepping 3, CPU Count: 4
Total Physical RAM: 32 GB
Graphics Card: Intel(R) HD Graphics 4600, 1024 MB
Hard Drives: C: 476 GB (379 GB Free);
Motherboard: Dell Inc. 00V62H, ver A00, s/n /HQWZM22/CN7220047I01JO/
System: Dell Inc., ver DELL - 1072009, s/n HQWZM22
Antivirus: Windows Defender, Disabled
 

A:I Think that Norton Power Eraser may have Harmed my PC

I would use NPE to restore that item. It's likely flagged it because the value was set to unrestricted but then it may have deleted to much of that key.

Are you at all familiar with the registry? If so, after restoring the entry, export the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

right click on Microsoft.PowerShell and select "export" then give it a name and save it on your desktop for easy reference. Right-click the exported registry key and selet to open it with Notepad and then copy paste the contents here please.
 

Read other 5 answers
RELEVANCY SCORE 78

Hello community I hope I posted this in the correct forum. I currently have Norton anti-virus for protection on my computer. Recently I tried to download a video from a sharing website (mistake, I know). The files started downloading what I assume was most likely atrocities for my computer; so I cut the power, rebooted, and deleted the files.
 
Norton has since been prompting me to run Norton power eraser with a claim of, "detecting a large amount of suspicious outbound traffic on my system". I ran power eraser and it got rid of those files I downloaded as well as some other files.
 
The problem is that I am still getting the prompt to run Norton power eraser with the same claim of a large suspicious amount of outbound traffic. After checking the networking performance in task manager I can see that at any time my connection with get random fluctuations of up to 30%.
 
So I am still constantly being prompted with this security request to run Norton power eraser which means I assume that it didn't take care of the problem. I googled the issue and was directed to a Norton forums page with a user having the similar problem, and was redirected here. To view the prompt you can quickly browse that forum page:  http://community.norton.com/en/forums/frequent-notification-run-power-eraser 
 
I apologize if this problem has been posted before, I couldn't find it in a search or by browsing, and any help would be appreciated thanks. 

A:Norton Power Eraser Prompt

to Bleeping Computer.If you need individual assistance with malware infection, you should start a new topic in the Am I infected? What do I do? forumOR follow the instructions provided in the Malware Removal and Log Section Preparation Guide starting at Step 6.If you cannot complete a step, then skip it and continue with the next.In Step 6 there are instructions for downloading and running FRST which will create two logs.If you choose to post a log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. After doing that, please reply back in this thread with a link to the new topic so we can closed this one.

Read other 1 answers
RELEVANCY SCORE 78

.

http://security.symantec.com/nbrt/ov...origin=default

Tried it on a W7 HP 64bit system, not too impressed.

It was a clients PC, and infected.

Although this software is not for primary malware removal, I did try it to see what it would do, I removed the hard drive and connected it via a usb adapter to my XP laptop, it scanned and found 6 files infected, but could not remove them, I ran my corporate edition AVG and if found 13, removed them. Put the drive back in the PC and tried the Norton tool again, if found some issues and asked to reboot to remove them, I rebooted, Norton started before the desktop loaded and got a library error and did not remove the files. I finished cleanup using MBAM.

The Norton program will not run unless there is an Internet connection, which I think is a mistake, since many malwares will disable this.

It is Beta, and needs work

.

A:Norton Power Eraser Beta

Sorry, I don't search the forums a week back.

Read other 2 answers
RELEVANCY SCORE 78

I'm trying to download the last NPE.exe version but I cannot, Kaspersky as firefox block the page.

Do you get the same error message/have problems downloading it?

thank you


Spoiler: messages
[kaspersky




firefox




/SPOILER]

 

A:Norton power eraser -download

No problem with Opera, I can download NPE from your link. Using Comodo Cloud AV here.
VT Report of the NPE.exe : https://www.virustotal.com/tr/file/...1a2b63d25d7634a4141bd943/analysis/1474649211/
(Digitally signed and seems legit)

Your Kaspersky's False positive but I do not have any idea about FF alert.
 

Read other 0 answers
RELEVANCY SCORE 78

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz, x86 Family 15 Model 1 Stepping 2
Processor Count: 1
RAM: 767 Mb
Graphics Card: NVIDIA GeForce2 MX/MX 400, 64 Mb
Hard Drives: C: Total - 38154 MB, Free - 24305 MB;
Motherboard: Dell Computer Corporation, Dimension 8200
Antivirus: AVG Anti-Virus 2013, Updated: Yes, On-Demand Scanner: Enabled

When running Nortons Power Eraser alot of times almost every day when it scans I will get a msg saying Norton Power Eraser has successfully restored the internet connection.Hosts file and Norton Power Eraser proxy settings may have been modified.
 

A:norton power eraser question

Read other 8 answers
RELEVANCY SCORE 78

So, after downloading the newest version of NPE from the site, I start "Scan for Risks" with "Enable Multi-Boot check", "Show only bad files" and "Include Rootkit Scan" unchecked and after 1-2 mins of scanning, no matter how many times I try, when it reaches "Processing scan results...", I always get this:

And after pressing Debug:

Anyone know what might be the cause and how to fix it?
 

Read other answers
RELEVANCY SCORE 78

Tried to follow Preparation Guide, but DDS and GMER would not run in current state. All important files have been backed up.

Had a redirect virus/ malware (puma). Ran Malware Bytes and Norton Internet 2012 to no avail. Finally used Norton Power Eraser, which found two problems and I clicked fix. Upon reboot, BSOD comes up briefly and then goes into continuous reboot cycle. I can now only run the Vista OS in safe mode with networking. I believe the redirect problem is now gone but can no longer boot normally.

Any help is most appreciated.

Thank you,
matpat

A:Post Norton Power Eraser

Hi Matpat and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you!===================================================Ground Rules:First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take anys steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
When you post your reply, do not use the button but u... Read more

Read other 68 answers
RELEVANCY SCORE 78

http://community.norton.com/t5/Nort...ton/Norton-Power-Eraser-4-0-Beta/td-p/1002667



Key changes in this release:



Scanning across user profiles
NPE can now scan across user profiles, if there is an infected account you cannot log into to use NPE, you can scan from another account such as Administrator

Java vulnerability scan
NPE detects when the Java is out of date and provides a link to a KB to correct this.

Safe mode persistence
NPE is able to determine when the machine is in safe mode and will restart the machine in safe mode prior to scanning, NPE will return the machine to normal mode prior to threat removal

UI message streamlining/ UI refresh
UI has been updated and the messaging has been simplifiedClick to expand...

Download at https://security.symantec.com/nbrt/npe.aspx?&env=beta&NUCLANG=en-us.






 

A:Norton Power Eraser 4.0 Beta

Thanks. It would be interesting to see someone test this.
 

Read other 3 answers
RELEVANCY SCORE 77.2

My laptop will not boot after using Norton power eraser to try and remove the virus on the computer.I notice a problem with my computer this past Sunday. Every time I turn it on, it will shut itself down after window boot.I had restored the computer to an earlier point and every thing seems to be working fine, but my norton security is showing that I am not protected and need to turn on my antivirus. I was fooling around with norton security until I was directed to the norton power eraser page where I downloaded the software and installed it on my computer to remove the virus. My laptop has not boot since then, and I have tried all the options to fix the problem. Safe mode, restoring to an earlier point and other advance recovery tools are not working. Please I need help in fixing this computer. I have downloaded farbar recovery tool,and follow some of the instructions online. Here is the log from my flash drive.

A:Computer will not boot after using Norton power eraser(HELP)

Hi Kelvin10 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.I am Oh My! and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your comput... Read more

Read other 28 answers
RELEVANCY SCORE 77.2

So on my computer I have Norton antivirus. I did a full scan but nothing came up however i had a suspicion that a virus was on my PC because of the slowdown to my PC. I downloaded Norton power eraser. I can run it but when i try and scan for threats, it says access denied and displays an error code. I looked up the error code and according to Norton, NPE isn't working properly because a virus on my PC is protecting itself. Any ideas on what to do? I'm paranoid my computer is going to crash or something soon.

A:Norton power eraser wont work

Welcome to BC..
 
Try using Rkill before running NPE....if that doesn't work then it would be best to start a new topic following the instructions below.
 
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Direct download of renamed Rkill....iExplore.exe Download Link (This renamed copy may trigger an alert from Norton or MBAM. It can be ignored and is safe.)
 
 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
If you cannot complete a step, then skip it and continue with the next.
In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, gi... Read more

Read other 5 answers
RELEVANCY SCORE 77.2

Hello,
I tried to install Norton Internet security, but it wont install, Norton Power Eraser comes up with the above mentioned message. 
 
Kindly help
 

A:Norton power eraser comes up with Error 0x80070005,n44,n66

Hi, sdots! I'm going to try to help you out.
Before we get started, here are some things I need you to remember:
Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!
First, let's run a scan with FRST to get some more information.Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.
Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and... Read more

Read other 3 answers
RELEVANCY SCORE 77.2

Last night, i tried opening my my norton anti virus but it wont open. there's only this white small box. so i went to their site and look things up. Then found Norton Power eraser and it say it will scan whats wrong. After using it, my pc wont boot. i tried restoring it but it still wont work. Idk what to do

A:My PC wont boot after using Norton Power Eraser

You will need a malware expert for your problem.

Read other 4 answers
RELEVANCY SCORE 77.2

Hi, Norton Power Eraser pops up due to high amount of suspicius outgoing trafic in the system, ive let it run but it finds nothing. I have also ran a full system search with Norton but it did not find anything. When i let Power Eraser run or try to close i imidiatly get a new popup.  Am i infected by somthing norton cannot find? Im using Windows 8 by the way. Help apriciated.

Read other answers
RELEVANCY SCORE 77.2

Can someone help me with getting my computer to boot after using Norton Power Eraser? I'm running Windows 7, almost certain was 64 bit, but not 100% sure. Power Eraser removed one *.dll file and now I can't reboot in safe mode, status repair does not work and system restores to prior points do work but still can't reboot afterward. I don't remember the full name of the file removed, but it was djb******.dll. I stupidly did not note the middle characters.
....

A:cannot reboot after running Norton Power Eraser

Please note, I had also posted this to Norton's community forum, but was unsure I would get a response there as I had not seen a similar issue there and had seen several on these forums with similar issues. However, I was wrong and I am receiving help through the other forum. So, please disregard my request.

Read other 1 answers
RELEVANCY SCORE 77.2

Hello,



I recently was searching google on my desktop and I ended up getting a google redirecting virus... So after that I ran a couple of programs which ended up only finding a backdoor trojan, which was removed sucessfully. I was hoping that was the main problem, but then when I searched google again to verify the problem was dealt with, I got redirected again. After which; I got on my laptop and searched known solutions to the problem, one of which being norton power eraser tool.
I downloaded it and followed the directions, and it found and removed 8 items, 5 of which was my microsoft office programs. I let it do its thing though and followed through with it because they were marked as "bad", hoping maybe they were just decoy names. Once the computer restarted; my google search worked but as I suspected microsoft office was deleted.. So I went back into the power eraser tool and went through the prompts to undo the changes that have been made, and restarted my computer like it askes me to.



Now, my desktop is stuck at a black screen with a blinking white _ in the top left hand corner. I tried to boot it in safe mode by pressing F8 and bootup and it wont even load.



I would really appreciate a quick responce and solution to my problem, thank you for your time.



Sam

A:Computer Will not restart after using Norton Power Eraser, Help please

A llttle patience, please...your topic has already been placed on our Unbbotable list and one of the BC MRT personnel will assist you .

Louis

Read other 17 answers
RELEVANCY SCORE 77.2

Hi all,
Please help me as I tried to remove malware from my friends laptop and now recieve BSOD saying something about, "The problem seems to be caused by the following file: ACPI.sys" My friend originally gave me the laptop with F-Secure expired and saying something about a trojan so I ran malwarebytes and it found 15 infections don't remember what kind but alot of trojans. So then I tried to uninstall f-secure and it will not so I decided to download Norton Power eraser but when I ran it it said to restart and that's when the BSOD started and I can't get into safe mode and I don't have the original CD's for this laptop thank you for any assistance

A:BSOD after running Norton Power eraser Help

UPDATE:
OK I was able to do a last known good configuration and windows started up and Norton Power eraser finshed and found 2 things bad in registry one being task manger disabled the other I could not really tell what it was. I did a second scan with Norton Power eraser again on restart BSOD. Had to do another Last known good configuration this time Norton Power eraser did not detect anything. I am running another Malwarebytes scan will update. But I need help because I'm sure something is still wrong, whether it's malware or corrupt files (due to malware). Can someone still help me?

P.S. sorry I have Windows XP Home edition (srry)

Read other 5 answers
RELEVANCY SCORE 76.4

Running Windows7 I recently had an infection that resulted in my LAN settings being changed to a proxy server and redirects when clicking google results. I have run mbam and mse, both showed and removed malicious files and now show clean scans when I run them. There was an issue with my hosts file being invisible but I ran FileASSASSIN, manually typed in the location of the invisible hosts file and it was deleted. I used hostsXpert to restore the default windows hosts file. The new hosts file is visible.
Everything seems to be running fine now but I'm not sure if I'm still infected.

A:invisible hosts file fixed but still infected?

Hello and welcome.Lets do these then.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.If you did NOT run RKill do this part,Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkil... Read more

Read other 9 answers
RELEVANCY SCORE 76.4

Norton Power Eraser restart my PC after every scan. How can I prevent from restarting?
 

A:Norton Power Eraser is restarting PC after each scan. Is this normal?

This is how it functions, it restarts to check all the boot components (things starting on your computer).
You can do "advanced scan". In there, click the middle scan, it'll do the scan without restarting.
 

Read other 3 answers
RELEVANCY SCORE 76.4

In following another thread, I ran the FRST64 and am attaching the resulting .txt file. I'm having the same issue as others, in that after my son ran the Norton Power Eraser to clean out a virus, he cannot reboot at all. No system restore will work, no CHKDSK finds anything wrong, etc. Looking forward to a response, and Merry Christmas everyone.

A:Can't boot, apparent Norton Power Eraser issue

Hello and Welcome -This is not unusual, if you did not fully read all of the given information with the tool -Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them. Norton Power Eraser For more information about using Norton Power Eraser, Fully read all of the tutorialThank You -

Read other 9 answers
RELEVANCY SCORE 76.4

Hello,

I was attempting to fix another computer of mine that recently had the Norton Suite installed. After installation, I received an error 5013, 3(Base Filtering Engine). After some searching, I was led to a Norton related website which instructed that the Norton Power Eraser. NPE then did some scanning and removed two items and it also created a restore point I believe. The next thing was to restart the computer, which I did and the computer hasn't been able to get pass the Windows loading screen. Any help would be greatly appreciated.

Thank You.

A:Computer will not start after installing Norton Power Eraser

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 3 answers
RELEVANCY SCORE 76.4

Hi There, so it turns out I'm a total idiot....

My desktop uses Windows Vista Home Premium 2007 and it was bought complete from this company: music-pc.com - they optimise pcs for music production.

I had a backdoor.tidserv!/kmem (something like that) virus and I used norton 360 to find what the virus was, but then it said it needed a manual fix and i would need norton power eraser for this. I ran it and it found some files.....
I believe one was call PCAudio.dll (can't remember 100% if it was actually a dll file) and it was called a rootkey or rootkit type of file.

I thoughtlessly erased it and restarted my computer. However on restart I found that I blue screen whenever I actually boot properly. NIGHTMARE!
I'm guessing that what I deleted was actually a key registry file for the whole computer or maybe a part of an important driver (?)

I was hoping that this might be ok as norton eraser uses a system restore function, however when I tried system restore booting from the windows installer cd nothing changed; I still blue screen as windows loads.

I then read my documentation that comes with my music-pc (music-pc.com) and it says that I shouldn't boot with the windows cd that they provided as it will "remove all music optimisation, windows updates, hardware drivers and support warranty". DANG
Thankfully they said they will hopefully be able to send me an installation cd for this but I may have to wait a week or so. They have been really f... Read more

A:(norton power eraser = blue screen) *[possible farbar fix?]

I have just scanned my pc with farbar. Please see attached script>>

Read other 3 answers
RELEVANCY SCORE 76.4

Thanks for this forum. Thought I would share on how (I think) I have removed my google redirect.

Noticed the redirect problem a couple days ago. My computer does have AVG Free and Malwarebytes Free.

I scanned with the following AVG Free, Malwarebytes Free, TDSSKiller, Kaspersky Free Virus Scan, MS Safety Scanner but they did not find anything.

My host file was large and I used the following to reset it http://support.microsoft.com/kb/972034. It reduced the frequency (I think) but still had the redirect.

I just used Norton?s Power Eraser and it found xckor.dll which it removed. Interestingly, there is not alot of info on xckor.dll when searched with google.

Too soon to tell if it really fixed my problem but wanted to provide another data point to this group.

A:Google Redirect - Norton's Power Eraser, xckor.dll

I've been googling and have not had a redirect since running the Power Eraser so I think I'm good.

Thanks for the info in this forum.

Read other 1 answers
RELEVANCY SCORE 76.4

Hello, I have been struggling with a infection on my xp home for months! NPE said it was ZeroAcess.kmem but could not remove it fuly even with their tools. Came by here and have been following all kinds of things to remove and thought it was gone but is still their. Computer run great for awhile after running ComboFix, TDDSKiller, Malwarebytes, Norton NPE ( Said infected with ZeroAcess.kmem file netbt.sys deleted and it replaced it self but still not a great improvement from system until ComboFix ran first time "I have also manually replaced this file with original!"), Norton Internet Security 2012, Sophos free, Avast free, Panda Active Scan Free, Norton Boot Recovery Scan, Online virus scans, lots of things been ran weeks straight and nothing. I started getting better results after reading and running idea's from another post here on "BleepingComputer.com" Then it began again and now no results even after running ComboFix that still say's I am infected with rootkit ZeroAcess I have my first log from ComboFix and should have all logs from most of the scans I did. Seems no Anti-Virus will cure it fully. Running differents ones come's up with various different virus names. Also have used MBRCheck.exe and is good also have those logs. Weeks straight of running all these multiple times still getting ComboFix telling me its still rootkit ZeroAcess infection. Computer really slow again but have partioned with other Windows 8 preview CE.... Read more

A:Norton Power Eraser detected ZeroAccess.kmem

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 24 answers
RELEVANCY SCORE 76.4

Hello,

I was attempting to fix another computer of mine that recently had the Norton Suite installed. After installation, I received an error 5013, 3(Base Filtering Engine). After some searching, I was led to a Norton related website which instructed that the Norton Power Eraser. NPE then did some scanning and removed two items and it also created a restore point I believe. The next thing was to restart the computer, which I did and the computer hasn't been able to get pass the Windows loading screen. Any help would be greatly appreciated.

Thank You.

A:Computer will not start after installing Norton Power Eraser

The next thing was to restart the computer, which I did and the computer hasn't been able to get pass the Windows loading screen.Hi -Can you get the computer to start in Safe Mode, rather than Normal Mode first ??Just as the "loading" lead-in is about to start, can you press F8 to try and select Safe Mode with Networking.While in Safe Mode try to remove Norton Power Eraser, and see what happens -Post back with the results -Thanks -

Read other 4 answers
RELEVANCY SCORE 76.4

I am using way too much bandwidth (200GB) and tried Malware bytes to no avail. Norton Power Eraser kicks up an error code 0x80070005,n44,n66.
Any help is appreciated
 
speccy link http://speccy.piriform.com/results/b0ode5Y2zPisa56GpBTDANI
 
 
minitool box txt
 
MiniToolBox by Farbar  Version: 09-03-2015
Ran by Craig (administrator) on 23-03-2015 at 16:52:09
Running from "C:\Users\Craig\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
========================= Event log errors: ===============================
Application errors:
==================
Error: (03/23/2015 07:27:33 AM) (Source: DragonSvc) (User: )
Description: Error: Unable to spawn the 'NatSpeak Periodic Acoustic Optimization' task
Error: (03/22/2015 09:54:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000244,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000040EF270.72).  hr = 0x80070005, Access is denied.
.
Error: (03/22/2015 09:54:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000338,(null),0,REG_BINARY,000000000215DD90.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
... Read more

A:Norton Power Eraser error code 0x80070005,n44,n66

if I posted too much info .................please tell me

Read other 1 answers
RELEVANCY SCORE 76.4

Ran a MBAM scan when I seemingly downloaded a dubious file. Result was a Malware.Packer.CV and Norton power eraser found a file in System 32 it was unable to delete.
 
The file it found was wqlhlnn.sys
 
Help is much appreciated at the earliest.
 
EDIT: I haven't launched the .exe file the malware was found in when it got detected.

A:Malware Packer and detection by Norton Power Eraser

Can you post the entire file location path?
 
Reason I ask is you can boot into safe mode and paste the entire file location into File Assassin it should delete it.
https://www.malwarebytes.org/fileassassin/

Read other 12 answers
RELEVANCY SCORE 76.4

Here's my story, hope someone out there can help me fix this on my own! I have a Dell Inspiron 570, AMD Athlon II X4-630 processor, Windows 7 64 bit...purchased May 2011. I came with 3 free years of McAfee, theres my mistake! Firewall kept shutting itself down so I have a virus. Couldn't fix it, bought Norton 360. Ran a scan, found tracking cookies. Still had the virus. Could not access Google, kept getting messages stating I was out of memory at line 35, etc, walked past my computer and caught it sending emails to a bank. Ugh! So I ran Power Eraser and now I can't boot my computer. Tried safe mode, system repair, Dell Data Safe, restore from a previous point, nothing works. This was yesterday, now today that previous restore point doesn't even show up on the list. What should I do?Saw a post from a few days ago on this forum about getting a flash drive and downloading something. Shall I try that? I'm good with computers if I have good instructions. Please help, thanks!Mod Edit: OP posted FRST log, moved to MRL ~ Hamluis.

A:Cannot boot computer after running Norton Power Eraser

Also, I believe the virus it found was called backdoor.bot. And one more piece of info you may need...I do not have a Windows 7 disc, it came pre-installed on my computer from Dell.

Read other 20 answers
RELEVANCY SCORE 76.4

Hi all,
I'm new to this forum but have browsed a lot in the past. I want to share how I fixed a problem on my husband's laptop with the rpcss dll. I downloaded Norton Power Eraser (free) and ran the scan. The scan found an issue with rpcss.dll. I ran the fix option and since rebooting, the problems went away. Prior to this, the laptop would pop up with odd security messages and also prompted to start Windows Security Services (Windows 7). After running Spybot scans and Symantec scans, it still didn't resolve the issue. So I resorted to the Power Eraser.
 
Hope this helps those having similar problems! Good luck!
 

A:rpcss.dll - issue resolved using Norton Power Eraser

Hi,
 
You had Zekos infection but NPE don't delete the random named files in the %system32% folder which are a part of the trojan as well...so your system may need some additional actions... ;)
 
 
Regards,
Georgi

Read other 4 answers
RELEVANCY SCORE 76.4

I saw a similar post like my problem in another thread and I'm hoping someone can help me. It's my mom's laptop, so I'm not familiar with all of the specs on it. As far as I know, it is running Windows 7, I think it was up to date with SP1, and I'm fairly certain it's 32-bit (but really it could be 64). She had been having trouble with getting constantly redirected to other pages while surfing the web and similar problems, so I ran Malwarebytes and it cleaned up around thirty different items (I don't recall what they were exactly, ranged from registry keys to files with trojans and other sorts of malware). I then installed my Norton Internet Security 2012 on her computer and when it finished the install, I got the 5013,3 error (I do believe) and so I ran Norton Power Eraser as it suggested. It found four bad results, only three of which I could act upon. I don't remember the names of the results, I'm sorry about that. After it found those and started the restart sequence, Norton found some trojan that it couldn't delete on its own, but I couldn't do anything because the restart pushed on ahead. When I booted back up it brought me to the screen saying that Windows was unable to load and suggested it may be a hardware change, etc. I had the two options of starting windows repair or starting windows normally. I don't have a safe mode option. Starting normally very briefly flashed a blue screen for an instant then brought me back to... Read more

A:I Can't Boot My Computer After Running Norton Power Eraser

I am currently receiving help here http://www.geekstogo.com/forum/topic/321318-i-cant-boot-my-computer-after-running-norton-power-eraser/page__gopid__2193156#entry2193156 if anyone else has similar issues. If I still need help I will update. Thanks to anyone who was considering helping.

Read other 3 answers
RELEVANCY SCORE 76.4

This computer has been very glitchy. Spent hours over weekend searching for viruses, updating Windows, etc. Thought I had things working and then the next day Internet Explorer would not launch. I restored to a previous point in order to get it running, but knew something must be up since a program shouldn't just disappear. I use Norton Internet Security 2011 for that computer, and I searched site about issue. Norton recommended the Power Eraser. Big, big mistake. I believe the name of the file was signature that it recommended by fixed. I was a bit leery (and should have researched more), but hit the "fix it" button because I was so tired of messing with the issue. Well, now the computer will not boot up. I tried restoring to several previous points and nothing. Any advice on where I go from here?

A:Computer won't Reboot after running Norton Power Eraser

Hi sbullock -Several people have similr issues with Power Eraser, but you should only install a normal Antivirus (one per computer)Try This Link For Directions On Power Eraser Norton says it will not install like many programs (but I never trust Norton)Let us know how you go, as this seemed like it should work -Thank You -

Read other 6 answers
RELEVANCY SCORE 75.6

I seemed to have randomly gotten this virus, apparently its located in C:\windows\system32\services.exe and I cannot get rid of it with Norton Power Eraser.
Google and Yahoo! search results redirects to infected sites, along with my computer becoming a lot slower. Currently in Safe Mode with Networking

OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 6048 Mb
Graphics Card: Intel(R) HD Graphics, -1988 Mb
Hard Drives: C: Total - 939431 MB, Free - 834478 MB;
Motherboard: Gateway, IPISB-VR
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

(Currently using Norton 360, AVG Free Edition is no longer my anti-virus software though it appears in my logs.)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:45:01 AM, on 7/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Safe mode with network support

Running processes:
C:\Users\Sotike\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Sotike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\User... Read more

A:Norton Power Eraser keeps informing me of trojan.patchep!sys, cannot remove

Read other 16 answers