Blekko virus removal

SteveJobs · 06-20-2012, 08:22 AM

Hi, I somehow got the blekko virus and i can not figure out how to remove it. I have tried my norton and it will not pick it up, and norton power erase has not picked it up. I want it gone! Any help? Thanks!

**amateur** · 06-22-2012, 12:59 AM

Hello and welcome to TSF.

We require a comprehensive set of logs to determine the presence of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

SteveJobs · 06-22-2012, 09:13 AM

That post just confused the heck out of me....

**amateur** · 06-22-2012, 09:14 AM

Please explain. What was confusing?

SteveJobs · 06-22-2012, 09:23 AM

Oh the 32 bit system and gamr thing was confusing but i see that was not for me.

Is that the right thing?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Blake at 11:15:35 on 2012-06-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3944 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Blake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=4C11891B38826225339D134FDF703068&tbp=homepage&v=2_0
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C2E8E24-2F41-4958-921E-5A41DA19CFD6} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.1.1 184.16.4.22
TCP: Interfaces\{42BEE0CD-A987-482D-98EF-C17C46BFD812} : DhcpNameServer = 40.20.1.201 40.20.1.202
TCP: Interfaces\{70011010-973E-4624-A24D-E359156AE54B} : DhcpNameServer = 192.168.1.1 184.16.4.22
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C2E8E24-2F41-4958-921E-5A41DA19CFD6} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120618.004\IDSviA64.sys [2012-6-14 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-5-31 138232]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
S4 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/25 01:09:02;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-25 241648]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-4-8 26680]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-25 1751656]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-22 00:10:30 -------- d-----w- C:\Users\Blake\AppData\Local\CrashDumps
2012-06-21 16:51:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 16:51:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 16:50:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 16:50:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 22:58:20 -------- d-----w- C:\Users\Blake\AppData\Local\Paint.NET
2012-06-19 22:50:31 -------- d-----w- C:\Users\Blake\Easy Flyer Creator
2012-06-19 22:50:31 -------- d-----w- C:\Users\Blake\AppData\Local\Peridot_Technologies
2012-06-19 22:48:38 -------- d-----w- C:\ProgramData\Easy Flyer Creator
2012-06-19 22:48:38 -------- d-----w- C:\Program Files (x86)\Easy Flyer Creator 3.0
2012-06-18 23:17:37 -------- d-----w- C:\Users\Blake\AppData\Local\NPE
2012-06-18 18:15:29 -------- d-----w- C:\Program Files (x86)\OApps
2012-06-18 18:15:19 -------- d-----w- C:\ProgramData\blekko toolbars
2012-06-16 00:42:07 -------- d-----w- C:\Users\Blake\AppData\Local\{0F9E2902-4A0B-4941-8FE3-6EC24F0054A6}
2012-06-14 17:23:39 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2012-06-14 02:29:05 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 02:29:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 02:29:05 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 03:55:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-12 03:55:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-12 03:55:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-12 03:55:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-12 03:55:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-12 03:55:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-12 03:55:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-10 02:20:22 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-06-03 00:55:40 -------- d-----w- C:\Program Files (x86)\Seagate
2012-06-03 00:47:53 -------- d-----w- C:\Users\Blake\AppData\Local\ElevatedDiagnostics
2012-06-02 17:39:36 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-02 17:39:36 -------- d-----w- C:\Windows\System32\Wat
2012-06-02 17:13:51 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-06-02 16:27:58 -------- d-----w- C:\9e67506e2740c058ced549ce89d492
2012-06-02 16:21:10 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-02 16:21:09 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-02 16:21:09 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-02 16:21:09 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-02 16:21:09 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-02 16:21:09 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-02 16:21:09 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-02 06:05:34 -------- d-----w- C:\Users\Blake\AppData\Roaming\HD Tune Pro
2012-06-02 06:05:19 -------- d-----w- C:\Program Files (x86)\HD Tune Pro
2012-06-01 20:37:56 -------- d-----w- C:\Program Files (x86)\HP
2012-06-01 20:16:42 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-06-01 20:15:08 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-01 20:15:08 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-01 20:12:59 778752 ----a-w- C:\Windows\System32\mssvp.dll
2012-06-01 20:11:23 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-06-01 20:11:22 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-06-01 20:10:42 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-06-01 17:27:28 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-01 17:27:28 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-01 17:25:20 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-01 17:25:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-01 05:31:11 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2012-06-01 04:38:10 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-06-01 04:16:23 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-01 04:16:23 -------- d-----w- C:\Program Files\Symantec
2012-06-01 04:16:23 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-06-01 04:16:04 737912 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\srtsp64.sys
2012-06-01 04:16:04 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\SymDS64.sys
2012-06-01 04:16:04 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\symnets.sys
2012-06-01 04:16:04 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\srtspx64.sys
2012-06-01 04:16:04 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\Ironx64.sys
2012-06-01 04:16:04 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\ccSetx64.sys
2012-06-01 04:16:04 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0602010.005\SymEFA64.sys
2012-06-01 04:15:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\0602010.005
2012-06-01 04:15:55 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-06-01 04:15:53 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-06-01 04:13:34 -------- d-----w- C:\ProgramData\PCSettings
2012-06-01 02:34:23 -------- d-----w- C:\Users\Blake\AppData\Local\Adobe
2012-06-01 02:27:49 -------- d-----w- C:\Users\Blake\AppData\Local\Evernote
2012-06-01 02:21:37 -------- d-----w- C:\Users\Blake\AppData\Local\CyberLink
2012-06-01 01:58:26 -------- d-----w- C:\Users\Blake\AppData\Roaming\TuneUp Software
2012-06-01 01:57:38 -------- d-----w- C:\ProgramData\TuneUp Software
2012-06-01 01:57:33 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-01 01:57:33 -------- d--h--w- C:\ProgramData\Common Files
2012-06-01 01:09:22 -------- d-----w- C:\ProgramData\Blio
2012-06-01 01:09:18 -------- d-----w- C:\Users\Blake\AppData\Roaming\Blio
2012-05-31 23:53:50 -------- d-----w- C:\Users\Blake\AppData\Local\Apple Computer
2012-05-31 23:53:39 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-05-31 23:53:39 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-05-31 23:53:39 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-05-31 23:53:23 -------- d-----w- C:\Program Files\iPod
2012-05-31 23:53:22 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-31 23:53:22 -------- d-----w- C:\Program Files\iTunes
2012-05-31 23:53:22 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-31 23:52:39 -------- d-----w- C:\Users\Blake\AppData\Local\Apple
2012-05-31 23:52:20 -------- d-----w- C:\Program Files\Bonjour
2012-05-31 23:52:20 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-31 23:45:30 -------- d-----w- C:\Users\Blake\AppData\Local\Google
2012-05-31 23:42:36 -------- d-----w- C:\Users\Blake\AppData\Local\Apps
2012-05-31 23:42:35 -------- d-----w- C:\Users\Blake\AppData\Local\Deployment
2012-05-31 23:33:30 -------- d-----w- C:\Users\Blake\AppData\Local\AMD
2012-05-31 23:33:16 -------- d-----w- C:\Users\Blake\AppData\Local\ATI
2012-05-31 23:29:14 -------- d-----w- C:\Users\Blake\AppData\Roaming\Synaptics
2012-05-31 23:28:11 -------- d-----w- C:\Users\Blake\AppData\Roaming\hpqlog
2012-05-31 23:27:56 -------- d-----w- C:\Users\Blake\AppData\Local\RemEngine
2012-05-31 23:15:44 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-31 23:15:44 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-31 23:15:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-31 23:14:33 -------- d-----w- C:\Users\Blake\AppData\Local\Hewlett-Packard
2012-05-31 23:14:32 -------- d-----w- C:\Windows\SysWow64\%COREALLUSERPATH%
2012-05-31 23:14:20 -------- d-----w- C:\Users\Blake\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M ====================
.
2012-05-18 02

48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11

22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:16:24.45 ===============

**amateur** · 06-22-2012, 10:42 AM

Hi,

Below you'll find steps to remove Blekko via your browsers settings in Chrome, Firefox and Internet Explorer. Let me know if it worked.

Chrome
Firefox
Internet Explorer

SteveJobs · 06-22-2012, 01:59 PM

Yes! Thank you!

**amateur** · 06-22-2012, 02:07 PM

You're welcome!

**amateur** · 06-23-2012, 02:32 AM

Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Surf Safely and Think Prevention!