Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Start Menu items and Google redirects


  • This topic is locked This topic is locked
8 replies to this topic

#1 michaelpmock

michaelpmock

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 24 October 2011 - 06:13 PM

Hi. I had a virus popup for AV Protection online. I followed the steps listed in the guide and that problem is gone. However, I think I have something else coupled with the AV Protection bit. When I clicked the Start button nothing showed. Internet explorer had set my connection to proxy and I had to change those setting to access the internet. I also had no icons on the desktop. From looking at the files, I enabled the folder setting to view hidden files and there they were. I unhid everything in the c: drive (I wish I had read about unhide.exe first!). I still received some messages and errors when starting up. It talked about my "NVIDIA Display Driver Service terminated unexpectedly," DCOM Server Process Launcher terminated unexpecteldy," and more of the same for things like the "Virtual Disk" and "Shadow Windows." Also Malwarebytes kept blocking an outgoing burst to an ip addresses of 195.88.209.15(the most of this address) and 94.63.240.133. This happened many times with different ports and always from rundll32.exe.

I knew everything wasn't right, but there is not a tell-tale sign of a specific virus that I can see. I installed Norton and it scanned and picked up a few things, but I still have many services that keep shutting down and still have the redirect if I use google. I can go to yahoo.com and search, but I still have to copy the link into the address bar to get it to go to the right site.

Thank you in advance for your expertise and more importantly your volunteered time you give to people like me who know enough to be dangerous to themselves.

Michael


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Run by mkozick at 17:53:34 on 2011-10-23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.2526 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\vds.exe
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [fuuucSS2ibDpn4a] c:\users\mkozick\appdata\roaming\svhostu.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
StartupFolder: c:\users\mkozick\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{8A4129CE-3483-4B22-9128-E74FB964CEA7} : DhcpNameServer = 68.87.68.166 68.87.74.166
Hosts: 94.63.240.133 www.google.com
Hosts: 94.63.240.134 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mkozick\appdata\roaming\mozilla\firefox\profiles\4t2jc2sg.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-10-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-10-23 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111021.030\IDSvix86.sys [2011-10-21 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-10-23 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-10-23 331384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-22 366152]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-10-23 130008]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-25 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 1135104]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 540160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-23 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-22 22216]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 894976]
.
=============== Created Last 30 ================
.
2011-10-23 16:36:17 331384 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2011-10-23 16:36:17 296568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-10-23 16:36:16 744568 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symefa.sys
2011-10-23 16:36:16 516216 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-10-23 16:36:16 50168 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-10-23 16:36:16 340088 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symds.sys
2011-10-23 16:36:16 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys
2011-10-23 16:35:18 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-10-23 16:04:58 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-23 16:04:40 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-23 16:04:25 -------- d-----w- c:\windows\system32\drivers\N360
2011-10-23 16:04:23 -------- d-----w- c:\program files\Norton Security Suite
2011-10-23 16:04:15 -------- d-----w- c:\programdata\PCSettings
2011-10-23 15:43:24 -------- d-----w- c:\windows\Hewlett-Packard
2011-10-23 15:26:35 -------- d-----w- c:\program files\Secunia
2011-10-22 19:55:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 19:07:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 19:07:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 21:23:43 -------- d-----w- c:\users\mkozick\appdata\roaming\J25KheO257r2sgw
2011-10-21 21:23:41 -------- d-----w- c:\users\mkozick\appdata\roaming\Ft1nsKhVzuFQ8Te
2011-10-21 21:19:10 -------- d-----w- c:\users\mkozick\appdata\roaming\R3nFF4aamHsWJd
2011-10-21 21:19:10 -------- d-----w- c:\users\mkozick\appdata\roaming\cyyccS1iv
2011-10-21 21:19:08 -------- d-----w- c:\users\mkozick\appdata\roaming\WLLL9hhTX
2011-10-21 21:17:45 -------- d-----w- c:\users\mkozick\appdata\roaming\c4m5Q6Uya
2011-10-21 21:17:44 -------- d-----w- c:\users\mkozick\appdata\roaming\xQ7KgZhwUeItPc1
2011-10-21 01:42:42 77312 --sha-r- c:\windows\system32\Firewalln.dll
2011-10-21 01:42:26 28160 ----a-w- c:\windows\system32\dll.dll
2011-10-21 01:42:19 295053 ----a-w- c:\windows\system32\shimg.dll
2011-10-20 23:40:09 219136 ----a-w- c:\windows\system32\0.08304222887580304.exe
2011-10-20 23:18:47 -------- d-----w- c:\users\mkozick\appdata\roaming\xccAA1vD2onFpm5
2011-10-20 23:18:47 -------- d-----w- c:\users\mkozick\appdata\roaming\B888gRZhYXwUelB
2011-10-19 23:12:37 -------- d-----w- c:\users\mkozick\appdata\roaming\usssQJJ6dEKfR9h
2011-10-19 23:12:37 -------- d-----w- c:\users\mkozick\appdata\roaming\AwwjjUCCelIrzNy
2011-10-19 09:14:50 -------- d-----w- c:\users\mkozick\appdata\roaming\mtzzPP0ycA1iv2n
2011-10-19 09:14:49 -------- d-----w- c:\users\mkozick\appdata\roaming\XggRRZqqhYwkUel
2011-10-19 09:14:47 -------- d-----w- c:\users\mkozick\appdata\roaming\ZyyyxAA0uvS2bFp
2011-10-19 09:14:47 -------- d-----w- c:\users\mkozick\appdata\roaming\HrrzzONNtxA
2011-10-19 09:14:47 -------- d-----w- c:\users\mkozick\appdata\roaming\hhhTTXqjj
2011-10-12 02:03:16 -------- d-----w- c:\users\mkozick\appdata\local\CrashDumps
.
==================== Find3M ====================
.
2011-10-23 17:23:01 551424 ----a-w- c:\windows\system32\drivers\XAudio.exe
2011-10-23 17:22:59 266240 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-23 16:36:17 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-22 18:55:18 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-22 18:50:25 273920 ----a-w- c:\windows\system32\spoolsv.exe
2011-10-22 18:50:24 2770944 ----a-w- c:\windows\system32\SLsvc.exe
2011-10-21 04:23:16 298496 ----a-w- c:\windows\notepad.exe
2011-10-20 23:40:26 285184 ----a-w- c:\windows\system32\wbem\WmiApSrv.exe
2011-10-20 23:40:25 530432 ----a-w- c:\windows\system32\vds.exe
2011-10-20 23:40:25 253440 ----a-w- c:\windows\system32\msdtc.exe
2011-10-20 23:40:25 2238976 ----a-w- c:\windows\system32\dfsr.exe
2011-10-20 23:40:25 183296 ----a-w- c:\windows\system32\UI0Detect.exe
2011-10-20 23:40:25 160256 ----a-w- c:\windows\system32\snmptrap.exe
2011-10-20 23:40:25 155136 ----a-w- c:\windows\system32\Locator.exe
2011-10-20 23:40:25 1202176 ----a-w- c:\windows\system32\VSSVC.exe
2011-10-20 23:40:24 206848 ----a-w- c:\windows\system32\alg.exe
.
============= FINISH: 17:54:24.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 25 October 2011 - 02:16 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 michaelpmock

michaelpmock
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 26 October 2011 - 06:24 PM

I ran combo fix and it had to restart a few times, but finally finished. I did keep getting error messages referencing common .exe files and stated that they were infected with the virus.expiro.

Thank you for your help. Below is my combo fix log.


Michael










ComboFix 11-10-25.04 - mkozick 10/25/2011 19:15:36.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6001.1.1252.1.1033.18.2942.2087 [GMT -4:00]
Running from: c:\users\mkozick\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Skype
c:\users\mkozick\AppData\Roaming\AwwjjUCCelIrzNy
c:\users\mkozick\AppData\Roaming\AwwjjUCCelIrzNy\AV Protection Online.ico
c:\users\mkozick\AppData\Roaming\J25KheO257r2sgw
c:\users\mkozick\AppData\Roaming\J25KheO257r2sgw\AV Protection Online.ico
c:\users\mkozick\AppData\Roaming\mtzzPP0ycA1iv2n
c:\users\mkozick\AppData\Roaming\mtzzPP0ycA1iv2n\AV Protection Online.ico
c:\users\mkozick\AppData\Roaming\R3nFF4aamHsWJd
c:\users\mkozick\AppData\Roaming\R3nFF4aamHsWJd\AV Protection Online.ico
c:\users\mkozick\AppData\Roaming\xccAA1vD2onFpm5
c:\users\mkozick\AppData\Roaming\xccAA1vD2onFpm5\AV Protection Online.ico
c:\users\skozick\AppData\Roaming\QuvS2ibF3n5
c:\users\skozick\AppData\Roaming\QuvS2ibF3n5\AV Protection Online.ico
c:\windows\$NtUninstallKB32257$
c:\windows\$NtUninstallKB32257$\1147812459\@
c:\windows\$NtUninstallKB32257$\1147812459\bckfg.tmp
c:\windows\$NtUninstallKB32257$\1147812459\cfg.ini
c:\windows\$NtUninstallKB32257$\1147812459\Desktop.ini
c:\windows\$NtUninstallKB32257$\1147812459\kwrd.dll
c:\windows\$NtUninstallKB32257$\1147812459\L\qnbwvoto
c:\windows\$NtUninstallKB32257$\1147812459\U\00000001.@
c:\windows\$NtUninstallKB32257$\1147812459\U\00000002.@
c:\windows\$NtUninstallKB32257$\1147812459\U\80000000.@
c:\windows\$NtUninstallKB32257$\1147812459\U\80000032.@
c:\windows\$NtUninstallKB32257$\61965223
c:\windows\system32\0.08304222887580304.exe
c:\windows\system32\Dll.dll
c:\windows\system32\shimg.dll
c:\windows\system32\spsys.log
.
Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!spoolsv.exe
.
Infected copy of c:\windows\notepad.exe was found and disinfected
Restored copy from - c:\windows\System32\notepad.exe
.
Infected copy of c:\windows\ehome\ehrecvr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!ehome!ehrecvr.exe
.
Infected copy of c:\windows\ehome\ehsched.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!ehome!ehsched.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6002.18005_none_1fd1ab49e8ca6ebb\mscorsvw.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_infocard_b77a5c561934e089_6.0.6002.18005_none_cb66ec8b18dd702e\infocard.exe
.
Infected copy of c:\windows\System32\alg.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!alg.exe
.
Infected copy of c:\windows\System32\dfsr.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6002.18005_none_b86505b69725e0c7\dfsr.exe
.
Infected copy of c:\windows\System32\dllhost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!dllhost.exe
.
Infected copy of c:\windows\System32\Locator.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!Locator.exe
.
Infected copy of c:\windows\System32\msdtc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!msdtc.exe
.
Infected copy of c:\windows\System32\SLsvc.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6002.18005_none_5062f685f6a7c614\SLsvc.exe
.
Infected copy of c:\windows\System32\snmptrap.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!snmptrap.exe
.
Infected copy of c:\windows\System32\UI0Detect.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!UI0Detect.exe
.
Infected copy of c:\windows\System32\vds.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6002.18005_none_6cd64babf7d06785\vds.exe
.
Infected copy of c:\windows\System32\VSSVC.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.0.6002.18005_none_5cb8478314f93f13\VSSVC.exe
.
Infected copy of c:\windows\System32\wbem\WmiApSrv.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6002.18005_none_bb3f7c211cba6b3f\WmiApSrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 23:25 . 2011-10-25 23:29 -------- d-----w- c:\users\mkozick\AppData\Local\temp
2011-10-25 23:25 . 2011-10-25 23:25 -------- d-----w- c:\users\skozick\AppData\Local\temp
2011-10-25 23:25 . 2011-10-25 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 22:59 . 2011-10-25 22:59 -------- d-----w- c:\users\mkozick\AppData\Local\Secunia PSI
2011-10-23 16:04 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-23 16:04 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-23 16:04 . 2011-10-23 17:21 -------- d-----w- c:\windows\system32\drivers\N360
2011-10-23 16:04 . 2011-10-23 16:04 -------- d-----w- c:\program files\Norton Security Suite
2011-10-23 16:04 . 2011-10-23 16:04 -------- d-----w- c:\programdata\PCSettings
2011-10-23 15:43 . 2011-10-23 15:43 -------- d-----w- c:\users\skozick\AppData\Roaming\HpUpdate
2011-10-23 15:43 . 2011-10-23 15:43 -------- d-----w- c:\windows\Hewlett-Packard
2011-10-23 15:26 . 2011-10-23 15:26 -------- d-----w- c:\users\skozick\AppData\Local\Secunia PSI
2011-10-23 15:26 . 2011-10-23 15:26 -------- d-----w- c:\program files\Secunia
2011-10-22 19:55 . 2011-10-23 15:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 19:07 . 2011-10-22 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-22 19:07 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 19:00 . 2011-10-22 19:00 -------- d-----w- c:\users\skozick\AppData\Roaming\Malwarebytes
2011-10-21 21:49 . 2011-10-23 16:35 -------- d-----w- c:\users\skozick\AppData\Local\CrashDumps
2011-10-21 21:48 . 2011-10-21 21:48 -------- d-----w- c:\users\skozick\AppData\Roaming\dTjezxSbpJK9CIz
2011-10-21 21:23 . 2011-10-21 21:23 -------- d-----w- c:\users\mkozick\AppData\Roaming\Ft1nsKhVzuFQ8Te
2011-10-21 21:19 . 2011-10-21 21:19 -------- d-----w- c:\users\mkozick\AppData\Roaming\cyyccS1iv
2011-10-21 21:19 . 2011-10-21 21:19 -------- d-----w- c:\users\mkozick\AppData\Roaming\WLLL9hhTX
2011-10-21 21:17 . 2011-10-21 21:17 -------- d-----w- c:\users\mkozick\AppData\Roaming\c4m5Q6Uya
2011-10-21 21:17 . 2011-10-21 21:17 -------- d-----w- c:\users\mkozick\AppData\Roaming\xQ7KgZhwUeItPc1
2011-10-21 01:42 . 2011-10-21 01:42 77312 --sha-r- c:\windows\system32\Firewalln.dll
2011-10-21 00:04 . 2011-10-21 00:04 -------- d-----w- c:\programdata\WindowsSearch
2011-10-20 23:39 . 2011-10-20 23:39 -------- d-----w- c:\windows\Sun
2011-10-20 23:18 . 2011-10-20 23:18 -------- d-----w- c:\users\mkozick\AppData\Roaming\B888gRZhYXwUelB
2011-10-19 23:12 . 2011-10-19 23:12 -------- d-----w- c:\users\mkozick\AppData\Roaming\usssQJJ6dEKfR9h
2011-10-19 09:14 . 2011-10-19 09:14 -------- d-----w- c:\users\mkozick\AppData\Roaming\XggRRZqqhYwkUel
2011-10-19 09:14 . 2011-10-22 19:46 -------- d-----w- c:\users\mkozick\AppData\Roaming\ZyyyxAA0uvS2bFp
2011-10-19 09:14 . 2011-10-19 09:14 -------- d-----w- c:\users\mkozick\AppData\Roaming\HrrzzONNtxA
2011-10-19 09:14 . 2011-10-19 09:14 -------- d-----w- c:\users\mkozick\AppData\Roaming\hhhTTXqjj
2011-10-12 02:03 . 2011-10-23 21:43 -------- d-----w- c:\users\mkozick\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 23:29 . 2008-01-21 02:25 3556352 ----a-w- c:\windows\system32\SLsvc.exe
2011-10-25 23:28 . 2008-01-21 02:23 1202688 ----a-w- c:\windows\system32\VSSVC.exe
2011-10-25 23:28 . 2006-11-02 08:58 160256 ----a-w- c:\windows\system32\snmptrap.exe
2011-10-25 23:28 . 2006-11-02 08:50 155136 ----a-w- c:\windows\system32\Locator.exe
2011-10-25 23:28 . 2008-01-21 02:24 219136 ----a-w- c:\windows\system32\msiexec.exe
2011-10-25 23:28 . 2008-01-21 02:24 253440 ----a-w- c:\windows\system32\msdtc.exe
2011-10-25 23:26 . 2008-01-21 02:24 206848 ----a-w- c:\windows\system32\alg.exe
2011-10-23 17:23 . 2009-03-04 00:14 551424 ----a-w- c:\windows\system32\drivers\XAudio.exe
2011-10-23 16:36 . 2010-10-15 00:58 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-22 18:55 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-10-20 . 6F08FA782EC261B3971C600386B5D47D . 775168 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\iexplore.exe
[7] 2011-04-21 . 6C93AC7C0A8718E2A1543DB1B1B3B19F . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22905_none_2ff0ad763317887e\iexplore.exe
[7] 2011-02-18 . C84ABBF7D7AF2F7D004D800D10430FF5 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18602_none_2f640c0119fca261\iexplore.exe
[7] 2011-02-18 . BECD30E162ACFD7A04B1F87FBBAFF70E . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22857_none_2fbc9c88333e49ba\iexplore.exe
[7] 2010-12-20 . 4319F2A5C725D9E0B9E01744E02D32BE . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18565_none_2f262b711a2a98e5\iexplore.exe
[7] 2010-12-20 . B021EBF2A5344FF71A641B2EFDAF813E . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22816_none_2fe6dbee331ec09f\iexplore.exe
[7] 2010-10-21 . ED748658B126A4617A4BA4A8F4F10DBE . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22784_none_2f992a0033595461\iexplore.exe
[7] 2010-10-20 . 63E2F08404C9824C6CE6EE4A308B4083 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18542_none_2f38ca6b1a1d14fe\iexplore.exe
[7] 2010-09-09 . 3EF3476EF687FE18856A6148C6082452 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22760_none_2faac8b0334cb723\iexplore.exe
[7] 2010-09-08 . 02FF22F3AF0108DA2A563ABC9867049F . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18527_none_2f536bb51a085bcf\iexplore.exe
[7] 2010-06-28 . 867D06F3C473F65921F5EDF35866FF14 . 634656 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22720_none_2fd60860332c475f\iexplore.exe
[7] 2010-06-28 . B6D7D54B736056991109F169737592C7 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18498_none_2f08baa51a403b96\iexplore.exe
[7] 2010-05-04 . 29A7F81290165264010B784A7D217561 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18470_none_2f16582d1a3738fc\iexplore.exe
[7] 2010-05-04 . 424CEA5CB5999B2A6A3ED643EA20C97F . 634656 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22685_none_2f9a286433587091\iexplore.exe
[7] 2010-03-11 . 67C769016A79E6FC65D1755E5D6ADAB3 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\iexplore.exe
[7] 2010-03-09 . 259E27152180B895DF395ED3E412B90E . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\iexplore.exe
[7] 2010-03-09 . 97496AA4590CB101EF990060F7055F3D . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\iexplore.exe
[7] 2010-03-09 . 74E60C93D1C9A40354D839776CCF53DF . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\iexplore.exe
[7] 2009-12-18 . 6C8AC3469BBEFE194BB18B2D84D98252 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18385_none_2f1087cd1a3ad679\iexplore.exe
[7] 2009-12-18 . C071905121F6DE5F399550FC70138FEC . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\iexplore.exe
[7] 2009-12-18 . 115076DAD84312F3A51698C15BC39D39 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21184_none_2db2bdca3632ff3d\iexplore.exe
[7] 2009-12-18 . F47755101C622AF18EE669ECEB3A97AD . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22585_none_2f9a267e3358736a\iexplore.exe
[7] 2009-10-27 . 4F9B04D546C23A295F3F0AE015BE51DB . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\iexplore.exe
[7] 2009-10-27 . 79B60CC26404F8FC2B351A7551D93C17 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\iexplore.exe
[7] 2009-10-27 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\iexplore.exe
[7] 2009-10-27 . 03EF289E8F82CBC4E492658864C7C51A . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\iexplore.exe
[7] 2009-08-27 . 9E45866CD349219784CD5A7620DBEB8A . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[7] 2009-08-27 . A76AFC309AA55CD607A28AC41C7D7603 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[7] 2009-08-27 . BBF84F317553520BB78AEF7B047325C1 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[7] 2009-08-27 . FE2DFF83B7753AC47C553EF7D5289BEE . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-04 . 157F8DE991396C536820D7FA5C8DCF7D . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[7] 2009-03-04 . 4DBD95312B1C96C5285D38F1D748CD4D . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[7] 2009-03-04 . 07ED775D6DB4BFA96D7CFB09EB228418 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[7] 2009-03-04 . 9F1427F203CA078005C9943800929640 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[7] 2009-03-04 . 9437CA21CD48C9B6BFD6F5AC0143D251 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[7] 2009-03-04 . 182CAF7403705ACCB51211A761080B8F . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-10-22 352256]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2011-10-22 352256]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2011-10-22 352256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\skozick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 531456]
.
c:\users\mkozick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 531456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-23 540160]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2011-10-20 894976]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [2011-10-15 818808]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111021.030\IDSvix86.sys [2011-10-21 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-23 1135104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-21 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\users\mkozick\AppData\Roaming\Mozilla\Firefox\Profiles\4t2jc2sg.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-fuuucSS2ibDpn4a - c:\users\mkozick\AppData\Roaming\svhostu.exe
SafeBoot-77622847.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 19:29
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\HP Games\My HP Game Console\GameConsoleService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\UI0Detect.exe
c:\windows\System32\vds.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\DllHost.exe
c:\windows\System32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-10-25 19:49:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-25 23:49
.
Pre-Run: 166,352,232,448 bytes free
Post-Run: 166,349,627,392 bytes free
.
- - End Of File - - B1A9E2B857B9171ECB42FA90143C5206

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 26 October 2011 - 09:29 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\skozick\AppData\Roaming\dTjezxSbpJK9CIz
c:\users\mkozick\AppData\Roaming\Ft1nsKhVzuFQ8Te
c:\users\mkozick\AppData\Roaming\cyyccS1iv
c:\users\mkozick\AppData\Roaming\WLLL9hhTX
c:\users\mkozick\AppData\Roaming\c4m5Q6Uya
c:\users\mkozick\AppData\Roaming\xQ7KgZhwUeItPc1
c:\users\mkozick\AppData\Roaming\B888gRZhYXwUelB
c:\users\mkozick\AppData\Roaming\usssQJJ6dEKfR9h
c:\users\mkozick\AppData\Roaming\XggRRZqqhYwkUel
c:\users\mkozick\AppData\Roaming\ZyyyxAA0uvS2bFp
c:\users\mkozick\AppData\Roaming\HrrzzONNtxA
c:\users\mkozick\AppData\Roaming\hhhTTXqjj


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 michaelpmock

michaelpmock
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 27 October 2011 - 07:01 PM

Combo fix ran and then rebooted, but when it was preparing the log, some programs "Start Men" (maybe, it popped up too fast to get the exact program) had to close. I still don't have anything when I click the start button. And my quicklaunch on the system tray is blank.


Malwarebytes is still finding .exe files that are infected with (Virus Expiro) such as "Quicktimeplayer.exe" "wmplayer.exe" "adobe_updater.exe" "Firefox.exe" "Quickstart.exe" "Solitare.exe" Spidersolitare.exe" etc.

I did have a hard time starting combo fix. It kept telling me that norton was running, but the process wasn't running and the service was stopped and it was in safe mode. I tried to open the program to disable it, but it wouldn't even open. I had no choice but to open it in safe mode, make sure the process and the services was running and went ahead with the combo fix.

Should I run combo fix in safe mode or normal startup? Thanks again for the help. Here is the log.

Michael



ComboFix 11-10-25.04 - mkozick 10/27/2011 19:39:17.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.2556 [GMT -4:00]
Running from: c:\users\mkozick\Desktop\ComboFix.exe
Command switches used :: c:\users\mkozick\Desktop\CFScript.txt
AV: Norton Security Suite *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mkozick\AppData\Roaming\B888gRZhYXwUelB
c:\users\mkozick\AppData\Roaming\c4m5Q6Uya
c:\users\mkozick\AppData\Roaming\c4m5Q6Uya\AV Protection Online.ico
c:\users\mkozick\AppData\Roaming\cyyccS1iv
c:\users\mkozick\AppData\Roaming\Ft1nsKhVzuFQ8Te
c:\users\mkozick\AppData\Roaming\hhhTTXqjj
c:\users\mkozick\AppData\Roaming\HrrzzONNtxA
c:\users\mkozick\AppData\Roaming\usssQJJ6dEKfR9h
c:\users\mkozick\AppData\Roaming\WLLL9hhTX
c:\users\mkozick\AppData\Roaming\XggRRZqqhYwkUel
c:\users\mkozick\AppData\Roaming\xQ7KgZhwUeItPc1
c:\users\mkozick\AppData\Roaming\ZyyyxAA0uvS2bFp
c:\users\skozick\AppData\Roaming\dTjezxSbpJK9CIz
c:\windows\system32\spsys.log
.
Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!spoolsv.exe
.
Infected copy of c:\windows\ehome\ehrecvr.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!ehome!ehrecvr.exe
.
Infected copy of c:\windows\ehome\ehsched.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!ehome!ehsched.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_infocard_b77a5c561934e089_6.0.6002.18005_none_cb66ec8b18dd702e\infocard.exe
.
Infected copy of c:\windows\System32\alg.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!alg.exe
.
Infected copy of c:\windows\System32\dfsr.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6002.18005_none_b86505b69725e0c7\dfsr.exe
.
Infected copy of c:\windows\System32\dllhost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!dllhost.exe
.
Infected copy of c:\windows\System32\Locator.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!Locator.exe
.
Infected copy of c:\windows\System32\msdtc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!msdtc.exe
.
Infected copy of c:\windows\System32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.0.6002.18005_none_4b6cedd8833badf1\msiexec.exe
.
Infected copy of c:\windows\System32\SLsvc.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6002.18005_none_5062f685f6a7c614\SLsvc.exe
.
Infected copy of c:\windows\System32\snmptrap.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!snmptrap.exe
.
Infected copy of c:\windows\System32\UI0Detect.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!UI0Detect.exe
.
Infected copy of c:\windows\System32\VSSVC.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.0.6002.18005_none_5cb8478314f93f13\VSSVC.exe
.
Infected copy of c:\windows\System32\wbem\WmiApSrv.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6002.18005_none_bb3f7c211cba6b3f\WmiApSrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 23:47 . 2011-10-27 23:50 -------- d-----w- c:\users\mkozick\AppData\Local\temp
2011-10-27 23:47 . 2011-10-27 23:47 -------- d-----w- c:\users\skozick\AppData\Local\temp
2011-10-27 23:47 . 2011-10-27 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 22:59 . 2011-10-25 22:59 -------- d-----w- c:\users\mkozick\AppData\Local\Secunia PSI
2011-10-23 16:04 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-23 16:04 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-10-23 16:04 . 2011-10-23 17:21 -------- d-----w- c:\windows\system32\drivers\N360
2011-10-23 16:04 . 2011-10-23 16:04 -------- d-----w- c:\program files\Norton Security Suite
2011-10-23 16:04 . 2011-10-23 16:04 -------- d-----w- c:\programdata\PCSettings
2011-10-23 15:43 . 2011-10-23 15:43 -------- d-----w- c:\users\skozick\AppData\Roaming\HpUpdate
2011-10-23 15:43 . 2011-10-23 15:43 -------- d-----w- c:\windows\Hewlett-Packard
2011-10-23 15:26 . 2011-10-23 15:26 -------- d-----w- c:\users\skozick\AppData\Local\Secunia PSI
2011-10-23 15:26 . 2011-10-23 15:26 -------- d-----w- c:\program files\Secunia
2011-10-22 19:55 . 2011-10-23 15:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 19:07 . 2011-10-22 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-22 19:07 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 19:00 . 2011-10-22 19:00 -------- d-----w- c:\users\skozick\AppData\Roaming\Malwarebytes
2011-10-21 21:49 . 2011-10-23 16:35 -------- d-----w- c:\users\skozick\AppData\Local\CrashDumps
2011-10-21 01:42 . 2011-10-21 01:42 77312 --sha-r- c:\windows\system32\Firewalln.dll
2011-10-21 00:04 . 2011-10-21 00:04 -------- d-----w- c:\programdata\WindowsSearch
2011-10-20 23:39 . 2011-10-20 23:39 -------- d-----w- c:\windows\Sun
2011-10-12 02:03 . 2011-10-27 23:50 -------- d-----w- c:\users\mkozick\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 23:50 . 2008-01-21 02:23 1202688 ----a-w- c:\windows\system32\VSSVC.exe
2011-10-27 23:50 . 2006-11-02 08:58 160256 ----a-w- c:\windows\system32\snmptrap.exe
2011-10-27 23:50 . 2006-11-02 08:50 155136 ----a-w- c:\windows\system32\Locator.exe
2011-10-27 23:50 . 2008-01-21 02:24 253440 ----a-w- c:\windows\system32\msdtc.exe
2011-10-27 23:48 . 2008-01-21 02:24 206848 ----a-w- c:\windows\system32\alg.exe
2011-10-23 17:23 . 2009-03-04 00:14 551424 ----a-w- c:\windows\system32\drivers\XAudio.exe
2011-10-23 16:36 . 2010-10-15 00:58 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-22 18:55 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-10-20 . 6F08FA782EC261B3971C600386B5D47D . 775168 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\iexplore.exe
[7] 2011-04-21 . 6C93AC7C0A8718E2A1543DB1B1B3B19F . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22905_none_2ff0ad763317887e\iexplore.exe
[7] 2011-02-18 . C84ABBF7D7AF2F7D004D800D10430FF5 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18602_none_2f640c0119fca261\iexplore.exe
[7] 2011-02-18 . BECD30E162ACFD7A04B1F87FBBAFF70E . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22857_none_2fbc9c88333e49ba\iexplore.exe
[7] 2010-12-20 . 4319F2A5C725D9E0B9E01744E02D32BE . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18565_none_2f262b711a2a98e5\iexplore.exe
[7] 2010-12-20 . B021EBF2A5344FF71A641B2EFDAF813E . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22816_none_2fe6dbee331ec09f\iexplore.exe
[7] 2010-10-21 . ED748658B126A4617A4BA4A8F4F10DBE . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22784_none_2f992a0033595461\iexplore.exe
[7] 2010-10-20 . 63E2F08404C9824C6CE6EE4A308B4083 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18542_none_2f38ca6b1a1d14fe\iexplore.exe
[7] 2010-09-09 . 3EF3476EF687FE18856A6148C6082452 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22760_none_2faac8b0334cb723\iexplore.exe
[7] 2010-09-08 . 02FF22F3AF0108DA2A563ABC9867049F . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18527_none_2f536bb51a085bcf\iexplore.exe
[7] 2010-06-28 . 867D06F3C473F65921F5EDF35866FF14 . 634656 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22720_none_2fd60860332c475f\iexplore.exe
[7] 2010-06-28 . B6D7D54B736056991109F169737592C7 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18498_none_2f08baa51a403b96\iexplore.exe
[7] 2010-05-04 . 29A7F81290165264010B784A7D217561 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18470_none_2f16582d1a3738fc\iexplore.exe
[7] 2010-05-04 . 424CEA5CB5999B2A6A3ED643EA20C97F . 634656 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22685_none_2f9a286433587091\iexplore.exe
[7] 2010-03-11 . 67C769016A79E6FC65D1755E5D6ADAB3 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\iexplore.exe
[7] 2010-03-09 . 259E27152180B895DF395ED3E412B90E . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\iexplore.exe
[7] 2010-03-09 . 97496AA4590CB101EF990060F7055F3D . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\iexplore.exe
[7] 2010-03-09 . 74E60C93D1C9A40354D839776CCF53DF . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\iexplore.exe
[7] 2009-12-18 . 6C8AC3469BBEFE194BB18B2D84D98252 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18385_none_2f1087cd1a3ad679\iexplore.exe
[7] 2009-12-18 . C071905121F6DE5F399550FC70138FEC . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\iexplore.exe
[7] 2009-12-18 . 115076DAD84312F3A51698C15BC39D39 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21184_none_2db2bdca3632ff3d\iexplore.exe
[7] 2009-12-18 . F47755101C622AF18EE669ECEB3A97AD . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22585_none_2f9a267e3358736a\iexplore.exe
[7] 2009-10-27 . 4F9B04D546C23A295F3F0AE015BE51DB . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\iexplore.exe
[7] 2009-10-27 . 79B60CC26404F8FC2B351A7551D93C17 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\iexplore.exe
[7] 2009-10-27 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\iexplore.exe
[7] 2009-10-27 . 03EF289E8F82CBC4E492658864C7C51A . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\iexplore.exe
[7] 2009-08-27 . 9E45866CD349219784CD5A7620DBEB8A . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[7] 2009-08-27 . A76AFC309AA55CD607A28AC41C7D7603 . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[7] 2009-08-27 . BBF84F317553520BB78AEF7B047325C1 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[7] 2009-08-27 . FE2DFF83B7753AC47C553EF7D5289BEE . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6000.16386] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-04 . 157F8DE991396C536820D7FA5C8DCF7D . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[7] 2009-03-04 . 4DBD95312B1C96C5285D38F1D748CD4D . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[7] 2009-03-04 . 07ED775D6DB4BFA96D7CFB09EB228418 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[7] 2009-03-04 . 9F1427F203CA078005C9943800929640 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[7] 2009-03-04 . 9437CA21CD48C9B6BFD6F5AC0143D251 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[7] 2009-03-04 . 182CAF7403705ACCB51211A761080B8F . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-10-22 352256]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2011-10-22 352256]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2011-10-22 352256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-07 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\skozick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 531456]
.
c:\users\mkozick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 531456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2011-10-20 894976]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [2011-10-15 818808]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111022.030\IDSvix86.sys [2011-10-21 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-23 1135104]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-23 540160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-21 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
FF - ProfilePath - c:\users\mkozick\AppData\Roaming\Mozilla\Firefox\Profiles\4t2jc2sg.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\servicing\TrustedInstaller.exe
c:\program files\HP Games\My HP Game Console\GameConsoleService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\UI0Detect.exe
c:\windows\System32\vds.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\DllHost.exe
c:\windows\System32\rundll32.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2011-10-27 19:55:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-27 23:55
ComboFix2.txt 2011-10-25 23:49
.
Pre-Run: 169,529,401,344 bytes free
Post-Run: 166,453,878,784 bytes free
.
- - End Of File - - E2D7CF2215371A2A846BC44E7761083C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 27 October 2011 - 08:31 PM

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 michaelpmock

michaelpmock
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 29 October 2011 - 04:19 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=38812f3e5035994a9a0b38eda65f4dd9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-29 09:15:33
# local_time=2011-10-29 05:15:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=3588 16777214 85 82 422132 28514138 0 0
# compatibility_mode=5892 16776574 100 100 0 156525807 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=154830
# found=381
# cleaned=0
# scan_time=4654
C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\Setup.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b11\zipper.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\LightScribe\LSLauncher.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\LightScribe\LSPrintDialog.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\LightScribe\LSPrintingDialog.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\LightScribe\LSRunOnce.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\LightScribe\LSSrvc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\ink\InkWatson.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\ink\IpsOptInSrv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\ink\pipanel.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\CyberLink DVD Suite Deluxe\OLRSubmission\OLRStateCheck.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\Power2Go\Power2Go.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\Power2Go\Power2GoExpress.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\Power2Go\Power2GoExpressServer.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\PowerDirector\PDHanumanSvr.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\PowerDirector\PDR.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\PowerDirector\UACAgent.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\Shared files\EffectExtractor.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Cyberlink\Shared files\RichVideo.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Active Support\HPDOM\CheckBattery.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Active Support\HPDOM\HPDiags.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Active Support\HPDOM\MiniHwScan.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Advisor\hpsudelpacks.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\Cabarc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\hpdobject.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\HPAsset.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP Health Check\tools\ResetFileTime.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP TCS\HPHTMLGen.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP TCS\HPQSI.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP TCS\HPSUSettings.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP TCS\SetACL.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\HP TCS\symhpe.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\Media\DVD\genkey.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\Media\DVD\TaskScheduler.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\SDP\symhpe.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Hewlett-Packard\Shared\WizLink.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\hpqSSupply.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hposvc08.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\HpqApKil.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqpprop.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqpref.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqqpawp.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\HpqSplFix08.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqtbx01.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\HpqTrMgr.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\bin\hpqusgl.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Search\hpqanipl.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Search\hpqhlp01.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Search\hpqsrlp.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Search\hpqsrres.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzswp01.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\{387D9916-BD27-480f-8CF0-3228832BBAA2}\hpqrrx08.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP\Digital Imaging\{387D9916-BD27-480f-8CF0-3228832BBAA2}\setup\doccd.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP Games\My HP Game Console\GameConsole-wt.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP Games\My HP Game Console\GameConsole.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{64B9E2F5-558E-4C56-B419-A1679518F6E7}\setup.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Internet Explorer\iedw.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Internet Explorer\ieinstal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Internet Explorer\ieuser.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Internet Explorer\iexplore.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\java-rmi.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\java.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\javacpl.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\jureg.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\keytool.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\kinit.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\klist.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\ktab.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\orbd.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\pack200.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\policytool.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\rmid.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\rmiregistry.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\servertool.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\ssvagent.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\tnameserv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre1.6.0_07\bin\unpack200.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\java-rmi.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\java.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\javacpl.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\javaw.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\javaws.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\jbroker.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\jp2launcher.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\jqsnotify.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\jucheck.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\jureg.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\keytool.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\kinit.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\klist.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\ktab.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\orbd.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\pack200.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\policytool.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\rmid.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\rmiregistry.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\servertool.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\ssvagent.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\tnameserv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Java\jre6\bin\unpack200.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\JunoPreloader\Juno Offer!.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\LightScribe Template Labeler\TemplateLabeler.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\Chess\Chess.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\Hearts\Hearts.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\inkball\inkball.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\excelcnv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\Moc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\PPCNVCOM.EXE Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\PPTVIEW.EXE Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Office\Office12\Wordconv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Silverlight\slup.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\MSWorks.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\Setup.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WkCalRem.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WkChkMU.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WkDStore.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\wkgdcach.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WkRegAmu.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\wksab.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WksCal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\wksdb.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WksDict.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WksSb.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\wksss.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Microsoft Works\WksWP.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Movie Maker\CaptureWizard.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Movie Maker\MOVIEMK.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Movie Maker\VideoCameraAutoPlayManager.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\crashreporter.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\firefox.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\plugin-container.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\updater.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\muvee Technologies\muvee Reveal - SE\Help\muveereveal_chm.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\muvee Technologies\muvee Reveal - SE\reveal_quicktour\deploy_ready\launchquicktour.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\muvee Technologies\muvee Reveal - SE\reveal_quicktour\deploy_ready\fscommand\applauncher.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\NetZeroPreloader\NetZero Offer!.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\gengal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\msfontextract.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\nsplugin.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\odbcconfig.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\senddoc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\stclient_wrapper.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\testtool.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\bin\python.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\distutils\command\wininst-6.0.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\distutils\command\wininst-7.1.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\distutils\command\wininst-8.0.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\distutils\command\wininst-9.0.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\crashrep.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\python.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\quickstart.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\sbase.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\scalc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\sdraw.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\simpress.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\smath.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\sweb.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\swriter.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\unoinfo.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\program\unopkg.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\URE\bin\regcomp.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\URE\bin\regmerge.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\URE\bin\regview.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\OpenOffice.org 3\URE\bin\uno.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\applauncher.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\DisableMouse.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\IsProcessActive.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\LaunchApp.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\PcdrEngine.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\PhysX_PcDoc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\RunProfiler.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\SetHpOpt.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\drivers\LANPKT\i386\InstallDriver.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\drivers\LANPKT\vista\32\lansetv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PC-Doctor for Windows\drivers\LANPKT\vista\32\rtkbind.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PictureMover\Bin\PictureMover.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\QuickTime\QuickTimePlayer.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\Drivers\ChCfg.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\Drivers\Vista\AERTSrv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\Drivers\Vista\RtHDVCpl.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\Drivers\Vista\RtkAudioService.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\Drivers\Vista\SkyTel.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\Drivers\Vista\vncutil.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Secunia\PSI\psia.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Secunia\PSI\sua.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\SMINST\BLDetect.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\SMINST\CDCreatorLauncher.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\SMINST\ConfigureRM.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\SMINST\Remind.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Spybot - Search & Destroy\SDFiles.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Temp\HideWin.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Calendar\WinCal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Defender\MSASCui.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Journal\Journal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Journal\PDIALOG.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Mail\wab.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Mail\wabmig.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Mail\WindowsMailGadget.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Mail\WinMail.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\setup_wm.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmlaunch.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmpconfig.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmpenc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmplayer.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmprph.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\wmpshare.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows NT\Accessories\wordpad.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Photo Gallery\ImagingDevices.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\PC-Doctor for Windows\startmenu\startmenu-localizer.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\PictureMover\Bin\Proxy4WLPG.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\notepad.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\ehome\ehrecvr.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\ehome\ehsched.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\0.08304222887580304.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\alg.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\dfsr.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\Dll.dll.vir a variant of Win32/Lukicsel.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\dllhost.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\Locator.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\msdtc.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\msiexec.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\SLsvc.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\snmptrap.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spoolsv.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\UI0Detect.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\vds.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\VSSVC.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\wbem\WmiApSrv.exe.vir Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\PC-Doctor for Windows\startmenu\startmenu-localizer.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\PictureMover\Bin\Proxy4WLPG.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\ehome\ehrecvr.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\ehome\ehsched.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\alg.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\dfsr.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\dllhost.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\Firewalln.dll a variant of Win32/Kryptik.TMS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\Locator.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\msdtc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\msiexec.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\SLsvc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\snmptrap.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\spoolsv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\UI0Detect.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\VSSVC.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\drivers\XAudio.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\wbem\WmiApSrv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_infocard_b77a5c561934e089_6.0.6001.18096_none_cb93e139188459ef\infocard.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6001.18000_none_a8e952205b1e893c\alg.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-calendar_31bf3856ad364e35_6.0.6001.18000_none_90f0b3cb5ec7bc56\WinCal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-capturewizard_31bf3856ad364e35_6.0.6001.18000_none_6caf21de31abd9cf\CaptureWizard.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-capturewizard_31bf3856ad364e35_6.0.6001.18000_none_6caf21de31abd9cf\VideoCameraAutoPlayManager.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.0.6001.18000_none_195302e56002fb82\msdtc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.0.6000.16386_none_41ed2cb9f696f0a2\dllhost.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsr.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.0.6001.18000_none_bd697e04219e5a29\ehrecvr.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.0.6000.16386_none_a33c3cde3f230506\ehsched.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.0.6000.16386_none_226909d84c369cba\ImagingDevices.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-ie-extensionmanager_31bf3856ad364e35_6.0.6001.18000_none_4e25938577670ef1\iedw.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\iexplore.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6001.18000_none_e89bd91e91a25d81\ieinstal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6001.18000_none_0d440e3ad41d1d33\ieuser.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.0.6001.18000_none_498174cc8619e2a5\msiexec.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.0.6001.18000_none_c09dd331733760b0\wmprph.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-m..yer-sideshow-gadget_31bf3856ad364e35_6.0.6001.18000_none_2829a2edaef220ed\WMPSideShowGadget.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mail-sideshow-gadget_31bf3856ad364e35_6.0.6001.18000_none_bee072cd201a5a3d\WindowsMailGadget.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_6.0.6001.18000_none_1afab09e3ffabfdd\wmlaunch.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmpconfig.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\wmpshare.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18528_none_0b5c2f154f22adf2\wmpconfig.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18528_none_0b5c2f154f22adf2\wmplayer.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18528_none_0b5c2f154f22adf2\wmpshare.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535\setup_wm.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.0.6000.16386_none_a1ed725e2af09684\wmpenc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18494_none_f204a5b40d62fc49\MOVIEMK.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.0.6001.18000_none_8644ff1aeae0de50\msinfo32.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-notepadwin_31bf3856ad364e35_6.0.6001.18000_none_42c9ccdefb0d0dc9\notepad.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-photolibrary_31bf3856ad364e35_6.0.6000.16386_none_5fc28c0e19044691\WindowsPhotoGallery.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-rpc-locator_31bf3856ad364e35_6.0.6000.16386_none_ccfdd130eface46c\Locator.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..inboxgames-freecell_31bf3856ad364e35_6.0.6001.18000_none_5871c59a9cdacbf3\FreeCell.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.0.6001.18000_none_c0a3fbb5ef29fe27\Mahjong.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.0.6001.18000_none_74d4a1cd7e673a2e\Chess.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..l-inboxgames-hearts_31bf3856ad364e35_6.0.6001.18000_none_f409fe2f63d8cdb4\Hearts.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.0.6001.18000_none_82b83466754f24cc\SpiderSolitaire.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.0.6001.18000_none_751d5a58fbacf66d\Solitaire.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.0.6001.18000_none_a2611d5c392f48a1\MineSweeper.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6001.18000_none_4e777d79f985fac8\SLsvc.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72\UI0Detect.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6001.18000_none_cf8afedd3f67da88\snmptrap.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipanel.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.0.6001.18000_none_4264ef6a4d057d2c\PDIALOG.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.0.6000.16386_none_0b4aec3474d90358\FlickLearningWizard.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\InputPersonalization.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\IpsOptInSrv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\ShapeCollector.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6002.18005_none_41978c01c3760094\InputPersonalization.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6002.18005_none_41978c01c3760094\IpsOptInSrv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-tabletpc-inkball_31bf3856ad364e35_6.0.6001.18000_none_ca06807969eb5627\inkball.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-tabletpc-inkball_31bf3856ad364e35_6.0.6002.18005_none_cbf1f985670d2173\inkball.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-tabletpc-inkwatson_31bf3856ad364e35_6.0.6001.18000_none_085728f200fb9954\InkWatson.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.0.6001.18000_none_118f15c677824d1e\TabTip.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.0.6001.18000_none_17b18851a49835e5\Journal.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6001.18000_none_6aead29ffaae9c39\vds.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.0.6001.18000_none_5accce7717d773c7\VSSVC.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18535_none_428df8acd7a662ab\wab.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18535_none_428df8acd7a662ab\wabmig.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WmiApSrv.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-wordpad_31bf3856ad364e35_6.0.6001.18498_none_2d6133cf6d273f8e\wordpad.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18111_none_1ff70f6be8780df0\mscorsvw.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
D:\hp\apps\APP02235\automod32.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
D:\hp\apps\APP02235\src\MSWorks\en\msworks\Autorun.exe Win32/Expiro.X virus (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Expiro.X virus 00000000000000000000000000000000 I

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 29 October 2011 - 07:01 PM

Hello


That report does not look good at all. The virus it is picking up infects all files on the computer when confronted with this type of virus it is normally best to format the computer.

Win32/Expiro.X

Virus:Win32/Expiro.X is the detection for a virus that infects EXE files in all drives and collects user credentials from an infected computer. It also allows backdoor access and control to the infected computer, and lowers Internet Explorer settings.



when you go to backup your files you cannot save anything with a exe extension as these may be infected



gringo

Edited by gringo_pr, 29 October 2011 - 07:01 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:49 PM

Posted 01 November 2011 - 12:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users