Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win 7 antivirus 2012


  • This topic is locked This topic is locked
85 replies to this topic

#1 anji0824

anji0824

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 17 December 2011 - 10:59 AM

i have removed the virus itself, but my browser is redirecting to other sites and my cookie settings change by themselves. my cpu runs at 100. my internet disconnects and reconnects by itself even though it is not supposed to. i am using windows 7 starter on hp 110 netbook and my internet is verizon wireless moblie broadband. i have been using this over a year and have had no problems with connection untill now. i am at my witts end. any help is greatly appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 18 December 2011 - 06:00 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 19 December 2011 - 12:00 AM

hello gringo! thanks so much for helping me. i downloaded the combo fix and turned off security software. when i started running combofix i had 2 messages. 1) error opening file for writing C:\32788R22FWJFW\Prev.3XE then 2) microsoft security essentials is active. i had this program previously but it has been uninstalled and i can find no trace of it on my computer. i cannot not find a way to turn it off and the combo fix saays that could be bad. should i proceed?? i also noticed when i was looking in control panel\notificaton area icons there was a listing for: egq.exe win 7 antivirus 2012 . will not let combofix run untill i hear from you! thanks again

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 19 December 2011 - 12:34 AM

Hello


go ahead and let it run


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 19 December 2011 - 07:51 PM

hi gringo, i ran combo fix and so far everything seems to be ok. the only thing i have noticed so far is some weird screen flickering. here is the log. i'll let you know of any other problems. thanks so much!! ComboFix 11-12-18.02 - butler 12/19/2011 17:39:30.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.289 [GMT -6:00]
Running from: c:\users\butler\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 20:38 . 2011-12-20 20:39 -------- d-----w- c:\programdata\McAfee
2011-12-20 00:08 . 2011-12-20 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 22:32 . 2011-12-17 22:32 0 ----a-w- c:\windows\system32\sho57B9.tmp
2011-12-17 14:25 . 2011-12-17 14:25 100864 ----a-w- C:\ufdiipod.sys
2011-12-17 13:32 . 2011-12-17 14:23 -------- d-----w- c:\program files\Common Files\PC Tools
2011-12-17 13:19 . 2011-12-17 13:19 -------- d-----w- c:\programdata\PC Tools
2011-12-17 13:19 . 2011-12-17 13:19 -------- d-----w- c:\users\butler\AppData\Roaming\TestApp
2011-12-17 12:45 . 2011-12-17 12:45 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-17 12:44 . 2011-12-17 12:44 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-17 12:43 . 2011-12-17 12:43 -------- d-----w- c:\programdata\Hitman Pro
2011-12-15 16:49 . 2011-12-20 00:08 -------- d-----w- c:\users\butler\AppData\Local\temp
2011-12-15 13:11 . 2011-12-15 16:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-12-15 02:29 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 02:18 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:18 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 02:17 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:17 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:16 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 02:16 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 14:15 . 2011-12-14 14:15 -------- d-----w- c:\users\butler\AppData\Roaming\Malwarebytes
2011-12-14 14:15 . 2011-12-14 14:15 -------- d-----w- c:\programdata\Malwarebytes
2011-12-14 14:15 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-14 14:14 . 2011-12-14 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-14 06:04 . 2011-12-14 06:04 1722 ----a-w- c:\windows\system32\drivers\SMR210.dat
2011-12-14 06:04 . 2011-12-14 06:04 46640 ----a-w- c:\windows\system32\msln.exe
2011-12-14 05:46 . 2011-12-14 05:46 83064 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-12-14 05:43 . 2011-12-14 06:10 -------- d-----w- c:\users\butler\AppData\Local\NPE
2011-12-14 05:12 . 2011-12-14 05:12 -------- d-----w- c:\users\butler\AppData\Roaming\Tific
2011-12-14 05:12 . 2011-12-14 05:12 -------- d-----w- c:\users\butler\AppData\Local\Symantec
2011-12-14 05:08 . 2011-07-06 18:44 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-14 05:08 . 2011-12-14 05:08 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-14 05:08 . 2011-12-14 05:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-12-14 05:08 . 2011-12-14 05:08 -------- d-----w- c:\program files\Symantec
2011-12-14 05:08 . 2010-08-21 03:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-12-14 03:53 . 2011-12-14 03:53 -------- d-----w- c:\windows\system32\drivers\N360
2011-12-14 03:53 . 2011-12-14 03:53 -------- d-----w- c:\program files\Norton 360
2011-12-14 03:53 . 2011-12-14 03:53 -------- d-----w- c:\program files\NortonInstaller
2011-12-10 16:28 . 2011-12-10 16:28 0 ----a-w- c:\windows\system32\shoF4B8.tmp
2011-11-22 22:46 . 2011-11-22 22:46 -------- d-----w- C:\found.000
2011-11-22 22:27 . 2011-12-15 17:19 -------- d-----w- c:\users\butler\AppData\Roaming\vlc
2011-11-22 21:51 . 2011-11-22 21:57 -------- d-----w- c:\users\butler\AppData\Local\Graboid
2011-11-22 21:51 . 2011-11-22 21:51 -------- d-----w- c:\programdata\Graboid Inc
2011-11-22 21:51 . 2011-11-22 21:51 -------- d-----w- c:\users\butler\AppData\Local\Geckofx
2011-11-22 21:46 . 2011-11-22 22:36 -------- d-----w- c:\program files\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 11:44 . 2011-07-06 15:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-12 22:01 . 2011-11-12 22:01 0 ----a-w- c:\windows\system32\shoAC94.tmp
2011-11-10 03:54 . 2011-11-10 03:54 0 ----a-w- c:\windows\system32\sho5184.tmp
2011-10-19 21:01 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:03 . 2011-11-08 23:36 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouTube Mini"="c:\program files\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe" [2011-11-05 157696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-24 495708]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-03-25 2421760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Media Suite.lnk]
backup=c:\windows\pss\HP Media Suite.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 21:50 54576 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-11-06 04:54 283160 ----a-w- c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 20:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skyhook Wireless XPS Service]
2010-06-28 10:03 672584 ----a-w- c:\program files\Skyhook Wireless\XPS\xpscontrolpanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
2010-08-28 00:24 2038 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
.
R1 MpKsl01dadb39;MpKsl01dadb39;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B80378D-0D10-4BA1-BC45-0AB1401A4DD1}\MpKsl01dadb39.sys [x]
R1 MpKsl03302cbd;MpKsl03302cbd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5D3FE85-BDFC-4D5F-89C4-9789A8E1316D}\MpKsl03302cbd.sys [x]
R1 MpKsl0a9b67e4;MpKsl0a9b67e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4485141F-2D30-4B1D-B4A9-AF4BEC47C5B1}\MpKsl0a9b67e4.sys [x]
R1 MpKsl0ba68732;MpKsl0ba68732;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89013FB5-0E79-45A0-A1E4-F6930E791F1A}\MpKsl0ba68732.sys [x]
R1 MpKsl0bc0989e;MpKsl0bc0989e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB0E47AD-B611-4D6D-B43B-3CC81FF555C2}\MpKsl0bc0989e.sys [x]
R1 MpKsl0fc9abea;MpKsl0fc9abea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{733811BD-33D4-448E-908F-14CFCF5750D9}\MpKsl0fc9abea.sys [x]
R1 MpKsl105411c1;MpKsl105411c1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{610938AB-5778-49AC-B0EB-C9C493F42022}\MpKsl105411c1.sys [x]
R1 MpKsl13b0cc82;MpKsl13b0cc82;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B78CA17-DFA4-42D6-A7F9-DA1EC7AB43E3}\MpKsl13b0cc82.sys [x]
R1 MpKsl14225a94;MpKsl14225a94;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAE00CC6-652E-4F77-9B14-D25BA8F5EA5F}\MpKsl14225a94.sys [x]
R1 MpKsl14464d19;MpKsl14464d19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4032FC40-35B7-4793-88B6-79B05F8D8648}\MpKsl14464d19.sys [x]
R1 MpKsl180ff093;MpKsl180ff093;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{685188BE-4E68-4AEB-AE97-C320697087DA}\MpKsl180ff093.sys [x]
R1 MpKsl198e7e18;MpKsl198e7e18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F82DCB42-25BB-48BC-8653-A9F0728189C2}\MpKsl198e7e18.sys [x]
R1 MpKsl1a586c5d;MpKsl1a586c5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A23B7449-8773-40E1-98C9-121E45E904C3}\MpKsl1a586c5d.sys [x]
R1 MpKsl1a5ca659;MpKsl1a5ca659;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{832FEDA1-C317-4D0B-B97E-D86DDC31D885}\MpKsl1a5ca659.sys [x]
R1 MpKsl1b990363;MpKsl1b990363;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85606C80-D295-4B67-BA14-1A544B2D059D}\MpKsl1b990363.sys [x]
R1 MpKsl1b9e8c08;MpKsl1b9e8c08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52877AE7-1A70-4A01-9158-5068C64FD474}\MpKsl1b9e8c08.sys [x]
R1 MpKsl1c419c52;MpKsl1c419c52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DA53DE7-4807-46D3-85D2-05DF8C1B6D6F}\MpKsl1c419c52.sys [x]
R1 MpKsl20dd47cb;MpKsl20dd47cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4E55354-772F-44CE-AA3F-EAC1CC0226F7}\MpKsl20dd47cb.sys [x]
R1 MpKsl2419458f;MpKsl2419458f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B05CF191-4987-4B12-B36E-5818BDD7F00A}\MpKsl2419458f.sys [x]
R1 MpKsl24fa42e9;MpKsl24fa42e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8550CE3-8DBE-4067-9FD6-D746F656CF53}\MpKsl24fa42e9.sys [x]
R1 MpKsl255b3976;MpKsl255b3976;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7304A51F-F855-4911-8DD6-866DA50298B9}\MpKsl255b3976.sys [x]
R1 MpKsl2a48b61f;MpKsl2a48b61f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07BB103B-F498-429C-81D1-EE03F5B624E2}\MpKsl2a48b61f.sys [x]
R1 MpKsl2b10ce0e;MpKsl2b10ce0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A304B7AB-2738-489B-B652-F3EB772C613D}\MpKsl2b10ce0e.sys [x]
R1 MpKsl33bdc542;MpKsl33bdc542;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BDF386E-F789-4EB0-BB74-1F2AE9DDEA7F}\MpKsl33bdc542.sys [x]
R1 MpKsl347bc246;MpKsl347bc246;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D73FB5E-11D9-4BF8-B0A3-7127EBFD1A42}\MpKsl347bc246.sys [x]
R1 MpKsl35556855;MpKsl35556855;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4485141F-2D30-4B1D-B4A9-AF4BEC47C5B1}\MpKsl35556855.sys [x]
R1 MpKsl39945a0a;MpKsl39945a0a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F345F90-B7A2-47DA-A45E-EBBC320D77D4}\MpKsl39945a0a.sys [x]
R1 MpKsl3b079360;MpKsl3b079360;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2850E3C2-A2B3-48DB-9A35-CFFC846CEA18}\MpKsl3b079360.sys [x]
R1 MpKsl3dfbd28a;MpKsl3dfbd28a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A23B7449-8773-40E1-98C9-121E45E904C3}\MpKsl3dfbd28a.sys [x]
R1 MpKsl40524851;MpKsl40524851;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B68CA5D-7401-4349-89E7-2A2E9973778F}\MpKsl40524851.sys [x]
R1 MpKsl41d29bc0;MpKsl41d29bc0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95C9BC7B-3E95-4E73-BFA6-12A422ECA1B7}\MpKsl41d29bc0.sys [x]
R1 MpKsl4a51ac37;MpKsl4a51ac37;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A304B7AB-2738-489B-B652-F3EB772C613D}\MpKsl4a51ac37.sys [x]
R1 MpKsl4c87f79b;MpKsl4c87f79b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F345F90-B7A2-47DA-A45E-EBBC320D77D4}\MpKsl4c87f79b.sys [x]
R1 MpKsl4e3460ab;MpKsl4e3460ab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10A1E247-4F4A-4B14-ADDC-DB4701BC93BE}\MpKsl4e3460ab.sys [x]
R1 MpKsl544a7f14;MpKsl544a7f14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B166698-E7D8-4485-8886-995D1FB56B69}\MpKsl544a7f14.sys [x]
R1 MpKsl55d9e9c6;MpKsl55d9e9c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95C9BC7B-3E95-4E73-BFA6-12A422ECA1B7}\MpKsl55d9e9c6.sys [x]
R1 MpKsl57cd8d19;MpKsl57cd8d19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AA5D1B4-4ED2-4568-A50E-1F686C7005D3}\MpKsl57cd8d19.sys [x]
R1 MpKsl59e7ff41;MpKsl59e7ff41;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A66AF0B-1AB3-4113-ABA6-8EB783FA3780}\MpKsl59e7ff41.sys [x]
R1 MpKsl5f0e655d;MpKsl5f0e655d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4032FC40-35B7-4793-88B6-79B05F8D8648}\MpKsl5f0e655d.sys [x]
R1 MpKsl684ef2fd;MpKsl684ef2fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B13A6912-4ED6-4BBE-A68A-6F4426E6999F}\MpKsl684ef2fd.sys [x]
R1 MpKsl69bcef72;MpKsl69bcef72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F875D7B4-3350-463F-82CB-29A2AC70DF62}\MpKsl69bcef72.sys [x]
R1 MpKsl69ef17dd;MpKsl69ef17dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CD7846B-B125-468F-8755-0957062BC7DE}\MpKsl69ef17dd.sys [x]
R1 MpKsl6a05f3c3;MpKsl6a05f3c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FC9E66F-67B6-4681-B0C2-A5FA3480DB8D}\MpKsl6a05f3c3.sys [x]
R1 MpKsl6ab3f007;MpKsl6ab3f007;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B166698-E7D8-4485-8886-995D1FB56B69}\MpKsl6ab3f007.sys [x]
R1 MpKsl6b4383e4;MpKsl6b4383e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04E57B50-E7C0-4EE3-A0F8-962393A9BD2C}\MpKsl6b4383e4.sys [x]
R1 MpKsl6dd65b72;MpKsl6dd65b72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{610938AB-5778-49AC-B0EB-C9C493F42022}\MpKsl6dd65b72.sys [x]
R1 MpKsl754caf2c;MpKsl754caf2c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A4739C9-5010-4210-851A-BB520A979DDF}\MpKsl754caf2c.sys [x]
R1 MpKsl75776feb;MpKsl75776feb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4854BDE-220D-45DA-BCC8-64FA2519E0B4}\MpKsl75776feb.sys [x]
R1 MpKsl75b186f5;MpKsl75b186f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A23B7449-8773-40E1-98C9-121E45E904C3}\MpKsl75b186f5.sys [x]
R1 MpKsl792e5f71;MpKsl792e5f71;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FBFC93F-A880-448A-8D28-C471838D1297}\MpKsl792e5f71.sys [x]
R1 MpKsl7ded948f;MpKsl7ded948f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B78CA17-DFA4-42D6-A7F9-DA1EC7AB43E3}\MpKsl7ded948f.sys [x]
R1 MpKsl7f4bc676;MpKsl7f4bc676;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9165E6-CA16-4D9F-9186-309DE0D7D4B9}\MpKsl7f4bc676.sys [x]
R1 MpKsl86a5dbfb;MpKsl86a5dbfb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA889FDD-7091-4E45-9AB1-07D0904CC343}\MpKsl86a5dbfb.sys [x]
R1 MpKsl88b6b24b;MpKsl88b6b24b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A66AF0B-1AB3-4113-ABA6-8EB783FA3780}\MpKsl88b6b24b.sys [x]
R1 MpKsl88bab481;MpKsl88bab481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCB1A390-BA41-4E31-B6BA-E6230304996F}\MpKsl88bab481.sys [x]
R1 MpKsl8fe82dd0;MpKsl8fe82dd0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64752FCA-CA8E-4F7E-BA32-B720461CA42D}\MpKsl8fe82dd0.sys [x]
R1 MpKsl9020772b;MpKsl9020772b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FF48FB8-E96E-476C-9A0F-DEE543AAC06F}\MpKsl9020772b.sys [x]
R1 MpKsl902cfc21;MpKsl902cfc21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0A3267D-C961-4F7C-A8C8-9DB4EB4290E3}\MpKsl902cfc21.sys [x]
R1 MpKsl95fb5d87;MpKsl95fb5d87;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{610938AB-5778-49AC-B0EB-C9C493F42022}\MpKsl95fb5d87.sys [x]
R1 MpKsl96aea416;MpKsl96aea416;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB0AB7DE-8D07-44F1-B0D9-F19C2C7500BE}\MpKsl96aea416.sys [x]
R1 MpKsl99451439;MpKsl99451439;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55125EA0-75FF-437F-9649-1509A2DB7285}\MpKsl99451439.sys [x]
R1 MpKsl9a0019ff;MpKsl9a0019ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07BB103B-F498-429C-81D1-EE03F5B624E2}\MpKsl9a0019ff.sys [x]
R1 MpKsla44b71da;MpKsla44b71da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{910144D1-E997-4279-B6C0-0359F97B5DF5}\MpKsla44b71da.sys [x]
R1 MpKsla935b9d9;MpKsla935b9d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16544168-D10A-4894-AB4C-C12F405E4B7C}\MpKsla935b9d9.sys [x]
R1 MpKslab2723bc;MpKslab2723bc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74DDBCA2-5BFB-48D6-9048-BE9FA7EE3AFD}\MpKslab2723bc.sys [x]
R1 MpKslb7261802;MpKslb7261802;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31E47E18-A952-4EAA-B5A6-BBF3BBC8C804}\MpKslb7261802.sys [x]
R1 MpKslb971e042;MpKslb971e042;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B13A6912-4ED6-4BBE-A68A-6F4426E6999F}\MpKslb971e042.sys [x]
R1 MpKslba610173;MpKslba610173;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DAF9098-F75B-442F-8F3A-BA86DD6F4692}\MpKslba610173.sys [x]
R1 MpKslba8bc8f2;MpKslba8bc8f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E73736BD-02D4-4228-84F3-549D518160D6}\MpKslba8bc8f2.sys [x]
R1 MpKslbd427530;MpKslbd427530;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{897A5F7F-3B96-410A-934D-E82024971EB1}\MpKslbd427530.sys [x]
R1 MpKslbeb5323e;MpKslbeb5323e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BE61256-F52D-409E-B2C6-1D0E46BF5A4D}\MpKslbeb5323e.sys [x]
R1 MpKslbf0b79d8;MpKslbf0b79d8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D94C073-026C-406C-A1AC-959E638C9431}\MpKslbf0b79d8.sys [x]
R1 MpKslbfb7800b;MpKslbfb7800b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A23B7449-8773-40E1-98C9-121E45E904C3}\MpKslbfb7800b.sys [x]
R1 MpKslc17d1867;MpKslc17d1867;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0232C93C-8B9B-41B5-853C-ED17A1373680}\MpKslc17d1867.sys [x]
R1 MpKslc3120f0e;MpKslc3120f0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6954FB6-003A-4141-889F-953407949990}\MpKslc3120f0e.sys [x]
R1 MpKslc829a763;MpKslc829a763;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B17A8378-A508-4ADF-A499-D9AFE82536B3}\MpKslc829a763.sys [x]
R1 MpKsld0fd77cb;MpKsld0fd77cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F88CD9C0-4A49-4962-A565-155526822A3F}\MpKsld0fd77cb.sys [x]
R1 MpKsld20c78a8;MpKsld20c78a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A23B7449-8773-40E1-98C9-121E45E904C3}\MpKsld20c78a8.sys [x]
R1 MpKsld23f4c14;MpKsld23f4c14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A66AF0B-1AB3-4113-ABA6-8EB783FA3780}\MpKsld23f4c14.sys [x]
R1 MpKsld5206c63;MpKsld5206c63;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE9B900C-4F42-4DA0-A9EC-F3D6A4DA2D65}\MpKsld5206c63.sys [x]
R1 MpKsld92831c4;MpKsld92831c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4181AE37-27BB-4BE9-BF36-02C37CA122C9}\MpKsld92831c4.sys [x]
R1 MpKsle0ef4418;MpKsle0ef4418;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76BAFEEF-D327-448C-9F62-2429623349D3}\MpKsle0ef4418.sys [x]
R1 MpKsle1b0fa0e;MpKsle1b0fa0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BDF386E-F789-4EB0-BB74-1F2AE9DDEA7F}\MpKsle1b0fa0e.sys [x]
R1 MpKsle2ea15e7;MpKsle2ea15e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD53E319-8403-4AEA-9874-69601D4CF362}\MpKsle2ea15e7.sys [x]
R1 MpKsle4c8f7fc;MpKsle4c8f7fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7304A51F-F855-4911-8DD6-866DA50298B9}\MpKsle4c8f7fc.sys [x]
R1 MpKsle587ef21;MpKsle587ef21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FF2566F-ADEC-4C8F-BDFE-4D48C91B85A4}\MpKsle587ef21.sys [x]
R1 MpKsleae5675a;MpKsleae5675a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4485141F-2D30-4B1D-B4A9-AF4BEC47C5B1}\MpKsleae5675a.sys [x]
R1 MpKslef82902c;MpKslef82902c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FF48FB8-E96E-476C-9A0F-DEE543AAC06F}\MpKslef82902c.sys [x]
R1 MpKslf3e44205;MpKslf3e44205;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7304A51F-F855-4911-8DD6-866DA50298B9}\MpKslf3e44205.sys [x]
R1 MpKslf3f0b60a;MpKslf3f0b60a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31E47E18-A952-4EAA-B5A6-BBF3BBC8C804}\MpKslf3f0b60a.sys [x]
R1 MpKslf4700c22;MpKslf4700c22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9FB26C4-0338-4FC0-8EA6-A65558AB122B}\MpKslf4700c22.sys [x]
R1 MpKslf4ab0701;MpKslf4ab0701;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB7082CB-CFF6-4435-969B-0A123DDC1FC3}\MpKslf4ab0701.sys [x]
R1 MpKslf6c2be80;MpKslf6c2be80;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B17A8378-A508-4ADF-A499-D9AFE82536B3}\MpKslf6c2be80.sys [x]
R1 MpKslf6dd4315;MpKslf6dd4315;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA889FDD-7091-4E45-9AB1-07D0904CC343}\MpKslf6dd4315.sys [x]
R1 MpKslf8aaf6f4;MpKslf8aaf6f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31E47E18-A952-4EAA-B5A6-BBF3BBC8C804}\MpKslf8aaf6f4.sys [x]
R1 MpKslf933ef40;MpKslf933ef40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54C1998E-7101-47C9-82F2-E7E654AA688C}\MpKslf933ef40.sys [x]
R1 MpKslfcd94360;MpKslfcd94360;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5301602-0FC5-4558-9762-53F8E4B0943C}\MpKslfcd94360.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2010-05-12 5248]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2010-05-12 372224]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2010-05-12 190592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [2011-12-14 83064]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys [2011-11-24 819320]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-03-28 147416]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111216.001\IDSvix86.sys [2011-12-13 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS [2011-07-08 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2010-05-12 331512]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 xpssvc;Skyhook Wireless XPS Service;c:\program files\Skyhook Wireless\XPS\xpssvc.exe [2010-06-28 707400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-13 106104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-11-20 230944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-20 267880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 XPSVCOM;XPSVCOM;c:\windows\system32\DRIVERS\XPSVCOM.sys [2010-06-02 12416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
xmlpros REG_MULTI_SZ XMLProvS
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-04-19 03:47 702464 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-20 c:\windows\Tasks\HPCeeScheduleForbutler.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Supplementary Scan -------
.
TCP: Interfaces\{D06BC2A5-E34D-4C2F-9043-759C977815CC}: NameServer = 69.78.96.14 66.174.95.44
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\mswsock.dll
mswsock.dll 75430000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
.
- - - - - - - > 'Explorer.exe'(5800)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\program files\Norton 360\Engine\5.1.0.29\buShell.dll
.
Completion time: 2011-12-19 18:16:12
ComboFix-quarantined-files.txt 2011-12-20 00:16
ComboFix2.txt 2011-12-15 16:49
.
Pre-Run: 103,491,563,520 bytes free
Post-Run: 103,679,983,616 bytes free
.
- - End Of File - - 3FF4CDD48C90DEC7BA24C9ADFA342366

#6 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 19 December 2011 - 07:59 PM

hello gringo, just wnted to let you know i am still internet connection is still closing and cpu usage still goes to 100. this seems to be when i loose connection to internet. i don't know about browser redirection yet, i have only been to this website. thanks again

#7 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 19 December 2011 - 08:23 PM

hey gringo, seems like the only time i get redirected is when i do a search (bing) and click on a link.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 20 December 2011 - 12:32 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 20 December 2011 - 07:28 AM

hello gringo i ran the tdss killer here is the log. ahhhh for some reason, i cannot copy and paste the report. i can highlight it , but am unable to paste. the program found no threats and no reboot was required. i will continue to try to get the report to post. thanks anji0824

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 20 December 2011 - 07:56 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 20 December 2011 - 09:16 AM

hey gringo! ran the program and here's the log. saved the other one to the desktop if needed. thanks again OTL logfile created on: 12/20/2011 7:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\butler\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.90 Mb Total Physical Memory | 127.11 Mb Available Physical Memory | 12.56% Memory free
1.99 Gb Paging File | 0.48 Gb Available in Paging File | 24.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.45 Gb Total Space | 96.31 Gb Free Space | 71.63% Space Free | Partition Type: NTFS
Drive D: | 14.30 Gb Total Space | 2.05 Gb Free Space | 14.36% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 89.22 Mb Free Space | 90.27% Space Free | Partition Type: FAT32

Computer Name: BUTLER-PC | User Name: butler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\butler\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
PRC - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\PING.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (xpssvc) -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
SRV - (QDLService2kHP) Qualcomm Gobi 2000 Download Service (HP) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111219.035\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111219.035\NAVENG.SYS (Symantec Corporation)
DRV - (SMR210) -- C:\Windows\System32\drivers\SMR210.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111219.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111210.003\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymNetS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (XPSVCOM) -- C:\Windows\System32\drivers\XPSVCOM.sys (Skyhook Wireless)
DRV - (qcusbnethp2k) Gobi 2000 USB-NDIS miniport(03F0-251D) -- C:\Windows\System32\drivers\qcusbnethp2k.sys (QUALCOMM Incorporated)
DRV - (qcusbserhp2k) Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D) -- C:\Windows\System32\drivers\qcusbserhp2k.sys (QUALCOMM Incorporated)
DRV - (qcfilterhp2k) Gobi 2000 USB Composite Device Filter Driver(03F0-251D) -- C:\Windows\System32\drivers\qcfilterhp2k.sys (QUALCOMM Incorporated)
DRV - (CbFs) -- C:\Windows\System32\drivers\cbfs.sys ()
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-69664515-3888567789-885669091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-69664515-3888567789-885669091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\butler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/13 13:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/12/15 09:12:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_3_6 [2011/12/20 07:10:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/15 10:42:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-69664515-3888567789-885669091-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-69664515-3888567789-885669091-1000..\Run: [YouTube Mini] C:\Program Files\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-69664515-3888567789-885669091-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-69664515-3888567789-885669091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D06BC2A5-E34D-4C2F-9043-759C977815CC}: NameServer = 69.78.96.14 66.174.95.44
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 14:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/12/20 07:28:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\butler\Desktop\OTL.exe
[2011/12/20 05:57:17 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\butler\Desktop\tdsskiller.exe
[2011/12/19 18:13:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/18 22:05:23 | 004,344,515 | R--- | C] (Swearware) -- C:\Users\butler\Desktop\ComboFix.exe
[2011/12/17 08:25:52 | 000,100,864 | ---- | C] (GMER) -- C:\ufdiipod.sys
[2011/12/17 08:14:50 | 000,000,000 | ---D | C] -- C:\Users\butler\Desktop\gmer
[2011/12/17 07:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/17 07:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/17 07:19:10 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Roaming\TestApp
[2011/12/17 06:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/12/17 06:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/15 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\temp
[2011/12/15 08:19:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/15 08:19:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/15 08:19:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/15 08:18:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/15 08:13:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/15 07:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/12/14 20:33:06 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\{0FE3574B-010F-447F-88D0-DA6F9C982171}
[2011/12/14 20:32:08 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\{9A374E13-825C-40CF-979A-EEBC50A7AFFF}
[2011/12/14 20:30:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 20:30:19 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 20:30:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 20:30:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 20:30:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 20:29:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 20:18:17 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 20:18:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 20:17:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 20:17:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 20:16:55 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 20:16:55 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 08:48:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/14 08:15:54 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Roaming\Malwarebytes
[2011/12/14 08:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/14 08:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/14 08:15:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/14 08:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/14 00:04:25 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2011/12/13 23:46:18 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR210.SYS
[2011/12/13 23:43:22 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\NPE
[2011/12/13 23:18:34 | 000,000,000 | ---D | C] -- C:\Users\butler\Documents\Symantec
[2011/12/13 23:12:06 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Roaming\Tific
[2011/12/13 23:12:03 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\Symantec
[2011/12/13 23:08:54 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/12/13 23:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/13 23:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/13 23:08:33 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.sys
[2011/12/13 23:08:33 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.sys
[2011/12/13 23:08:33 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
[2011/12/13 23:08:33 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
[2011/12/13 23:08:32 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
[2011/12/13 23:08:32 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\Ironx86.sys
[2011/12/13 23:08:12 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/12/13 21:53:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/12/13 21:53:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
[2011/12/13 21:53:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/12/13 21:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/12/13 21:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/13 21:08:15 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/12/02 06:21:55 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\{F63626F7-A1D3-438A-A06D-BD456907E16D}
[2011/12/02 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\{2F05B320-89E8-4F3A-8A65-53452B7BB0B8}
[2011/11/23 18:41:14 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\{6C7B5468-247C-473E-8578-4D8A7F5C7F44}
[2011/11/23 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\{4868AD48-F028-4C66-B273-B3362E9ABF07}
[2011/11/22 16:46:59 | 000,000,000 | ---D | C] -- C:\found.000
[2011/11/22 16:27:43 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Roaming\vlc
[2011/11/22 15:51:54 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\Graboid_Inc
[2011/11/22 15:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2011/11/22 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\Graboid
[2011/11/22 15:51:49 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Local\Geckofx
[2011/11/22 15:51:46 | 000,000,000 | ---D | C] -- C:\Users\butler\AppData\Roaming\Mozilla
[2011/11/22 15:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/11/22 15:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 15:07:08 | 000,000,416 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/20 15:05:33 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbutler.job
[2011/12/20 07:28:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\butler\Desktop\OTL.exe
[2011/12/20 07:18:21 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 07:18:21 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 07:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 07:10:25 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 05:57:18 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\butler\Desktop\tdsskiller.exe
[2011/12/19 19:55:27 | 000,011,094 | -HS- | M] () -- C:\Users\butler\AppData\Local\gxinlh7k4nei2qoa2gfu5x365g4s
[2011/12/19 19:55:27 | 000,011,094 | -HS- | M] () -- C:\ProgramData\gxinlh7k4nei2qoa2gfu5x365g4s
[2011/12/18 22:05:47 | 004,344,515 | R--- | M] (Swearware) -- C:\Users\butler\Desktop\ComboFix.exe
[2011/12/18 08:14:48 | 000,624,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/18 08:14:48 | 000,106,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/17 09:41:48 | 000,007,106 | ---- | M] () -- C:\Users\butler\Desktop\Attach.zip
[2011/12/17 09:31:30 | 000,001,679 | ---- | M] () -- C:\Users\butler\Desktop\gmer log.zip
[2011/12/17 08:25:52 | 000,100,864 | ---- | M] (GMER) -- C:\ufdiipod.sys
[2011/12/17 08:10:42 | 000,294,216 | ---- | M] () -- C:\Users\butler\Desktop\gmer.zip
[2011/12/17 07:34:57 | 001,490,824 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/17 07:27:01 | 189,287,365 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/17 07:09:20 | 000,000,000 | ---- | M] () -- C:\Users\butler\defogger_reenable
[2011/12/17 06:45:01 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/17 06:08:44 | 000,001,082 | ---- | M] () -- C:\Users\butler\Desktop\123.com - Shortcut.lnk
[2011/12/16 21:29:42 | 000,007,598 | ---- | M] () -- C:\Users\butler\AppData\Local\Resmon.ResmonCfg
[2011/12/16 07:12:30 | 001,008,141 | ---- | M] () -- C:\Users\butler\Desktop\iExplore.exe
[2011/12/16 07:11:21 | 000,001,205 | ---- | M] () -- C:\Users\butler\Desktop\FixNCR.reg
[2011/12/15 10:42:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/14 21:55:21 | 000,241,693 | ---- | M] () -- C:\Users\butler\Desktop\EPA Links Fracking to Groundwater Contamination.mht
[2011/12/14 21:04:26 | 000,267,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 21:02:47 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2011/12/14 20:52:33 | 001,490,824 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/14 08:50:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/14 08:15:22 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 00:04:32 | 000,001,722 | ---- | M] () -- C:\Windows\System32\drivers\SMR210.dat
[2011/12/14 00:04:25 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2011/12/13 23:51:43 | 000,001,266 | ---- | M] () -- C:\Users\butler\Desktop\Norton Installation Files.lnk
[2011/12/13 23:46:18 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR210.SYS
[2011/12/13 23:08:53 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/12/13 23:08:53 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/12/13 23:08:53 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/12/13 23:08:45 | 000,002,390 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/12/13 21:06:24 | 000,839,113 | ---- | M] () -- C:\Users\butler\Documents\Order Review.mht
[2011/12/07 07:58:20 | 000,059,717 | ---- | M] () -- C:\Users\butler\Documents\Application Summary Report - FAFSA on the Web - Federal Student Aid.htm
[2011/12/07 07:55:34 | 000,006,402 | ---- | M] () -- C:\Users\butler\Documents\PIN Application Confirmation - Federal Student Aid.htm
[2011/12/03 17:49:43 | 000,074,211 | ---- | M] () -- C:\Users\butler\Desktop\newt.jpg
[2011/12/03 07:19:41 | 000,003,197 | ---- | M] () -- C:\Users\butler\Documents\184260_102621233151961_100002122542277_22937_7574083_n - Shortcut.lnk
[2011/11/27 22:25:53 | 000,000,581 | ---- | M] () -- C:\Users\butler\Desktop\pictures - Shortcut (2).lnk
[2011/11/23 22:25:27 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/22 15:50:34 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 15:06:58 | 000,000,416 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/12/17 09:41:48 | 000,007,106 | ---- | C] () -- C:\Users\butler\Desktop\Attach.zip
[2011/12/17 09:31:30 | 000,001,679 | ---- | C] () -- C:\Users\butler\Desktop\gmer log.zip
[2011/12/17 08:10:31 | 000,294,216 | ---- | C] () -- C:\Users\butler\Desktop\gmer.zip
[2011/12/17 07:32:50 | 001,490,824 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/17 07:09:20 | 000,000,000 | ---- | C] () -- C:\Users\butler\defogger_reenable
[2011/12/17 06:45:01 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/17 06:08:44 | 000,001,082 | ---- | C] () -- C:\Users\butler\Desktop\123.com - Shortcut.lnk
[2011/12/16 07:12:30 | 001,008,141 | ---- | C] () -- C:\Users\butler\Desktop\iExplore.exe
[2011/12/16 07:11:19 | 000,001,205 | ---- | C] () -- C:\Users\butler\Desktop\FixNCR.reg
[2011/12/15 08:19:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 08:19:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 08:19:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 08:19:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 08:19:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/14 21:55:15 | 000,241,693 | ---- | C] () -- C:\Users\butler\Desktop\EPA Links Fracking to Groundwater Contamination.mht
[2011/12/14 21:02:46 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/12/14 20:09:09 | 000,871,447 | ---- | C] () -- C:\Users\butler\Documents\CLGF-msnbc.pdf
[2011/12/14 20:07:16 | 189,287,365 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/14 08:15:22 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 00:04:25 | 000,001,722 | ---- | C] () -- C:\Windows\System32\drivers\SMR210.dat
[2011/12/13 23:09:03 | 001,490,824 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
[2011/12/13 23:08:54 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/12/13 23:08:54 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/12/13 23:08:45 | 000,002,390 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/12/13 23:08:33 | 000,000,000 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.cat
[2011/12/13 21:53:26 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.inf
[2011/12/13 21:53:26 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymDS.inf
[2011/12/13 21:53:26 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNet.inf
[2011/12/13 21:53:26 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
[2011/12/13 21:53:26 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
[2011/12/13 21:53:26 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Iron.inf
[2011/12/13 21:53:22 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
[2011/12/13 21:53:22 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymNet.cat
[2011/12/13 21:53:22 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\SymEFA.cat
[2011/12/13 21:53:22 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
[2011/12/13 21:53:22 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
[2011/12/13 21:53:22 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
[2011/12/13 21:08:15 | 000,001,266 | ---- | C] () -- C:\Users\butler\Desktop\Norton Installation Files.lnk
[2011/12/13 21:06:18 | 000,839,113 | ---- | C] () -- C:\Users\butler\Documents\Order Review.mht
[2011/12/12 17:47:57 | 000,011,094 | -HS- | C] () -- C:\Users\butler\AppData\Local\gxinlh7k4nei2qoa2gfu5x365g4s
[2011/12/12 17:47:57 | 000,011,094 | -HS- | C] () -- C:\ProgramData\gxinlh7k4nei2qoa2gfu5x365g4s
[2011/12/07 07:58:19 | 000,059,717 | ---- | C] () -- C:\Users\butler\Documents\Application Summary Report - FAFSA on the Web - Federal Student Aid.htm
[2011/12/07 07:55:33 | 000,006,402 | ---- | C] () -- C:\Users\butler\Documents\PIN Application Confirmation - Federal Student Aid.htm
[2011/12/03 17:50:23 | 000,074,211 | ---- | C] () -- C:\Users\butler\Desktop\newt.jpg
[2011/12/03 07:20:13 | 000,003,197 | ---- | C] () -- C:\Users\butler\Documents\184260_102621233151961_100002122542277_22937_7574083_n - Shortcut.lnk
[2011/11/27 22:25:53 | 000,000,581 | ---- | C] () -- C:\Users\butler\Desktop\pictures - Shortcut (2).lnk
[2011/11/22 15:50:34 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/07/21 06:28:03 | 000,007,598 | ---- | C] () -- C:\Users\butler\AppData\Local\Resmon.ResmonCfg
[2011/02/25 09:41:37 | 000,001,849 | ---- | C] () -- C:\Users\butler\AppData\Roaming\GhostObjGAFix.xml
[2010/12/23 23:23:07 | 000,005,632 | ---- | C] () -- C:\Users\butler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 18:06:15 | 000,147,416 | ---- | C] () -- C:\Windows\System32\drivers\cbfs.sys
[2010/11/20 09:01:05 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/10/07 00:46:52 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/10/07 00:46:52 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010/08/27 18:25:39 | 000,000,188 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2010/08/27 15:37:24 | 000,000,180 | ---- | C] () -- C:\Windows\System32\HP Documentation.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,267,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,622 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,708 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#12 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 20 December 2011 - 12:04 PM

gringo, don't know what this means but PING.EXE seems to be what is keeping the cpu at 100. thought i'd let you know

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 20 December 2011 - 02:12 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 anji0824

anji0824
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 20 December 2011 - 06:52 PM

hey gringo, i ran the program and here ie the log.i did not take the option to download the the avast program. if i need to , let me know. thanks, anji0824 aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 17:38:03
-----------------------------
17:38:03.855 OS Version: Windows 6.1.7601 Service Pack 1
17:38:03.855 Number of processors: 2 586 0x1C0A
17:38:03.865 ComputerName: BUTLER-PC UserName: butler
17:38:13.365 Initialize success
17:39:30.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:39:30.155 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
17:39:30.185 Disk 0 MBR read successfully
17:39:30.195 Disk 0 MBR scan
17:39:30.205 Disk 0 unknown MBR code
17:39:30.225 Disk 0 scanning sectors +312579760
17:39:30.325 Disk 0 scanning C:\Windows\system32\drivers
17:39:39.125 Service scanning
17:39:41.465 Modules scanning
17:39:45.615 Module: C:\Windows\system32\drivers\cbfs.sys **SUSPICIOUS**
17:39:56.365 Disk 0 trace - called modules:
17:39:56.395 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ce49f10]<<
17:39:56.405 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b3f9c8]
17:39:56.415 3 CLASSPNP.SYS[8705d59e] -> nt!IofCallDriver -> [0x8ce08898]
17:39:56.435 \Driver\00000625[0x8ce089d0] -> IRP_MJ_CREATE -> 0x8ce49f10
17:39:56.455 Scan finished successfully
17:40:54.027 Disk 0 MBR has been saved successfully to "C:\Users\butler\Desktop\MBR.dat"
17:40:54.043 The log file has been saved successfully to "C:\Users\butler\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 20 December 2011 - 08:32 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users