Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Auto Redirect


  • This topic is locked This topic is locked
32 replies to this topic

#1 rohawa

rohawa

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 26 August 2012 - 06:27 PM

Hi! Im new to this forum and well basically new to viruses and malware overall. I use malwarebytes and norton 360 and i've previously never had any issues with my computer regarding malware. Recently what has begun to happen is that my searches on google and right click opens to new tabs are being redirected to other sites.

I first started with my sites being rerouted to: bts.scour.com/html3? (something like that)
Now the sites are being redirected to airsoft.com and some random "search authorization" page

I'm afraid that my computer will be hijacked over time and i'd like to fix these problem soon.

I read about this on another forum on this site but i was unable to understand the process. It would be great to get help in a more simple way ( cause i'm new to this).
Ive also followed the steps for preparation.

Thanks anyone and everyone for helping out if you can!
~Rohawa~


DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ****** at 19:12:42 on 2012-08-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1266 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
C:\Users\Reshma\AppData\Local\Akamai\netsession_win.exe
C:\Users\Reshma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Reshma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Reshma\AppData\Local\Akamai\netsession_win.exe
C:\Users\Reshma\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reshma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - C:\Program Files (x86)\Ipswitch\WS_FTP Home\wsbho2k0.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
uRun: [EPSON Stylus Photo R280 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_S29D4.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\Reshma\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Akamai NetSession Interface] "C:\Users\Reshma\AppData\Local\Akamai\netsession_win.exe"
uRun: [SkyDrive] "C:\Users\Reshma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Spotify Web Helper] "C:\Users\Reshma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Reshma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Reshma\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: bc.edu\apps
Trusted Zone: bc.edu\testapps6
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.200.1
TCP: Interfaces\{3095B13F-9577-4E2D-B445-8C7E4B25FF29} : DhcpNameServer = 192.168.200.1
TCP: Interfaces\{3095B13F-9577-4E2D-B445-8C7E4B25FF29}\2796378616268602 : DhcpNameServer = 192.168.137.1
TCP: Interfaces\{3095B13F-9577-4E2D-B445-8C7E4B25FF29}\94445414022425F402 : DhcpNameServer = 192.168.137.1
TCP: Interfaces\{3095B13F-9577-4E2D-B445-8C7E4B25FF29}\A6B6A6B6A6B6 : DhcpNameServer = 192.168.137.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: WsftpBrowserHelper Class: {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\Ipswitch\WS_FTP Home\wsbho2k0.dll
BHO-X64: Ipswitch.WsftpBrowserHelper - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-8-8 1161376]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSviA64.sys [2012-8-24 512672]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-25 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-1 659976]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-3-8 135952]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-25 655944]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-24 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-25 2533400]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-4-17 2671376]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\Netwsw00.sys --> C:\Windows\system32\DRIVERS\Netwsw00.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-12 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 253600]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-8-11 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-8-11 8456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-10 1432400]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-12 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-4-17 273168]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-26 04:32:48 -------- d-----w- C:\Users\Reshma\AppData\Local\NPE
2012-08-26 02:02:12 -------- d-----w- C:\Users\Reshma\AppData\Roaming\Malwarebytes
2012-08-26 02:01:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-26 02:01:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-26 02:01:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-20 14:51:13 -------- d-----w- C:\Users\Reshma\AppData\Local\{09E18189-CE37-4984-8E6E-C842647FD006}
2012-08-20 14:40:10 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-20 14:28:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-20 14:28:55 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-20 14:28:47 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-20 14:28:40 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-20 14:28:27 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-08-20 14:28:26 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-08-20 14:28:25 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-08-20 14:28:21 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-08-16 01:37:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-16 01:37:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 01:36:57 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 01:36:57 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 01:36:56 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 01:36:56 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 01:36:55 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 01:36:55 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 01:36:55 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 01:36:53 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 01:36:51 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-13 11:06:16 -------- d-----w- C:\Users\Reshma\AppData\Local\{EC0D6320-00F7-4D61-A4F2-61ED6FD791C7}
2012-08-13 10:16:42 -------- d-----w- C:\Users\Reshma\AppData\Local\{4E17B4F1-212B-4D92-86AD-2FC05A42EE92}
2012-08-08 07:34:21 -------- d-----w- C:\Users\Reshma\AppData\Roaming\funkitron
2012-08-06 17:40:12 -------- d-----w- C:\ProgramData\OnlineUpdate
2012-08-06 17:40:12 -------- d-----w- C:\ProgramData\log
2012-08-06 17:22:49 1919968 ----a-w- C:\Windows\System32\wdfcoinstaller01005.dll
2012-08-06 11:04:38 -------- d-----w- C:\Users\Reshma\AppData\Local\{5F28AD82-BCB6-46D7-B30D-43077F57F344}
2012-08-06 10:38:11 -------- d-----w- C:\Users\Reshma\AppData\Roaming\iWin
2012-08-05 14:44:30 -------- d-----w- C:\Users\Reshma\AppData\Local\Facebook
2012-08-03 08:18:41 -------- d-----w- C:\Users\Reshma\.oanda
2012-07-29 12:21:19 -------- d-----w- C:\Users\Reshma\AppData\Local\{950C6D9C-9813-4670-8487-D28BF3B34801}
2012-07-29 12:20:55 -------- d-----w- C:\Users\Reshma\AppData\Local\{F5E8753D-37CA-4D3B-A4CE-DD1826B1DBFC}
.
==================== Find3M ====================
.
2012-08-04 17:04:11 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2012-08-04 17:04:11 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-19 23:40:35 19318784 ----a-w- C:\llvm-rs-cc.exe
2012-06-19 23:40:35 132608 ----a-w- C:\dexdump.exe
2012-06-19 23:40:34 96256 ----a-w- C:\AdbWinApi.dll
2012-06-19 23:40:34 824832 ----a-w- C:\aapt.exe
2012-06-19 23:40:34 70144 ----a-w- C:\fastboot.exe
2012-06-19 23:40:34 60928 ----a-w- C:\AdbWinUsbApi.dll
2012-06-19 23:40:34 2618 ----a-w- C:\dx.bat
2012-06-19 23:40:34 220672 ----a-w- C:\aidl.exe
2012-06-19 23:40:34 162816 ----a-w- C:\adb.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:13:30.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:02 AM

Posted 26 August 2012 - 07:59 PM

Hello rohawa ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


1.
Do you have a USB Flash Drive you can use?

2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 27 August 2012 - 09:43 PM

I have an 8GB Flash drive available to use.

Thanks,
Rohan


MBR Scan

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 21:36:03
-----------------------------
21:36:03.944 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:03.944 Number of processors: 4 586 0x2505
21:36:03.944 ComputerName: GANESHA UserName: Reshma
21:36:05.441 Initialize success
21:38:29.502 AVAST engine defs: 12082800
21:39:37.471 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:39:37.471 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
21:39:37.487 Disk 0 MBR read successfully
21:39:37.487 Disk 0 MBR scan
21:39:37.503 Disk 0 unknown MBR code
21:39:37.503 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:39:37.518 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 447956 MB offset 409600
21:39:37.549 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 28680 MB offset 917823488
21:39:37.581 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
21:39:37.627 Disk 0 scanning C:\Windows\system32\drivers
21:39:53.633 Service scanning
21:40:38.109 Modules scanning
21:40:38.124 Disk 0 trace - called modules:
21:40:38.655 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys Sahdad64.sys iaStor.sys hal.dll
21:40:38.670 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f93790]
21:40:38.670 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80050d1b10]
21:40:38.686 5 hpdskflt.sys[fffff88001dec189] -> nt!IofCallDriver -> [0xfffffa80050cea20]
21:40:38.702 7 Sahdad64.sys[fffff88001dc6e25] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fa5050]
21:40:39.950 AVAST engine scan C:\Windows
21:40:43.382 AVAST engine scan C:\Windows\system32
21:46:43.101 AVAST engine scan C:\Windows\system32\drivers
21:47:11.233 AVAST engine scan C:\Users\Reshma
22:22:29.304 AVAST engine scan C:\ProgramData
22:32:09.679 Scan finished successfully
22:37:23.307 Disk 0 MBR has been saved successfully to "C:\Users\Reshma\Documents\Bleeping Computer\MBR.dat"
22:37:23.323 The log file has been saved successfully to "C:\Users\Reshma\Documents\Bleeping Computer\aswMBR.txt"

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:02 AM

Posted 27 August 2012 - 09:44 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 28 August 2012 - 08:54 AM

On my HP Dv6t-3200 the BIOS isnt showig the advanced bios options... I can pot images of the bio if necessary.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:02 AM

Posted 28 August 2012 - 02:37 PM

On my HP Dv6t-3200 the BIOS isnt showig the advanced bios options... I can pot images of the bio if necessary.



It's not advanced bios options its Advance Boot options. IF that is not there then are you able to burn CDs and / or DVDS?

Edited by fireman4it, 28 August 2012 - 02:38 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 28 August 2012 - 04:08 PM

I have advanced boot options ( in the bios) but all they allow are the ability to change boot order...


I do have DVD's i can burn.

#8 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 28 August 2012 - 07:52 PM

I found system recovery and i will be running the application.

#9 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 28 August 2012 - 08:00 PM

Finally done!

FRST LOG


Scan result of Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 28-08-2012 20:55:56
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-22] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-07-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Reshma\...\Run: [EPSON Stylus Photo R280 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_S29D4.tmp" /EF "HKCU" [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKU\Reshma\...\Run: [Google Update] "C:\Users\Reshma\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-15] (Google Inc.)
HKU\Reshma\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" "/Trigger RunAtLogon" [39816 2011-07-20] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Reshma\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\Reshma\...\Run: [Akamai NetSession Interface] "C:\Users\Reshma\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\Reshma\...\Run: [SkyDrive] "C:\Users\Reshma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [238528 2012-08-18] (Microsoft Corporation)
HKU\Reshma\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Reshma\...\Run: [Spotify Web Helper] "C:\Users\Reshma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-18] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Reshma\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135952 2012-03-08] (Intel® Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-05-01] (Intel Corporation)
2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [2671376 2012-04-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ===================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [1385120 2012-08-21] (Symantec Corporation)
3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120825.001\IDSvia64.sys [512672 2012-08-21] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120828.002\ENG64.SYS [125600 2012-08-21] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120828.002\EX64.SYS [2084000 2012-08-21] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-10-18] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [x]
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [x]
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [x]
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [x]
3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [x]
3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-28 20:55 - 2012-08-28 20:55 - 00000000 ____D C:\FRST
2012-08-28 05:16 - 2012-08-28 05:16 - 01448001 ____A (Farbar) C:\Users\Reshma\Downloads\FRST64.exe
2012-08-27 17:02 - 2012-08-27 17:02 - 00279440 ____A C:\Windows\Minidump\082712-63695-01.dmp
2012-08-27 16:24 - 2012-08-27 16:25 - 04731392 ____A (AVAST Software) C:\Users\Reshma\Downloads\aswMBR.exe
2012-08-26 15:23 - 2012-08-27 18:37 - 00000000 ____D C:\Users\Reshma\Documents\Bleeping Computer
2012-08-26 15:12 - 2012-08-26 15:12 - 00607260 ____R (Swearware) C:\Users\Reshma\Downloads\dds (1).com
2012-08-26 15:02 - 2012-08-26 15:02 - 00607260 ____R (Swearware) C:\Users\Reshma\Downloads\dds.com
2012-08-26 15:00 - 2012-08-26 15:00 - 00050477 ____A C:\Users\Reshma\Downloads\Defogger.exe
2012-08-26 15:00 - 2012-08-26 15:00 - 00000474 ____A C:\Users\Reshma\Downloads\defogger_disable.log
2012-08-26 15:00 - 2012-08-26 15:00 - 00000000 ____A C:\Users\Reshma\defogger_reenable
2012-08-25 20:32 - 2012-08-25 20:33 - 00000000 ____D C:\Users\Reshma\AppData\Local\NPE
2012-08-25 18:02 - 2012-08-25 18:02 - 00000000 ____D C:\Users\Reshma\AppData\Roaming\Malwarebytes
2012-08-25 18:01 - 2012-08-25 18:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-25 18:01 - 2012-08-25 18:01 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-25 18:01 - 2012-08-25 18:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-25 18:01 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-25 18:00 - 2012-08-25 18:01 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Reshma\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-20 06:51 - 2012-08-20 06:51 - 00000000 ____D C:\Users\Reshma\AppData\Local\{09E18189-CE37-4984-8E6E-C842647FD006}
2012-08-20 06:40 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-20 06:29 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-20 06:29 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-20 06:29 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-20 06:29 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-20 06:29 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-20 06:29 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-20 06:29 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-20 06:29 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-20 06:29 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-20 06:29 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-20 06:29 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-20 06:29 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-20 06:29 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-20 06:29 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-20 06:29 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-20 06:29 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-20 06:28 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-20 06:28 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-20 06:28 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-20 06:28 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-20 06:28 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-20 06:28 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-20 06:28 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-20 06:28 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-20 06:28 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-20 06:27 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-20 06:27 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-20 06:27 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-16 04:44 - 2012-08-16 04:44 - 01756216 ____A (Sony) C:\Users\Reshma\Downloads\Code_PMS.exe
2012-08-15 18:13 - 2012-08-15 18:13 - 07758120 ____A (Acresso Software Inc. ) C:\Users\Reshma\Downloads\LG VZW_United_WHQL_v2.5.2 (1).exe
2012-08-15 17:37 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 17:37 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 17:36 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 17:36 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 17:36 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 17:36 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 17:36 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 17:36 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 17:36 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 17:36 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 17:36 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 17:36 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 17:36 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-13 20:49 - 2012-08-13 20:51 - 00000000 ____D C:\Users\Reshma\Desktop\Sanjay Reshma Ring and Wedding
2012-08-13 03:06 - 2012-08-13 03:06 - 00000000 ____D C:\Users\Reshma\AppData\Local\{EC0D6320-00F7-4D61-A4F2-61ED6FD791C7}
2012-08-13 02:16 - 2012-08-13 02:16 - 00000000 ____D C:\Users\Reshma\AppData\Local\{4E17B4F1-212B-4D92-86AD-2FC05A42EE92}
2012-08-09 02:12 - 2012-08-09 02:15 - 00000000 ____D C:\Users\Reshma\Desktop\Rohan FLash backup
2012-08-07 23:34 - 2012-08-07 23:34 - 00000000 ____D C:\Users\Reshma\AppData\Roaming\funkitron
2012-08-06 09:49 - 2012-08-06 09:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_lgandadb_01005.Wdf
2012-08-06 09:40 - 2012-08-07 00:52 - 00000000 ____D C:\Users\All Users\OnlineUpdate
2012-08-06 09:40 - 2012-08-06 09:40 - 00000000 ____D C:\Users\All Users\log
2012-08-06 09:22 - 2010-08-02 03:08 - 01919968 ____A (Microsoft Corporation) C:\Windows\System32\wdfcoinstaller01005.dll
2012-08-06 09:20 - 2012-08-06 09:21 - 07758120 ____A (Acresso Software Inc. ) C:\Users\Reshma\Downloads\LG VZW_United_WHQL_v2.5.2.exe
2012-08-06 03:04 - 2012-08-06 03:04 - 00000000 ____D C:\Users\Reshma\AppData\Local\{5F28AD82-BCB6-46D7-B30D-43077F57F344}
2012-08-06 02:38 - 2012-08-06 02:38 - 00000000 ____D C:\Users\Reshma\AppData\Roaming\iWin
2012-08-05 06:44 - 2012-08-28 16:33 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2614842681-3386433285-529305939-1000UA.job
2012-08-05 06:44 - 2012-08-28 16:33 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2614842681-3386433285-529305939-1000Core.job
2012-08-05 06:44 - 2012-08-05 06:45 - 00000000 ____D C:\Users\Reshma\AppData\Local\Facebook
2012-08-05 06:44 - 2012-08-05 06:44 - 00501248 ____A (Facebook Inc.) C:\Users\Reshma\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-03 00:18 - 2012-08-03 00:18 - 00000000 ____D C:\Users\Reshma\.oanda
2012-07-29 04:36 - 2012-07-29 04:36 - 00000000 ____D C:\Users\Reshma\AppData\Roaming\Mozilla
2012-07-29 04:21 - 2012-07-29 04:21 - 00000000 ____D C:\Users\Reshma\AppData\Local\{950C6D9C-9813-4670-8487-D28BF3B34801}
2012-07-29 04:20 - 2012-07-29 04:21 - 00000000 ____D C:\Users\Reshma\AppData\Local\{F5E8753D-37CA-4D3B-A4CE-DD1826B1DBFC}
2012-07-29 04:13 - 2012-07-29 04:37 - 00000000 ____D C:\Users\Reshma\Desktop\New folder (2)

==================== 3 Months Modified Files ================================

2012-08-28 16:39 - 2010-10-25 00:35 - 02087349 ____A C:\Windows\WindowsUpdate.log
2012-08-28 16:33 - 2012-08-05 06:44 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2614842681-3386433285-529305939-1000UA.job
2012-08-28 16:33 - 2012-08-05 06:44 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2614842681-3386433285-529305939-1000Core.job
2012-08-28 16:33 - 2012-04-20 11:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-28 16:33 - 2011-07-12 14:34 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-28 16:33 - 2011-06-15 17:51 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2614842681-3386433285-529305939-1000UA.job
2012-08-28 09:14 - 2011-06-15 17:51 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2614842681-3386433285-529305939-1000Core.job
2012-08-28 07:56 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-28 07:56 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-28 07:54 - 2009-07-13 21:13 - 00780196 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-28 07:53 - 2009-07-13 20:51 - 00108414 ____A C:\Windows\setupact.log
2012-08-28 06:02 - 2011-07-12 14:34 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-28 06:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 05:16 - 2012-08-28 05:16 - 01448001 ____A (Farbar) C:\Users\Reshma\Downloads\FRST64.exe
2012-08-27 17:02 - 2012-08-27 17:02 - 00279440 ____A C:\Windows\Minidump\082712-63695-01.dmp
2012-08-27 17:02 - 2011-02-27 14:23 - 810045943 ____A C:\Windows\MEMORY.DMP
2012-08-27 16:25 - 2012-08-27 16:24 - 04731392 ____A (AVAST Software) C:\Users\Reshma\Downloads\aswMBR.exe
2012-08-27 16:15 - 2010-12-13 12:25 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-27 06:54 - 2010-10-25 00:39 - 01075814 ____A C:\Windows\PFRO.log
2012-08-27 06:54 - 2009-07-13 20:45 - 00506392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-26 15:12 - 2012-08-26 15:12 - 00607260 ____R (Swearware) C:\Users\Reshma\Downloads\dds (1).com
2012-08-26 15:02 - 2012-08-26 15:02 - 00607260 ____R (Swearware) C:\Users\Reshma\Downloads\dds.com
2012-08-26 15:00 - 2012-08-26 15:00 - 00050477 ____A C:\Users\Reshma\Downloads\Defogger.exe
2012-08-26 15:00 - 2012-08-26 15:00 - 00000474 ____A C:\Users\Reshma\Downloads\defogger_disable.log
2012-08-26 15:00 - 2012-08-26 15:00 - 00000000 ____A C:\Users\Reshma\defogger_reenable
2012-08-25 20:40 - 2010-12-26 12:43 - 00007597 ____A C:\Users\Reshma\AppData\Local\Resmon.ResmonCfg
2012-08-25 18:01 - 2012-08-25 18:01 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-25 18:01 - 2012-08-25 18:00 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Reshma\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-21 16:03 - 2011-06-15 17:52 - 00002453 ____A C:\Users\Reshma\Desktop\Google Chrome.lnk
2012-08-21 09:32 - 2010-12-11 21:06 - 00150096 ____A C:\Users\Reshma\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-20 17:06 - 2011-01-23 11:29 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForGANESHA$.job
2012-08-20 05:59 - 2010-12-11 21:53 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-16 04:44 - 2012-08-16 04:44 - 01756216 ____A (Sony) C:\Users\Reshma\Downloads\Code_PMS.exe
2012-08-15 18:13 - 2012-08-15 18:13 - 07758120 ____A (Acresso Software Inc. ) C:\Users\Reshma\Downloads\LG VZW_United_WHQL_v2.5.2 (1).exe
2012-08-15 08:54 - 2011-08-08 11:14 - 00001123 ____A C:\WildTangent Games App - hp.lnk
2012-08-15 08:54 - 2011-08-08 11:13 - 00002520 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2012-08-07 04:32 - 2010-12-16 20:54 - 00000499 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-08-06 09:49 - 2012-08-06 09:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_lgandadb_01005.Wdf
2012-08-06 09:43 - 2012-02-09 16:18 - 00002441 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-08-06 09:43 - 2012-02-09 16:18 - 00001151 ____A C:\WildTangent Games App - wildgames.lnk
2012-08-06 09:39 - 2012-07-24 04:22 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForReshma.job
2012-08-06 09:21 - 2012-08-06 09:20 - 07758120 ____A (Acresso Software Inc. ) C:\Users\Reshma\Downloads\LG VZW_United_WHQL_v2.5.2.exe
2012-08-05 06:44 - 2012-08-05 06:44 - 00501248 ____A (Facebook Inc.) C:\Users\Reshma\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-04 09:04 - 2012-07-18 09:07 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2012-08-04 09:04 - 2012-07-18 09:07 - 01490656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfCoInstaller01007.dll
2012-07-30 00:50 - 2011-01-09 10:29 - 00002377 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-07-24 04:21 - 2011-10-31 15:40 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-18 10:15 - 2012-08-15 17:36 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-18 09:07 - 2012-07-18 09:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2012-07-08 07:40 - 2012-07-08 07:40 - 00002092 ____A C:\Users\Public\Desktop\Stat 5.6.0.lnk
2012-07-08 07:32 - 2012-07-08 07:32 - 00000181 ____A C:\Windows\ODBCINST.INI
2012-07-08 07:32 - 2012-07-08 07:32 - 00000148 ____A C:\Windows\ODBC.INI
2012-07-08 07:13 - 2012-07-08 07:04 - 684581290 ____A C:\Users\Reshma\Downloads\win32_11gR2_client.zip
2012-07-08 05:38 - 2012-07-08 05:38 - 00001819 ____A C:\Users\Reshma\Downloads\tnsnames___peoplesoft_portal.zip
2012-07-07 10:42 - 2012-07-07 10:42 - 00002250 ____A C:\Users\Public\Desktop\SSH Secure File Transfer Client.lnk
2012-07-07 10:42 - 2012-07-07 10:42 - 00001292 ____A C:\Users\Public\Desktop\SSH Secure Shell Client.lnk
2012-07-07 10:39 - 2012-07-07 10:39 - 00001933 ____A C:\Users\Public\Desktop\WS_FTP Home.lnk
2012-07-07 10:35 - 2012-07-07 10:35 - 00000056 ____A C:\Windows\setup.log
2012-07-06 12:07 - 2012-08-20 06:40 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-15 17:36 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 17:36 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 17:36 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 17:36 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 17:36 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 09:46 - 2012-08-25 18:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 20:55 - 2012-08-20 06:27 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-20 06:27 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-20 06:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-20 06:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:49 - 2012-08-20 06:28 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:48 - 2012-08-20 06:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-20 06:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-20 06:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-20 06:28 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-20 06:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-20 06:29 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-20 06:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-20 06:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-20 06:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-20 06:28 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-20 06:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-20 06:28 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-20 06:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:09 - 2012-08-20 06:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:08 - 2012-08-20 06:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-20 06:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-20 06:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-20 06:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:04 - 2012-08-20 06:28 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:01 - 2012-08-20 06:29 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-20 06:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-20 06:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-20 06:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 20:40 - 2012-06-27 20:40 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2012-06-27 20:39 - 2010-10-25 00:32 - 00058380 ____A C:\Windows\DPINST.LOG
2012-06-27 20:35 - 2012-06-27 20:34 - 73983864 ____A (Intel® Corporation) C:\Users\Reshma\Downloads\Wireless_15.1.1_s64.exe
2012-06-26 09:12 - 2012-06-26 09:12 - 01355960 ____A C:\Users\Reshma\Downloads\rainmeter-2.3.exe
2012-06-19 15:40 - 2012-07-21 08:38 - 19318784 ____A C:\llvm-rs-cc.exe
2012-06-19 15:40 - 2012-07-21 08:38 - 00824832 ____A C:\aapt.exe
2012-06-19 15:40 - 2012-07-21 08:38 - 00377618 ____A C:\NOTICE.txt
2012-06-19 15:40 - 2012-07-21 08:38 - 00220672 ____A C:\aidl.exe
2012-06-19 15:40 - 2012-07-21 08:38 - 00132608 ____A C:\dexdump.exe
2012-06-19 15:40 - 2012-07-21 08:38 - 00096256 ____A (Google, inc) C:\AdbWinApi.dll
2012-06-19 15:40 - 2012-07-21 08:38 - 00070144 ____A C:\fastboot.exe
2012-06-19 15:40 - 2012-07-21 08:38 - 00060928 ____A (Google, inc) C:\AdbWinUsbApi.dll
2012-06-19 15:40 - 2012-07-21 08:38 - 00002618 ____A C:\dx.bat
2012-06-19 15:40 - 2012-07-21 08:38 - 00000207 ____A C:\source.properties
2012-06-19 15:40 - 2012-07-21 08:35 - 00162816 ____A C:\adb.exe
2012-06-19 15:40 - 2012-06-19 15:38 - 97290250 ____A C:\Users\Reshma\Downloads\eclipse-java-galileo-SR2-win32.zip
2012-06-19 15:38 - 2012-06-19 15:37 - 37456234 ____A (Google Inc.) C:\Users\Reshma\Downloads\installer_r18-windows.exe
2012-06-19 13:25 - 2012-06-19 13:24 - 25362145 ____A C:\Users\Reshma\Downloads\Guide to Quincy High.zip
2012-06-15 21:00 - 2012-01-21 21:26 - 00001019 ____A C:\Users\Reshma\Desktop\Dropbox.lnk
2012-06-15 12:29 - 2012-06-15 11:58 - 2615529472 ____A C:\Users\Reshma\Downloads\Windows8-ReleasePreview-32bit-English (1).iso
2012-06-15 10:49 - 2012-06-15 10:49 - 00002522 ____A C:\Users\Reshma\Desktop\Windows 7 USB DVD Download Tool.lnk
2012-06-15 10:19 - 2012-06-15 10:46 - 3515703296 ____A C:\Users\Reshma\Desktop\Windows8-ReleasePreview-64bit-English.iso
2012-06-14 23:52 - 2012-06-14 20:03 - 732213248 ____A C:\Users\Reshma\Desktop\ubuntu-12.04-desktop-amd64.iso
2012-06-14 20:02 - 2012-06-14 20:02 - 01038684 ____A (pendrivelinux.com) C:\Users\Reshma\Downloads\Universal-USB-Installer-1.9.0.1.exe
2012-06-13 16:22 - 2012-06-13 16:22 - 00470250 ____A C:\Users\Reshma\Downloads\Welcome to Central Middle Schoolflyup.pptm
2012-06-12 20:40 - 2012-06-19 15:31 - 08835792 ____A C:\Users\Reshma\Desktop\Quincy High School.apk
2012-06-12 14:26 - 2012-06-12 13:44 - 3515703296 ____A C:\Users\Reshma\Downloads\Windows8-ReleasePreview-64bit-English.iso
2012-06-12 13:46 - 2012-06-12 13:46 - 02721168 ____A (Microsoft Corporation) C:\Users\Reshma\Downloads\Windows7-USB-DVD-tool (1).exe
2012-06-12 13:45 - 2012-06-12 13:45 - 02721168 ____A (Microsoft Corporation) C:\Users\Reshma\Downloads\Windows7-USB-DVD-tool.exe
2012-06-08 21:43 - 2012-07-18 08:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-18 08:59 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-18 09:09 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-18 09:09 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-18 09:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-18 09:09 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-18 09:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-18 09:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 19:09 - 2012-06-04 19:09 - 00001121 ____A C:\Users\Reshma\Desktop\JPG to PDF Converter.lnk
2012-06-04 19:08 - 2012-06-04 19:08 - 02525169 ____A (PDF-TIFF-Tools.com) C:\Users\Reshma\Downloads\JPG-to-PDF-Converter-Setup.exe
2012-06-04 19:08 - 2012-06-04 19:08 - 00463080 ____A (CNET Download.com) C:\Users\Reshma\Downloads\cnet_JPG-to-PDF-Converter-Setup_exe.exe
2012-06-04 19:02 - 2012-06-04 19:01 - 112329951 ____A C:\Users\Reshma\Desktop\Vocab and notes.zip
2012-06-04 15:11 - 2012-06-04 15:11 - 00001274 ____A C:\Users\Reshma\Desktop\Install PC Inspector File Recovery.lnk
2012-06-04 15:07 - 2012-06-04 15:09 - 06113439 ____A (InstallShield Software Corporation) C:\Users\Reshma\Downloads\pci_filerecovery.exe
2012-06-04 12:17 - 2012-06-04 12:17 - 00463080 ____A (CNET Download.com) C:\Users\Reshma\Downloads\cnet2_pci_filerecovery_exe (2).exe
2012-06-04 12:14 - 2012-06-04 12:14 - 00463080 ____A (CNET Download.com) C:\Users\Reshma\Downloads\cnet2_pci_filerecovery_exe (1).exe
2012-06-04 12:12 - 2012-06-04 12:12 - 00463080 ____A (CNET Download.com) C:\Users\Reshma\Downloads\cnet2_pci_filerecovery_exe.exe
2012-06-02 14:19 - 2012-06-22 06:26 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 06:26 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 06:26 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 06:25 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 06:25 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 06:26 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 06:25 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-22 06:25 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-22 06:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-18 08:59 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-18 08:59 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-18 08:59 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-18 08:59 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-18 08:59 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-18 08:59 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-18 08:59 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-18 08:59 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-18 08:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-23 09:49:29
Restore point made on: 2012-08-23 14:52:09
Restore point made on: 2012-08-23 17:22:19
Restore point made on: 2012-08-25 23:01:45
Restore point made on: 2012-08-27 06:59:53
Restore point made on: 2012-08-27 12:22:24

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3893.86 MB
Available physical RAM: 3083.5 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3087.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:437.46 GB) (Free:198.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:28.01 GB) (Free:4.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive i: (PENDRIVE) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7657 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 437 GB 200 MB
Partition 3 Primary 28 GB 437 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 437 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RECOVERY NTFS Partition 28 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I PENDRIVE FAT32 Removable 7655 MB Healthy

==================================================================================

Last Boot: 2012-08-19 06:41

==================== End Of Log =============================

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:02 AM

Posted 28 August 2012 - 08:35 PM

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDSSKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 29 August 2012 - 08:24 AM

I ran TDSS Killer but i cant seem to figure out how to disable my Norton Security Suite.

I did disable Malwarebytes though.

#12 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 29 August 2012 - 03:47 PM

I disabled my antivirus and ran combofix. The computer is still redirecting the websites to another website.

Also i recieved 2 logs from TDSS. The logs didint fit the post so I will attach the documents

Edited by rohawa, 29 August 2012 - 03:48 PM.


#13 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 29 August 2012 - 03:48 PM

Woops didnt attach the file.

Attached Files



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:02 AM

Posted 29 August 2012 - 04:51 PM

1.
Is it redirecting in all your browsers or just one of them? Internet Explorer, Firefox, Chrome?


2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 rohawa

rohawa
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 30 August 2012 - 10:08 PM

I ran RK. OTL is repeatedly deleted by Norton Security Suite ( I receive no options to restore it).
I have also noticed that anything that is connected to a DivX plugin is being replaced with an ad.
Also a random extension is showing up in chrome ( shows up even if i delete it and restart the browser, when this extension is removed the browser does not redirect). IE is still redirecting.


RKLog


RogueKiller V8.0.1 [08/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Reshma [Admin rights]
Mode : Scan -- Date : 08/30/2012 22:37:25

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SkyDrive.exe -- C:\Users\Reshma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SkyDrive ("C:\Users\Reshma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2614842681-3386433285-529305939-1000[...]\Run : SkyDrive ("C:\Users\Reshma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4789 : wscript.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 4a148ffba368bee53449ee2b60fc1a1f
[BSP] 91d1db366e4ca320737f261887f1c55c : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 447956 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 917823488 | Size: 28680 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by rohawa, 30 August 2012 - 10:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users