Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phising Invasion - cleaned but is it ok?


  • This topic is locked This topic is locked
7 replies to this topic

#1 jumpstart

jumpstart

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 17 March 2011 - 11:52 PM

Hi,

I inadvertantly clicked on a phising link.

I used Malwarebye to scan and found Trojan.scar in a restore location. I run MWB at least weekly.

AVG identified cmd.cfxxe on its own/automatically as an alert so I quarantined it.

The phising link just showed a blank screen with "Coming Soon".

I ran the MWB and AVG again, changed bank account details and any stored finance pw.

To be sure, I know this is wrong, but ran Combofix but took no other action, maybe it cleared out anything left. Combo definitely advised it removed g2mdlhlpx.exe which is apparently/could be a HotComm prpgram. I don't care I'll remove HotComm and reload.

My only question is...am I clean now?

There are no obvious problems or anything remotely unusual.

Thx, I hope I don't take too much of your time.
-----------------------------------------------------------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by peterw at 12:24:31.69 on Fri 18/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3062.2073 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
D:\Program Files\Business-in-a-Box\BIBLauncher.exe
D:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - Skype add-on (mastermind)
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - d:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000325.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [BIBLauncher] d:\program files\business-in-a-box\BIBLauncher.exe
uRun: [Copernic Desktop Search - Home] "d:\program files\copernic desktop search - home\DesktopSearchService.exe" /tray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE\Classes
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\SOFTWARE\Classes\CLSID
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ProgID
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}\SOFTWARE
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}\SOFTWARE\Classes
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}\SOFTWARE\Classes\CLSID
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}\ProgID
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F}\SOFTWARE
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F}\SOFTWARE\Classes
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F}\SOFTWARE\Classes\CLSID
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F}
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F}\ProgID
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07}\SOFTWARE
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07}\SOFTWARE\Classes
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07}\SOFTWARE\Classes\CLSID
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07}\ProgID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\SOFTWARE\Classes\CLSID
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ProgID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes\CLSID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\ProgID
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\SOFTWARE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\SOFTWARE\Classes
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\SOFTWARE\Classes\CLSID
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\ProgID
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: sigra.com.au\mail
Trusted Zone: sigra.com.au\www
Trusted Zone: westpac.com.au\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://supportapj.dell.com/systemprofiler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260651026939
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255678196978
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {3BDB4621-A34F-4741-9FC2-D83C095E7D07} = 211.29.132.12 61.88.88.88
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\peterw\applic~1\mozilla\firefox\profiles\v2h6sn6l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: d:\program files\copernic desktop search - home\firefox36connector\components\CSPXPCOMBridge.dll
FF - component: d:\program files\copernic desktop search - home\toolbar\firefoxcontainer\components\CCLCXPCOMBridge.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\program files\common-use signing interface\bin\npCsiPlugin.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: CopernicDesktop Search - Home Connector: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0} - d:\program files\copernic desktop search - home\Firefox36Connector
FF - Ext: CopernicDesktop Search - Home Toolbar: {C947A5EF-A041-443B-AE55-4CC7C15A9C9A} - d:\program files\copernic desktop search - home\toolbar\FirefoxContainer
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-9-19 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-9-19 20616]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-5-8 229376]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-12-31 222456]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-9-19 122504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-1-19 117504]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-1-19 63616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-2-18 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-2-18 43608]
S2 gupdate1cafc70eaa54c9e;Google Update Service (gupdate1cafc70eaa54c9e);c:\program files\google\update\GoogleUpdate.exe [2010-5-26 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-6-29 8704]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-9-19 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-6-29 3072]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-5-28 7680]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [2009-9-22 25856]
S4 cpuz132;cpuz132; [x]
.
=============== Created Last 30 ================
.
2011-03-17 15:52:01 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-17 14:24:41 -------- d-sha-r- C:\cmdcons
2011-03-17 14:21:25 98816 ----a-w- c:\windows\sed.exe
2011-03-17 14:21:25 89088 ----a-w- c:\windows\MBR.exe
2011-03-17 14:21:25 256512 ----a-w- c:\windows\PEV.exe
2011-03-17 14:21:25 161792 ----a-w- c:\windows\SWREG.exe
2011-03-08 05:03:38 3584 ----a-r- c:\docume~1\peterw\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-03-08 05:03:38 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-03-08 05:02:18 -------- d-----w- c:\docume~1\peterw\applic~1\GetRightToGo
2011-02-27 07:11:22 94208 ----a-w- c:\windows\ArcSoft Slide Show.scr
2011-02-27 07:11:22 102400 ----a-w- c:\windows\Asalbum.dll
2011-02-27 07:10:41 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-27 07:10:41 -------- d-----w- c:\documents and settings\peterw\WINDOWS
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:30:46.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 PM

Posted 23 March 2011 - 09:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 jumpstart

jumpstart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 24 March 2011 - 12:40 AM

Hi Mole,

Thanks for your attention.

A bit of water flowed under the bridge since I posted, inclidong a ew firefox 4.0 installation. I haven't noticed anything objectionable...just wanted to make sure.

Hopefully this is a quick task for you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 PM

Posted 24 March 2011 - 04:37 PM

Looks like a quick task. We'll see. :wink:

Please run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#5 jumpstart

jumpstart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 24 March 2011 - 08:15 PM

Ok, done see attached.

The nasty on D:drive are either in Download which is my general use current for all down loads,

and other nasties in "Laptop GC' and "Goodwin" are contained in historical files uploaded from an old lap top and an old desk top to this new (bigger drive) laptop...implication they were there a long time.

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 PM

Posted 24 March 2011 - 08:50 PM

More importantly the C drive is clean.

I think you're good to go, jumpstart. This topic stays open for five days, if anything does happen then post and we can take it from there - but personally I can't see that happening :)
Posted Image
m0le is a proud member of UNITE

#7 jumpstart

jumpstart
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 24 March 2011 - 08:52 PM

thanks mole. you can close it.. All good. Thx for help.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 PM

Posted 24 March 2011 - 08:54 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users