Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log for MS Removal Tool


  • Please log in to reply
7 replies to this topic

#1 604newbie

604newbie

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 01 May 2011 - 04:39 AM

I'm very sorry to bother the experts here but recently this "MS Removal Tool" (fake malware) popped up of nowhere and froze everything I was doing (i.e. couldn't use internet, etc.)

I tried to resolve this issue on my own by entering safemode, running RKill, then running the latest version of Malwarebytes. However, Malwarebytes did not detect anything. I tried to avoid asking for help so I searched and searched and found ComboFix. I ran it and it deleted a few files.

ComboFix restarted my computer and everything seems to be in working order. However, I read that ComboFix shouldn't be used by newbies and that the log should be checked by experts. Well, I just wanted to make sure all the virus/malware on my computer is removed because I do use credit cards on my laptop.

EDIT: I finished reading the introduction post of the forums so I pasted the DDS.txt below and attached the Attached.txt as well as Ark.txt.

The DDS.txt file is pasted below. I also attached the ComboFix log just in case (it was ran in safemode).

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gordon at 2:55:53.67 on Sun 05/01/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1798 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ASUS.SYS\DVMExportService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Desksware\Desktop iCal\Calendar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Gordon\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=asus&bmod=asus
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [iCalendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
Trusted Zone: ubc.ca\www.vista
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\acaptuser32.dll c:\progra~1\sophos\sophos~1\sophos_detoured.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\g1pkba56.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-3-25 15416]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2011-4-27 122360]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2011-4-27 31736]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-25 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-25 234888]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [2008-12-19 311296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-11-15 583640]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-4-27 167960]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-4-27 99864]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2011-4-27 232472]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-8-12 5120]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-4-27 1543192]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-9 48128]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-3-25 230952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2010-5-8 857600]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-6 6656]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-4-27 24312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2010-9-11 645120]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-25 30192]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-3-12 22536]
.
=============== Created Last 30 ================
.
2011-05-01 09:30:04 -------- d-----w- c:\users\gordon\appdata\local\{6497E223-DC2A-437B-91CB-A26989441376}
2011-05-01 09:24:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-01 09:24:30 -------- d-----w- c:\users\gordon\appdata\local\temp
2011-05-01 09:12:38 98816 ----a-w- c:\windows\sed.exe
2011-05-01 09:12:38 89088 ----a-w- c:\windows\MBR.exe
2011-05-01 09:12:38 256512 ----a-w- c:\windows\PEV.exe
2011-05-01 09:12:38 161792 ----a-w- c:\windows\SWREG.exe
2011-04-30 20:41:09 -------- d-----w- c:\users\gordon\appdata\local\{57BAEEEB-0C63-4738-B5BD-DDFA14548EFC}
2011-04-30 08:40:28 -------- d-----w- c:\users\gordon\appdata\local\{FB83C8C0-D033-4BB5-A6BC-FE2C16EA3590}
2011-04-29 20:39:53 -------- d-----w- c:\users\gordon\appdata\local\{C49CA071-D734-4FAC-86B4-E60B5CB9BF55}
2011-04-29 08:35:07 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2c4b47ee-d907-4953-8ab6-633c29408b70}\mpengine.dll
2011-04-28 23:20:15 -------- d-----w- c:\users\gordon\appdata\local\{8163001D-9C1F-4642-B6DF-BEF91D3D2F63}
2011-04-28 08:21:46 -------- d-----w- c:\users\gordon\appdata\local\{AF54A208-BE0E-4D6F-943A-8B801A95FD03}
2011-04-28 03:18:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 03:18:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 03:18:15 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 02:31:50 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-04-28 02:31:26 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2011-04-28 02:30:55 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-04-28 02:30:14 122360 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-04-27 20:21:19 -------- d-----w- c:\users\gordon\appdata\local\{A5E6AA26-D84B-48AF-B7D3-027CDD884FEA}
2011-04-27 00:17:54 -------- d-----w- c:\users\gordon\appdata\local\{ECEB7546-19D8-4A12-B95A-73887E115C07}
2011-04-26 01:31:11 -------- d-----w- c:\users\gordon\appdata\local\{62A3478F-271F-4DE5-83A4-B690E057FF39}
2011-04-25 10:52:33 -------- d-----w- c:\users\gordon\appdata\local\{499D5658-C1DE-4F57-970B-47566CD37B90}
2011-04-25 08:12:10 -------- d-----w- c:\users\gordon\appdata\local\DDMSettings
2011-04-24 22:51:36 -------- d-----w- c:\users\gordon\appdata\local\{A19909CB-BDF5-4AA6-869A-1125B3CAF958}
2011-04-23 21:27:19 -------- d-----w- c:\users\gordon\appdata\local\{F0068966-A8B2-41F4-9545-8F34D9E8A4BE}
2011-04-22 23:24:47 -------- d-----w- c:\users\gordon\appdata\local\{04F841EB-83BB-4D5C-B870-68D6F059E9E6}
2011-04-22 08:29:34 -------- d-----w- c:\users\gordon\appdata\local\{3DA63F5D-2FF1-433B-B950-387E1A9592E4}
2011-04-21 20:28:54 -------- d-----w- c:\users\gordon\appdata\local\{22DF3CE4-95CA-411A-8701-8767183BF78B}
2011-04-21 07:29:14 -------- d-----w- c:\users\gordon\appdata\local\{AE855623-5124-4D7E-9FFB-A5EA4065A545}
2011-04-21 07:04:34 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-04-21 07:03:49 -------- d-----w- c:\program files\common files\DivX Shared
2011-04-21 07:02:49 -------- d-----w- c:\program files\DivX
2011-04-21 07:02:25 -------- d-----w- c:\progra~2\DivX
2011-04-20 19:28:49 -------- d-----w- c:\users\gordon\appdata\local\{23CACE6B-54FB-4DCE-A881-DD320BF72801}
2011-04-20 07:28:09 -------- d-----w- c:\users\gordon\appdata\local\{349EA1D2-6B45-4717-A58A-8C8EED60F2A5}
2011-04-19 19:27:42 -------- d-----w- c:\users\gordon\appdata\local\{D399A5E2-AD9F-4A88-9B3E-50D0DACC01A9}
2011-04-19 06:59:28 -------- d-----w- c:\users\gordon\appdata\local\{2A5A4A0E-75B1-42A7-9D3F-496C3B3C0898}
2011-04-18 18:58:58 -------- d-----w- c:\users\gordon\appdata\local\{23C1ECC2-A435-4EE2-8A4C-6534B47A639B}
2011-04-18 05:41:18 -------- d-----w- c:\users\gordon\appdata\local\{6C67713D-29B4-4EC7-B36C-5E4AD8C1797E}
2011-04-17 17:40:53 -------- d-----w- c:\users\gordon\appdata\local\{5911B811-30ED-4261-8CAD-55C2ACEE5458}
2011-04-17 05:40:27 -------- d-----w- c:\users\gordon\appdata\local\{4F2D05AA-0B12-4872-BEDB-E2656B15628F}
2011-04-16 17:39:52 -------- d-----w- c:\users\gordon\appdata\local\{FC341ED7-810F-4189-9E55-188BF55E4802}
2011-04-15 22:25:33 -------- d-----w- c:\users\gordon\appdata\local\{7377B0E4-4412-43C6-B5EC-864ACA6C11E5}
2011-04-15 05:12:52 -------- d-----w- c:\users\gordon\appdata\local\{FB256337-2B21-4779-9B45-D8A101EB2C5E}
2011-04-14 17:12:27 -------- d-----w- c:\users\gordon\appdata\local\{FB0C0456-381D-43D6-A9E2-3E35824F0B37}
2011-04-14 05:43:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-14 05:10:56 -------- d-----w- c:\users\gordon\appdata\local\{52CCEC9A-F536-41C6-86D8-BE4B1A89A951}
2011-04-13 14:47:17 -------- d-----w- c:\users\gordon\appdata\local\{27546969-6CB7-4535-948A-DAE377259BB0}
2011-04-13 02:46:09 -------- d-----w- c:\users\gordon\appdata\local\{0FD8BAAD-1DAE-443B-A14B-223A72B64256}
2011-04-12 14:44:57 -------- d-----w- c:\users\gordon\appdata\local\{37BA3781-A361-4A93-BA7E-823FE98E5A24}
2011-04-12 00:40:15 -------- d-----w- c:\users\gordon\appdata\local\{7D7FBBCD-6E59-4EB9-8D1F-A5777C33E1EC}
2011-04-11 06:09:08 -------- d-----w- c:\users\gordon\appdata\local\{23439AD8-23B5-423C-BFCB-811638C239E6}
2011-04-10 18:08:37 -------- d-----w- c:\users\gordon\appdata\local\{5A0ED2C0-6B01-4249-ADC1-6F64763C1E65}
2011-04-10 02:01:20 -------- d-----w- c:\users\gordon\appdata\local\{053675EC-6CB1-4BE4-AB3D-6C1597889340}
2011-04-09 11:52:33 -------- d-----w- c:\users\gordon\appdata\local\{6D83B916-D657-44F9-9E22-DB475735777F}
2011-04-08 23:52:07 -------- d-----w- c:\users\gordon\appdata\local\{D2FC6035-78B6-4FA2-9E7E-96067B42F388}
2011-04-08 11:50:50 -------- d-----w- c:\users\gordon\appdata\local\{DF09257F-0ACE-4706-8C9A-DA3C5FA92892}
2011-04-06 11:08:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-06 11:08:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-04-06 11:06:45 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-04-06 11:00:26 -------- d-----w- c:\program files\Bonjour
2011-04-06 08:10:27 -------- d-----w- c:\users\gordon\appdata\local\{9D800B27-F614-46A0-8014-7AFFD1C059A6}
2011-04-05 07:06:17 -------- d-----w- c:\users\gordon\appdata\local\{01E78261-C986-4E83-98FE-0D4FC358039C}
2011-04-04 01:28:16 -------- d-----w- c:\users\gordon\appdata\local\{70C9B468-A9BF-475A-B3C1-95543947FBB9}
2011-04-03 01:23:48 -------- d-----w- c:\users\gordon\appdata\local\{90FE7A2F-8FFD-4BFF-83DE-9F27F4E4AD70}
2011-04-02 09:23:48 -------- d-----w- c:\users\gordon\appdata\local\{3EF9E730-1E4D-465D-82D5-4BC21D19CAE2}
2011-04-01 21:23:18 -------- d-----w- c:\users\gordon\appdata\local\{A32316C1-87D3-4679-A422-2E9E5E49F8A9}
.
==================== Find3M ====================
.
2011-05-01 09:27:33 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-04-28 02:32:55 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2008-10-14 21:57:58 106496 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 2:57:53.32 ===============

Attached Files


Edited by 604newbie, 01 May 2011 - 04:50 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:11 PM

Posted 09 May 2011 - 12:13 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 604newbie

604newbie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 09 May 2011 - 11:51 PM

Detailed Description

A week ago, I was surfing the net and then this fake security icon popped up on the icon bar at the bottom of my screen and started "fake" scanning my computer saying it has viruses. I knew this was fake so I tried to close it but couldn't. I was also unable to use my web browser and the computer was running extremely slowly. The fake scanner was called "MS Removal Tool."

At this point, I looked for removal methods and to clean the computer on a separate computer. I followed a guide on bleeping computer to do this. I ran "RKill" in safe mode with networking, then followed that with Malwarebytes. The Malwarebytes scan revealed no viruses which surprised me because the guide said there should be something to delete or clean. I, then ran ComboFix, restarted my computer and everything seemed to be in working order.

Right now, I just want to make sure there are no keyloggers or viruses on my computer because I use my credit card and personal information on this computer. I'm not in too much of a hurry so you don't have to rush. I hope it's not too much trouble to check this. Thanks.

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gordon at 20:34:19.24 on Mon 05/09/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1718 [GMT -7:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ASUS.SYS\DVMExportService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Desksware\Desktop iCal\Calendar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gordon\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=asus&bmod=asus
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [iCalendar] c:\program files\desksware\desktop ical\Calendar.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
Trusted Zone: ubc.ca\www.vista
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\acaptuser32.dll c:\progra~1\sophos\sophos~1\sophos_detoured.dll,c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\g1pkba56.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-3-25 15416]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2011-5-4 123680]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2011-4-27 31736]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-25 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-25 234888]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [2008-12-19 311296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-11-15 583640]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-4-27 167960]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-4-27 99864]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2011-4-27 232472]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2007-8-12 5120]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-4-27 1543192]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-9 48128]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-3-25 230952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2010-5-8 857600]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-6 6656]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-4-27 24312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2010-9-11 645120]
S4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-25 30192]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-3-12 22536]
.
=============== Created Last 30 ================
.
2011-05-09 21:37:30 -------- d-----w- c:\users\gordon\appdata\local\{D9B9A362-4378-4E3D-BC12-BD36BEB186FF}
2011-05-09 09:36:52 -------- d-----w- c:\users\gordon\appdata\local\{2F7B62C0-872A-432D-BF86-30C5001F19BD}
2011-05-08 21:36:20 -------- d-----w- c:\users\gordon\appdata\local\{2DCC3E5B-84D1-4D16-AFCE-264BE8919373}
2011-05-08 06:53:45 -------- d-----w- c:\users\gordon\appdata\local\{084C2965-3C24-4E39-97E6-CF364C68D288}
2011-05-07 18:53:14 -------- d-----w- c:\users\gordon\appdata\local\{470C0055-BFD8-4B4D-B736-882BBDF64B53}
2011-05-06 23:27:53 -------- d-----w- c:\users\gordon\appdata\local\{06F7836A-0D06-4F36-9CC3-A68C2A283FFB}
2011-05-06 23:18:48 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e44d9956-5608-46fe-890d-5919119e66e8}\mpengine.dll
2011-05-05 20:53:26 -------- d-----w- c:\users\gordon\appdata\local\{77501C64-7775-4D85-931A-2269302F8FD1}
2011-05-05 01:11:07 -------- d-----w- c:\users\gordon\appdata\local\{5F6CD744-BE8C-43DC-85CE-EF3E0AA7217E}
2011-05-04 21:41:46 123680 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-05-03 21:19:23 -------- d-----w- c:\users\gordon\appdata\local\{16B7AD0A-58FB-4426-82AE-16D2705EEAE9}
2011-05-03 00:31:23 -------- d-----w- c:\users\gordon\appdata\local\{5E614AC1-4F94-4E8A-9D37-F0414243FF3A}
2011-05-02 09:32:36 -------- d-----w- c:\users\gordon\appdata\local\{9B9CA669-38AA-4604-865C-CF5E540D867E}
2011-05-01 21:32:11 -------- d-----w- c:\users\gordon\appdata\local\{D13B2159-B681-4928-86A0-812305FB8CB5}
2011-05-01 12:14:22 100480 ----a-w- C:\fgliapob.sys
2011-05-01 09:30:04 -------- d-----w- c:\users\gordon\appdata\local\{6497E223-DC2A-437B-91CB-A26989441376}
2011-05-01 09:24:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-01 09:24:30 -------- d-----w- c:\users\gordon\appdata\local\temp
2011-05-01 09:12:38 98816 ----a-w- c:\windows\sed.exe
2011-05-01 09:12:38 89088 ----a-w- c:\windows\MBR.exe
2011-05-01 09:12:38 256512 ----a-w- c:\windows\PEV.exe
2011-05-01 09:12:38 161792 ----a-w- c:\windows\SWREG.exe
2011-04-30 20:41:09 -------- d-----w- c:\users\gordon\appdata\local\{57BAEEEB-0C63-4738-B5BD-DDFA14548EFC}
2011-04-30 08:40:28 -------- d-----w- c:\users\gordon\appdata\local\{FB83C8C0-D033-4BB5-A6BC-FE2C16EA3590}
2011-04-29 20:39:53 -------- d-----w- c:\users\gordon\appdata\local\{C49CA071-D734-4FAC-86B4-E60B5CB9BF55}
2011-04-28 23:20:15 -------- d-----w- c:\users\gordon\appdata\local\{8163001D-9C1F-4642-B6DF-BEF91D3D2F63}
2011-04-28 08:21:46 -------- d-----w- c:\users\gordon\appdata\local\{AF54A208-BE0E-4D6F-943A-8B801A95FD03}
2011-04-28 03:18:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 03:18:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 03:18:15 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 02:31:50 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-04-28 02:31:26 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2011-04-28 02:30:55 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-04-27 20:21:19 -------- d-----w- c:\users\gordon\appdata\local\{A5E6AA26-D84B-48AF-B7D3-027CDD884FEA}
2011-04-27 00:17:54 -------- d-----w- c:\users\gordon\appdata\local\{ECEB7546-19D8-4A12-B95A-73887E115C07}
2011-04-26 01:31:11 -------- d-----w- c:\users\gordon\appdata\local\{62A3478F-271F-4DE5-83A4-B690E057FF39}
2011-04-25 10:52:33 -------- d-----w- c:\users\gordon\appdata\local\{499D5658-C1DE-4F57-970B-47566CD37B90}
2011-04-25 08:12:10 -------- d-----w- c:\users\gordon\appdata\local\DDMSettings
2011-04-24 22:51:36 -------- d-----w- c:\users\gordon\appdata\local\{A19909CB-BDF5-4AA6-869A-1125B3CAF958}
2011-04-23 21:27:19 -------- d-----w- c:\users\gordon\appdata\local\{F0068966-A8B2-41F4-9545-8F34D9E8A4BE}
2011-04-22 23:24:47 -------- d-----w- c:\users\gordon\appdata\local\{04F841EB-83BB-4D5C-B870-68D6F059E9E6}
2011-04-22 08:29:34 -------- d-----w- c:\users\gordon\appdata\local\{3DA63F5D-2FF1-433B-B950-387E1A9592E4}
2011-04-21 20:28:54 -------- d-----w- c:\users\gordon\appdata\local\{22DF3CE4-95CA-411A-8701-8767183BF78B}
2011-04-21 07:29:14 -------- d-----w- c:\users\gordon\appdata\local\{AE855623-5124-4D7E-9FFB-A5EA4065A545}
2011-04-21 07:04:34 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-04-21 07:03:49 -------- d-----w- c:\program files\common files\DivX Shared
2011-04-21 07:02:49 -------- d-----w- c:\program files\DivX
2011-04-21 07:02:25 -------- d-----w- c:\progra~2\DivX
2011-04-20 19:28:49 -------- d-----w- c:\users\gordon\appdata\local\{23CACE6B-54FB-4DCE-A881-DD320BF72801}
2011-04-20 07:28:09 -------- d-----w- c:\users\gordon\appdata\local\{349EA1D2-6B45-4717-A58A-8C8EED60F2A5}
2011-04-19 19:27:42 -------- d-----w- c:\users\gordon\appdata\local\{D399A5E2-AD9F-4A88-9B3E-50D0DACC01A9}
2011-04-19 06:59:28 -------- d-----w- c:\users\gordon\appdata\local\{2A5A4A0E-75B1-42A7-9D3F-496C3B3C0898}
2011-04-18 18:58:58 -------- d-----w- c:\users\gordon\appdata\local\{23C1ECC2-A435-4EE2-8A4C-6534B47A639B}
2011-04-18 05:41:18 -------- d-----w- c:\users\gordon\appdata\local\{6C67713D-29B4-4EC7-B36C-5E4AD8C1797E}
2011-04-17 17:40:53 -------- d-----w- c:\users\gordon\appdata\local\{5911B811-30ED-4261-8CAD-55C2ACEE5458}
2011-04-17 05:40:27 -------- d-----w- c:\users\gordon\appdata\local\{4F2D05AA-0B12-4872-BEDB-E2656B15628F}
2011-04-16 17:39:52 -------- d-----w- c:\users\gordon\appdata\local\{FC341ED7-810F-4189-9E55-188BF55E4802}
2011-04-15 22:25:33 -------- d-----w- c:\users\gordon\appdata\local\{7377B0E4-4412-43C6-B5EC-864ACA6C11E5}
2011-04-15 05:12:52 -------- d-----w- c:\users\gordon\appdata\local\{FB256337-2B21-4779-9B45-D8A101EB2C5E}
2011-04-14 17:12:27 -------- d-----w- c:\users\gordon\appdata\local\{FB0C0456-381D-43D6-A9E2-3E35824F0B37}
2011-04-14 05:43:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-14 05:10:56 -------- d-----w- c:\users\gordon\appdata\local\{52CCEC9A-F536-41C6-86D8-BE4B1A89A951}
2011-04-13 14:47:17 -------- d-----w- c:\users\gordon\appdata\local\{27546969-6CB7-4535-948A-DAE377259BB0}
2011-04-13 02:46:09 -------- d-----w- c:\users\gordon\appdata\local\{0FD8BAAD-1DAE-443B-A14B-223A72B64256}
2011-04-12 14:44:57 -------- d-----w- c:\users\gordon\appdata\local\{37BA3781-A361-4A93-BA7E-823FE98E5A24}
2011-04-12 00:40:15 -------- d-----w- c:\users\gordon\appdata\local\{7D7FBBCD-6E59-4EB9-8D1F-A5777C33E1EC}
2011-04-11 06:09:08 -------- d-----w- c:\users\gordon\appdata\local\{23439AD8-23B5-423C-BFCB-811638C239E6}
2011-04-10 18:08:37 -------- d-----w- c:\users\gordon\appdata\local\{5A0ED2C0-6B01-4249-ADC1-6F64763C1E65}
.
==================== Find3M ====================
.
2011-05-09 17:39:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-04-28 02:32:55 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-04-10 01:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-10 01:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2008-10-14 21:57:58 106496 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 20:34:48.22 ===============

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:11 AM

Posted 12 May 2011 - 06:44 PM

Hello 604newbie

Welcome to BleepingComputer :)
==========================
Can you please post the Combofix log?
It should be here > C:\Combofix.txt

Also can you go to the vista start button and click it and paste the following file paths into the start search and hit the enter key.
Do each one seperatly.
I just need to know what is inside some of these folders.
When each one opens let me know the contents of them please.

c:\users\gordon\appdata\local\{D9B9A362-4378-4E3D-BC12-BD36BEB186FF}
c:\users\gordon\appdata\local\{2F7B62C0-872A-432D-BF86-30C5001F19BD}
c:\users\gordon\appdata\local\{2DCC3E5B-84D1-4D16-AFCE-264BE8919373}
c:\users\gordon\appdata\local\{084C2965-3C24-4E39-97E6-CF364C68D288}
c:\users\gordon\appdata\local\{470C0055-BFD8-4B4D-B736-882BBDF64B53}
c:\users\gordon\appdata\local\{06F7836A-0D06-4F36-9CC3-A68C2A283FFB}
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 604newbie

604newbie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 13 May 2011 - 07:20 PM

Hello 604newbie

Welcome to BleepingComputer :)
==========================
Can you please post the Combofix log?
It should be here > C:\Combofix.txt

Also can you go to the vista start button and click it and paste the following file paths into the start search and hit the enter key.
Do each one seperatly.
I just need to know what is inside some of these folders.
When each one opens let me know the contents of them please.

c:\users\gordon\appdata\local\{D9B9A362-4378-4E3D-BC12-BD36BEB186FF}
c:\users\gordon\appdata\local\{2F7B62C0-872A-432D-BF86-30C5001F19BD}
c:\users\gordon\appdata\local\{2DCC3E5B-84D1-4D16-AFCE-264BE8919373}
c:\users\gordon\appdata\local\{084C2965-3C24-4E39-97E6-CF364C68D288}
c:\users\gordon\appdata\local\{470C0055-BFD8-4B4D-B736-882BBDF64B53}
c:\users\gordon\appdata\local\{06F7836A-0D06-4F36-9CC3-A68C2A283FFB}


All those folders are empty, there's nothing in them, not even hidden files.
Note: ComboFix file is from May 1st, when I initially encountered the virus/malware.

Attached Files


Edited by 604newbie, 13 May 2011 - 07:22 PM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:11 AM

Posted 14 May 2011 - 06:26 AM

Your logs are clean of malware.
Those folders can be deleted if you wish.
They are used by an infection but it is not present so you can manually delete the folders that are empty in that location.

Are ther any other issues?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 604newbie

604newbie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 14 May 2011 - 07:06 AM

No more issues.

Thanks a lot! :thumbup2:

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:11 AM

Posted 14 May 2011 - 10:47 AM

Great.
============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
============
Also please install the newest version of adobe reader from here > http://get.adobe.com/reader/

Also if you still have Combofix on your desktop then do the following.
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.
============

After that your all set.


===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...



===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware
superantispyware

===Free antivirus links===

This is antivirus and antispyware.
Microsoft Security Essentials
This is free antispyware protection and Antivirus protection.
AVG free
This is just antivirus protection.
Antivir
This is antivirus and antispyware protection.
Avast
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users