Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't start normally


  • This topic is locked This topic is locked
2 replies to this topic

#1 matrixreloaded

matrixreloaded

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 24 September 2012 - 12:43 AM

I use sophos enpoint and sophos antivirus. I got a message to allow an appdata/roaming...routine, which I allowed as it sounded like an MS system routine. Then I couldn't access the computer. On restart, it starts normally, my desktop appears, sophos starts up, then it goes to a white screen, then to an IE screen the tells me that I am not connected to the internet. Refreshing just brings me back to the same screen. I can't access any programs and even the Task Manager won't run. I can start the system normally when in safe mode only, which is the mode I have run the DDS and posted this report. I ran a Sophos scan, it quarantined an Shh/Updater-b, but still am unable to start in normal mode. ESETonline scan only came up with a doubleclick tracking cookie.
Thanks in advance for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by goad at 22:28:01 on 2012-09-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3958.2632 [GMT -7:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
FW: Sophos Client Firewall *Enabled* {5DC05945-DCB7-74B7-ECB2-D2D780BF0EF1}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IDXHlprObj Class: {31816979-f864-4acf-919f-d0b3b56432e6} - C:\Windows\Downloaded Program Files\IDXIEController.DLL
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: {ce7c3cf0-4b15-11d1-abed-709549c10000} - IEHlprObj Class
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DictateBHO: {e12a882b-f14f-4440-9bc0-84a5eb766605} - C:\Windows\Downloaded Program Files\DictateBar.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\goad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Task Scheduler] "C:\Users\goad\AppData\Roaming\Task Scheduler\Task Scheduler.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Rocket Live! Central 2] "C:\Program Files (x86)\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" /mode2
mRun: [V0650Mon.exe] C:\Windows\V0650Mon.exe
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\goad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\goad\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\goad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\goad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHAREF~1.LNK - C:\Program Files (x86)\ShareFile\ShareFile Desktop Sync\ShareFile Desktop Sync.exe
StartupFolder: C:\Users\goad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKSC~1.LNK - C:\Users\goad\AppData\Roaming\Task Scheduler\Task Scheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files (x86)\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Save to DataVault - file://C:\Program Files (x86)\DataVault\DataVault.exe/../iemenuext.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: sharepoint.com\uscpharmacy1
Trusted Zone: sharepoint.com\uscpharmacy1-admin
Trusted Zone: sharepoint.com\uscpharmacy1-my
Trusted Zone: usc.edu\sslvpn
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - hxxps://asis.cmg.usc.edu/ahsweb/Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - hxxps://asis.cmg.usc.edu/ahsweb/TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - hxxps://asis.cmg.usc.edu/ahswebTouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - hxxps://asis.cmg.usc.edu/ahsweb/touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {49727C2C-01F6-4F27-9D12-A877E77C82FF} - hxxps://asis.cmg.usc.edu/ahsweb/AHSWeb/IDXWF/Context/idxwfcc.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://sslvpn2.usc.edu/CACHE/stc/10/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn2.usc.edu/CACHE/stc/10/binaries/vpnweb.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - hxxps://asis.cmg.usc.edu/ahsweb/TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - hxxps://asis.cmg.usc.edu/ahsweb/TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - hxxps://asis.cmg.usc.edu/ahsweb/Touchworks/DictionaryManager.CAB
DPF: {A325C946-0C71-4098-AC94-46694E46CEB4} - hxxps://asis.cmg.usc.edu/ahsweb/IDXWF/Context/IDXTools.cab
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - hxxps://asis.cmg.usc.edu/ahsweb/TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - hxxps://asis.cmg.usc.edu/ahsweb/TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - hxxps://asis.cmg.usc.edu/ahsweb/Touchworks/DictateBar.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxps://asis.cmg.usc.edu/ahsweb/TouchWorks/Common/Components/Printing/activexviewer.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - hxxps://asis.cmg.usc.edu/ahsweb/TouchWorks/docworks/chworks/note/aic_viewer2.cab
DPF: {D14CA9D7-7C03-4E39-B076-0F3E852E705B} - hxxps://asis.cmg.usc.edu/ahsweb/ahsweb/IDXWF/Context/IDXWFCB.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP4-14323/webex/ieatgpc1.cab
DPF: {EE7747CC-FFC7-4845-9178-DEF33578F752} - hxxps://asis.cmg.usc.edu/ahsweb/ahsweb/IDXWF/Context/IDXTools.cab
DPF: {EECF9899-FC3A-4841-986F-30B874921B36} - hxxps://asis.cmg.usc.edu/ahsweb/ahsweb/IDXWF/Context/IDXBrowser.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{5D9AB08A-DC01-4C82-BC0F-75AD89BEEF0D} : DhcpNameServer = 192.168.1.1 68.238.64.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dllL, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IDXHlprObj Class: {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Windows\Downloaded Program Files\IDXIEController.DLL
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - IEHlprObj Class
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: DictateBHO: {E12A882B-F14F-4440-9BC0-84A5EB766605} - C:\Windows\Downloaded Program Files\DictateBar.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Rocket Live! Central 2] "C:\Program Files (x86)\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" /mode2
mRun-x64: [V0650Mon.exe] C:\Windows\V0650Mon.exe
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dllL, C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\goad\AppData\Roaming\Mozilla\Firefox\Profiles\wcz56uph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.usc.edu/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=
FF - prefs.js: keyword.enabled - false
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\goad\AppData\Roaming\Mozilla\Firefox\Profiles\wcz56uph.default\extensions\screencaptureelite@plugin\platform\WINNT_x86-msvc\components\SCEFF3Client.dll
FF - component: C:\Users\goad\AppData\Roaming\Mozilla\Firefox\Profiles\wcz56uph.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DataVault\npapi.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\goad\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\goad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\goad\AppData\Roaming\Mozilla\Firefox\Profiles\wcz56uph.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\goad\AppData\Roaming\Mozilla\Firefox\Profiles\wcz56uph.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\goad\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 scfdriver;SCF Kernel Driver;\??\C:\Windows\system32\Drivers\scfdriver.sys --> C:\Windows\system32\Drivers\scfdriver.sys [?]
R1 scfndis;Sophos Client Firewall NDIS packet filter;C:\Windows\system32\DRIVERS\scfndis.sys --> C:\Windows\system32\DRIVERS\scfndis.sys [?]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-7-29 139840]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [2012-7-29 150552]
R2 Sophos Client Firewall;Sophos Client Firewall;C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [2012-7-29 89112]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S1 DVMIO;DVMIO;D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-5-4 20624]
S1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DvmMDES;DeviceVM Meta Data Export Service;D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-5-4 327680]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-27 13336]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 335888]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]
S2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-9-17 216640]
S2 SFUpdater;ShareFile Auto-update Service;C:\Program Files (x86)\ShareFile\Updater\UpdateService.exe [2011-8-10 24576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-8-8 232512]
S2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-7-29 357400]
S2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-9-17 2863168]
S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012-7-29 2009152]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-27 2533400]
S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-6-19 645088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250288]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 sdcfilter;sdcfilter;C:\Windows\system32\DRIVERS\sdcfilter.sys --> C:\Windows\system32\DRIVERS\sdcfilter.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 V0650Vid;Rocketfish HD Webcam Driver;C:\Windows\system32\DRIVERS\V0650Vid.sys --> C:\Windows\system32\DRIVERS\V0650Vid.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2012-09-23 21:21:40 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2012-09-23 21:21:39 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-09-23 21:17:05 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-23 07:07:35 -------- d-----w- C:\Users\goad\AppData\Roaming\Task Scheduler
2012-09-20 16:57:51 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-20 16:57:00 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 16:57:00 -------- d-----w- C:\Program Files\iTunes
2012-09-20 16:57:00 -------- d-----w- C:\Program Files\iPod
2012-09-20 16:57:00 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-12 20:17:22 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 20:17:22 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 20:17:18 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 20:17:17 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 20:17:14 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 20:17:14 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 20:17:14 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-05 05:03:24 -------- d-----w- C:\Program Files (x86)\Avaya
2012-09-05 02:36:34 -------- d-----w- C:\TPTemp
.
==================== Find3M ====================
.
2012-09-21 18:01:24 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 18:01:24 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-08 00:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 20:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 20:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-29 07:43:12 55072 ----a-w- C:\Windows\System32\drivers\scfndis.sys
2012-07-29 07:42:59 102688 ----a-w- C:\Windows\System32\drivers\scfdriver.sys
2012-07-29 07:42:44 36640 ----a-w- C:\Windows\System32\drivers\sdcfilter.sys
2012-07-29 07:42:37 37400 ----a-w- C:\Windows\System32\SophosBootTasks.exe
2012-07-29 07:42:37 144672 ----a-w- C:\Windows\System32\drivers\savonaccess.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 20:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 20:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 02:14:52 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 22:28:37.12 ===============

BC AdBot (Login to Remove)

 


#2 matrixreloaded

matrixreloaded
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 24 September 2012 - 04:08 PM

Ran a couple different malware scans and it now seems to be running ok. Please remove this request.
thank you.

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:34 PM

Posted 27 September 2012 - 01:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users