Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista Internet Defender 2011 & more... help!


  • This topic is locked This topic is locked

#16
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Comfix log as follows:

ComboFix 11-05-07.03 - Alex 08/05/2011 17:21:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1704 [GMT 1:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\users\Alex\AppData\Local\{28FB2A81-FF17-43EC-A199-40B68AA6CDC1}
c:\users\Alex\AppData\Local\{28FB2A81-FF17-43EC-A199-40B68AA6CDC1}\chrome\content\overlay.xul
c:\users\Alex\AppData\Local\{28FB2A81-FF17-43EC-A199-40B68AA6CDC1}\install.rdf
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\plugs
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\shed
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\dumphive.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\32.ICO
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\FFVJPlayer.exe
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\Uninstall.exe
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\Nagasoft\vjocx.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 16:36 . 2011-05-08 16:40 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-05-08 16:36 . 2011-05-08 16:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-08 16:36 . 2011-05-08 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 14:39 . 2011-05-08 15:29 -------- d-----w- c:\windows\system32\config\systemprofile\DoctorWeb
2011-05-08 14:30 . 2011-05-08 15:27 196955 ----a-w- c:\windows\Explorermgr.exe
2011-05-08 14:30 . 2011-05-08 14:30 196955 ----a-w- c:\windows\system32\verclsidmgr.exe
2011-05-08 14:30 . 2011-05-08 14:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2011-05-08 12:24 . 2011-05-08 12:24 -------- d-----w- c:\program files\Virgin Media
2011-05-08 12:15 . 2011-05-08 12:15 -------- d-----w- C:\_OTL
2011-05-08 10:19 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2F63D00-653E-4E83-AE36-FA0FA76661B6}\mpengine.dll
2011-05-07 21:03 . 2011-05-07 21:03 284160 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\icos.exe
2011-05-07 11:00 . 2011-05-07 11:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2011-05-04 07:37 . 2011-05-04 07:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-05-04 07:37 . 2011-05-04 07:37 -------- d-----w- c:\windows\Sun
2011-05-03 14:18 . 2011-05-03 14:18 -------- d-----w- C:\Temp
2011-05-03 14:18 . 2008-05-07 19:47 20732025 ----a-w- c:\temp\EasyTutuSetup\TutuCore.exe
2011-05-03 14:18 . 2006-01-01 04:17 246179 ----a-w- c:\temp\EasyTutuSetup\baldur.exe
2011-05-03 14:18 . 1999-01-12 12:42 274920 ----a-w- c:\temp\EasyTutuSetup\Setup.exe
2011-05-03 14:18 . 1998-10-29 16:45 506807 ----a-w- c:\temp\EasyTutuSetup\Uninst\ISUninst.exe
2011-05-03 14:18 . 1998-10-27 13:06 227797 ----a-w- c:\temp\EasyTutuSetup\_ISDel.exe
2011-05-03 14:18 . 1998-09-29 17:34 234839 ----a-w- c:\temp\EasyTutuSetup\_Setup.dll
2011-05-03 13:36 . 2011-05-03 13:36 -------- d-----w- C:\Black Isle
2011-05-02 16:05 . 2000-01-04 05:39 414123 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-05-02 13:13 . 2011-04-14 16:41 142296 ------w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 13:13 . 2011-04-14 16:41 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 13:13 . 2011-04-14 16:41 781272 ------w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 13:13 . 2011-04-14 16:41 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 13:13 . 2011-04-14 16:41 1874904 ------w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 13:13 . 2011-04-14 16:41 15832 ------w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 13:13 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 13:13 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-02 10:05 . 2011-03-03 15:59 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-05-02 10:05 . 2011-03-03 15:59 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-05-02 10:05 . 2011-03-03 15:59 139368 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-05-02 10:05 . 2011-03-03 15:59 837224 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-05-01 19:20 . 2011-05-01 19:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-04-28 09:59 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 09:59 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 09:58 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-15 11:48 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 11:48 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 11:48 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 11:48 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 11:48 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 11:48 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 11:48 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 20:50 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 20:50 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 10:22 . 2011-03-21 12:49 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-05-04 10:20 . 2011-03-21 12:48 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-04-08 05:14 . 2011-05-01 19:13 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-07 21:43 . 2011-04-07 21:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:43 . 2011-04-07 21:43 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-04-07 21:43 . 2011-04-07 21:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:43 . 2011-04-07 21:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 21:43 . 2011-04-07 21:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:43 . 2011-04-07 21:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:43 . 2011-04-07 21:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:43 . 2011-04-07 21:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-21 12:47 . 2011-03-21 12:47 122360 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-03-21 12:46 . 2011-03-21 12:46 23928 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-03-21 12:46 . 2011-03-21 12:46 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-03-12 13:52 . 2009-06-02 17:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-12 13:52 . 2009-06-02 17:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-03 15:40 . 2011-04-28 09:59 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 09:59 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 09:59 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 09:59 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 09:49 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:49 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:49 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-14 16:41 . 2011-05-02 13:13 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ------w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-01 397312]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-03-21 439536]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-5 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-03 17:01 748386 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-02-12 17152]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 Micorsoft Windows Service;Micorsoft Windows Service;c:\windows\system32\config\SYSTEM~1\AppData\Local\Temp\fktssnoe.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-03 12872]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-03-21 23928]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-03-21 22536]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-03 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-03 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-03 67656]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-03-21 122360]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-11 233472]
S2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2009-06-08 49152]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-03-21 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-03-21 97520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-03-21 1541360]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-PPAP - c:\program files\Common Files\PPLiveNetwork\PPAP.exe
MSConfigStartUp-PPLiveVA - c:\program files\PPLive\PPVA\PPLiveVA.exe
AddRemove-HijackThis - c:\mgtools\HijackThis.exe
AddRemove-VJOcx2.0 - c:\windows\system32\Nagasoft\Uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 17:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x7263694D
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP0000001A7354F517E4C2F494 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3364)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-05-08 17:47:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-08 16:47
ComboFix2.txt 2008-12-14 17:08
.
Pre-Run: 29,991,424,000 bytes free
Post-Run: 29,642,469,376 bytes free
.
- - End Of File - - 0EE56A646704FB0F0B00512190E9E264
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You would think that malware writers would learn to spell :) On completion of this run can you let me know what problems remain

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\config\SYSTEM~1\AppData\Local\Temp\fktssnoe.sys
c:\windows\TEMP\TMP0000001A7354F517E4C2F494

Driver::
Micorsoft Windows Service


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#18
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Haha yeah you would have thought so... guess nobody's perfect :)

I'm still getting messages from Sophos: 'Troj/Inor-Fam' ; 'Hips/regMod-012' ; Hips/RegMod-009' ; 'W32Ramnit-A' ; 'Mal generic-L' etc literally 1000s of files have been quarantined. Could these be false positives?

On startup I'm getting IE browser windows opening again.

Latest combofix & OTL logs as follows:

Thank you
A

ComboFix 11-05-07.03 - Alex 08/05/2011 18:25:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1961 [GMT 1:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\config\SYSTEM~1\AppData\Local\Temp\fktssnoe.sys"
"c:\windows\TEMP\TMP0000001A7354F517E4C2F494"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 17:38 . 2011-05-08 17:41 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-05-08 17:38 . 2011-05-08 17:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-08 17:38 . 2011-05-08 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 14:39 . 2011-05-08 15:29 -------- d-----w- c:\windows\system32\config\systemprofile\DoctorWeb
2011-05-08 14:30 . 2011-05-08 15:27 196955 ----a-w- c:\windows\Explorermgr.exe
2011-05-08 14:30 . 2011-05-08 14:30 196955 ----a-w- c:\windows\system32\verclsidmgr.exe
2011-05-08 14:30 . 2011-05-08 14:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2011-05-08 12:24 . 2011-05-08 12:24 -------- d-----w- c:\program files\Virgin Media
2011-05-08 12:15 . 2011-05-08 12:15 -------- d-----w- C:\_OTL
2011-05-08 10:19 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2F63D00-653E-4E83-AE36-FA0FA76661B6}\mpengine.dll
2011-05-07 21:03 . 2011-05-07 21:03 284160 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\icos.exe
2011-05-07 11:00 . 2011-05-07 11:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2011-05-04 07:37 . 2011-05-04 07:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-05-04 07:37 . 2011-05-04 07:37 -------- d-----w- c:\windows\Sun
2011-05-03 14:18 . 2011-05-03 14:18 -------- d-----w- C:\Temp
2011-05-03 14:18 . 2008-05-07 19:47 20732025 ----a-w- c:\temp\EasyTutuSetup\TutuCore.exe
2011-05-03 14:18 . 2006-01-01 04:17 246179 ----a-w- c:\temp\EasyTutuSetup\baldur.exe
2011-05-03 14:18 . 1999-01-12 12:42 274920 ----a-w- c:\temp\EasyTutuSetup\Setup.exe
2011-05-03 14:18 . 1998-10-29 16:45 506807 ----a-w- c:\temp\EasyTutuSetup\Uninst\ISUninst.exe
2011-05-03 14:18 . 1998-10-27 13:06 227797 ----a-w- c:\temp\EasyTutuSetup\_ISDel.exe
2011-05-03 14:18 . 1998-09-29 17:34 234839 ----a-w- c:\temp\EasyTutuSetup\_Setup.dll
2011-05-03 13:36 . 2011-05-03 13:36 -------- d-----w- C:\Black Isle
2011-05-02 16:05 . 2000-01-04 05:39 414123 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-05-02 13:13 . 2011-04-14 16:41 142296 ------w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 13:13 . 2011-04-14 16:41 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 13:13 . 2011-04-14 16:41 781272 ------w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 13:13 . 2011-04-14 16:41 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 13:13 . 2011-04-14 16:41 1874904 ------w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 13:13 . 2011-04-14 16:41 15832 ------w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 13:13 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 13:13 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-02 10:05 . 2011-03-03 15:59 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-05-02 10:05 . 2011-03-03 15:59 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-05-02 10:05 . 2011-03-03 15:59 139368 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-05-02 10:05 . 2011-03-03 15:59 837224 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-05-01 19:20 . 2011-05-01 19:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-04-28 09:59 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 09:59 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 09:58 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-15 11:48 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 11:48 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 11:48 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 11:48 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 11:48 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 11:48 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 11:48 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 20:50 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 20:50 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 10:22 . 2011-03-21 12:49 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-05-04 10:20 . 2011-03-21 12:48 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-04-08 05:14 . 2011-05-01 19:13 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-07 21:43 . 2011-04-07 21:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:43 . 2011-04-07 21:43 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-04-07 21:43 . 2011-04-07 21:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:43 . 2011-04-07 21:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 21:43 . 2011-04-07 21:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:43 . 2011-04-07 21:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:43 . 2011-04-07 21:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:43 . 2011-04-07 21:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-21 12:47 . 2011-03-21 12:47 122360 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-03-21 12:46 . 2011-03-21 12:46 23928 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-03-21 12:46 . 2011-03-21 12:46 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-03-12 13:52 . 2009-06-02 17:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-12 13:52 . 2009-06-02 17:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-03 15:40 . 2011-04-28 09:59 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 09:59 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 09:59 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 09:59 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 09:49 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:49 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:49 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-14 16:41 . 2011-05-02 13:13 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ------w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-01 397312]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-03-21 439536]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-5 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-03 17:01 748386 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-02-12 17152]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-03 12872]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-03-21 23928]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-03-21 22536]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-03 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-03 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-03 67656]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-03-21 122360]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-11 233472]
S2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2009-06-08 49152]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-03-21 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-03-21 97520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-03-21 1541360]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 18:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,4b,22,0f,ae,b9,48,4a,b5,10,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,4b,22,0f,ae,b9,48,4a,b5,10,a8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4868)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-05-08 18:48:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-08 17:48
ComboFix2.txt 2011-05-08 16:47
ComboFix3.txt 2008-12-14 17:08
.
Pre-Run: 29,572,079,616 bytes free
Post-Run: 29,536,788,480 bytes free
.
- - End Of File - - 1CEB74CD473085DCA6A7B836B0FD36C4


OTL logfile created on: 08/05/2011 18:52:32 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.05 Gb Total Space | 27.56 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 110.07 Gb Total Space | 18.48 Gb Free Space | 16.79% Space Free | Partition Type: NTFS
Drive E: | 626.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 955.72 Mb Total Space | 590.33 Mb Free Space | 61.77% Space Free | Partition Type: FAT

Computer Name: ALEX_LAPTOP | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 18:51:48 | 000,196,955 | ---- | M] (ic#code) -- C:\Program Files\Acer\Empowering Technology\eRecovery\HidChkmgr.exe
PRC - [2011/05/08 18:51:32 | 000,196,955 | ---- | M] (ic#code) -- C:\Acer\Mobility Center\CompileMOFmgr.exe
PRC - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/04/07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/03/21 13:47:20 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/01 03:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/04/01 02:01:58 | 000,793,096 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/07 11:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 07:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/23 18:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/21 13:47:29 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/03/21 13:46:51 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/03/21 13:46:38 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/03/21 13:46:32 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/03/12 14:31:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 23:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/07 23:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/05 19:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/08 15:19:08 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/12/07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/21 13:47:01 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011/03/21 13:46:40 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/03/21 13:46:32 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/03/03 16:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/08/03 18:01:37 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/03 18:01:37 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/18 18:03:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/18 18:03:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/02/03 23:51:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/18 23:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/12 02:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2008/01/17 02:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/04/24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:13:02 | 000,000,000 | ---D | M]

[2009/01/17 14:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2011/05/05 09:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions
[2010/08/21 09:25:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/03 13:40:44 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/05/03 14:06:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(169)
[2010/07/25 18:02:29 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2009/02/16 15:52:29 | 000,000,000 | ---D | M] (EBrary Reader Plugin) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\extensions\[email protected]
[2011/05/08 13:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/15 17:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/19 14:38:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AO4WD6IK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/08 18:41:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 18:48:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp
[2011/05/08 18:41:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/08 18:38:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/08 18:16:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/08 15:30:53 | 000,196,955 | ---- | C] (ic#code) -- C:\Windows\Explorermgr.exe
[2011/05/08 15:30:51 | 000,196,955 | ---- | C] (ic#code) -- C:\Windows\System32\verclsidmgr.exe
[2011/05/08 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\tdsskiller
[2011/05/08 13:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media
[2011/05/08 13:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2011/05/08 13:15:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 11:33:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/04 08:37:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/05/03 15:18:52 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/03 14:36:10 | 000,000,000 | ---D | C] -- C:\Black Isle
[2011/05/01 20:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/01 20:13:43 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/05/01 20:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/01 11:00:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/13 17:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\Windows\System32\SgE.interop.MSXML2.dll

========== Files - Modified Within 30 Days ==========

[2011/05/08 18:53:28 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job
[2011/05/08 18:51:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/08 18:51:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 18:51:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 18:51:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 18:51:10 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 18:41:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/08 17:53:09 | 000,610,766 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/08 17:53:09 | 000,109,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/08 17:52:01 | 000,186,880 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 17:16:06 | 004,343,565 | R--- | M] () -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/05/08 16:27:36 | 000,196,955 | ---- | M] (ic#code) -- C:\Windows\Explorermgr.exe
[2011/05/08 15:30:51 | 000,196,955 | ---- | M] (ic#code) -- C:\Windows\System32\verclsidmgr.exe
[2011/05/08 15:30:34 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/08 15:24:57 | 062,004,624 | ---- | M] () -- C:\Users\Alex\Desktop\ut32myyb.exe
[2011/05/08 14:29:44 | 001,280,815 | ---- | M] () -- C:\Users\Alex\Desktop\tdsskiller.zip
[2011/05/08 11:33:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2011/05/08 10:18:47 | 318,360,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/07 12:43:15 | 000,001,356 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2011/05/06 16:50:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/05 08:53:16 | 000,000,942 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/04 11:22:30 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/05/04 11:20:55 | 000,028,912 | ---- | M] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2011/05/04 09:10:54 | 000,000,632 | ---- | M] () -- C:\Users\Alex\Desktop\exefix_vista.zip
[2011/05/01 11:00:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/04/16 17:12:13 | 000,378,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/13 17:12:03 | 020,586,196 | ---- | M] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe

========== Files Created - No Company Name ==========

[2011/05/08 17:52:08 | 000,000,632 | ---- | C] () -- C:\Users\Alex\Desktop\exefix_vista.zip
[2011/05/08 17:17:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/08 17:17:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/08 17:03:14 | 004,343,565 | R--- | C] () -- C:\Users\Alex\Desktop\ComboFix.exe
[2011/05/08 16:41:22 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/08 15:30:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/08 15:22:06 | 062,004,624 | ---- | C] () -- C:\Users\Alex\Desktop\ut32myyb.exe
[2011/05/08 14:29:43 | 001,280,815 | ---- | C] () -- C:\Users\Alex\Desktop\tdsskiller.zip
[2011/05/02 14:13:06 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/01 20:13:41 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/05/01 11:00:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/05/01 11:00:23 | 318,360,527 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/13 17:11:57 | 020,586,196 | ---- | C] () -- C:\Users\Alex\Documents\vlc-1.1.8-win32.exe
[2011/01/29 14:30:29 | 000,000,112 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Current.prx
[2010/10/02 15:17:54 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/06 09:06:09 | 000,000,760 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\setup_ldm.iss
[2010/04/04 18:16:27 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2009/10/21 21:36:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 21:36:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 14:59:26 | 000,282,624 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2009/07/10 14:59:20 | 000,278,528 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2009/07/10 14:59:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2009/07/10 14:59:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SGDt32.dll
[2009/07/10 14:59:12 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2009/07/10 14:59:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGSchemeXml.dll
[2009/07/10 14:59:00 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2009/07/10 14:58:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2009/07/10 14:58:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2009/07/10 14:58:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2009/07/10 14:58:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2009/04/06 13:29:20 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/04/06 13:29:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/04 11:40:02 | 000,001,204 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2009/02/20 02:22:58 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2009/02/13 00:07:29 | 000,158,720 | ---- | C] () -- C:\Windows\RefUinst.exe
[2008/12/23 09:33:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\SgELauncher.dll
[2008/12/23 09:33:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SgEData.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2008/12/22 10:26:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2008/12/22 10:26:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2008/12/14 18:42:25 | 000,011,254 | ---- | C] () -- C:\Windows\System32\locate.com
[2008/12/14 17:54:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008/12/14 17:54:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008/12/14 17:54:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/12/14 17:27:37 | 000,000,691 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\GetValue.vbs
[2008/12/14 17:27:37 | 000,000,035 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SetValue.bat
[2008/12/10 16:29:41 | 000,000,116 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/10 02:39:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/02 12:02:19 | 000,013,701 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\UserTile.png
[2008/12/01 15:37:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\Windows\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SG3D32.DLL
[2008/10/03 10:46:40 | 000,001,356 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2008/09/19 19:55:39 | 000,141,150 | ---- | C] () -- C:\Windows\hpoins14.dat
[2008/09/09 23:24:16 | 000,186,880 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 23:09:20 | 000,000,477 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/07 20:30:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/05 11:59:57 | 000,006,353 | ---- | C] () -- C:\Windows\UN070618.INI
[2008/07/24 12:03:01 | 000,749,568 | ---- | C] () -- C:\Windows\AcerStore.exe
[2008/07/24 11:22:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/07/24 11:19:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/24 11:19:26 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/24 11:19:26 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2008/07/24 11:19:26 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/07/24 11:17:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/07/24 11:17:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/04/30 10:56:55 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/30 10:54:06 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/30 09:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/30 09:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/04/30 09:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/04/30 09:09:01 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007/09/20 02:14:41 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,378,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,610,766 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\Windows\System32\SGRep32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\Windows\System32\CdI5T.drv
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SgHmZLib.dll

========== LOP Check ==========

[2008/09/08 08:56:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer
[2008/04/30 10:52:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Acer GameZone Console
[2009/04/22 19:46:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools
[2009/02/04 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2009/02/04 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Pro
[2011/05/04 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp
[2008/09/07 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\eSobi
[2009/04/27 19:05:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2009/08/01 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\JAM Software
[2009/01/26 01:50:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Moyea
[2008/09/17 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2008/12/02 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PeerNetworking
[2011/03/12 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Polynomial
[2009/06/13 14:55:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2008/12/03 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StreamTorrent
[2009/06/14 20:04:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SystemRequirementsLab
[2010/04/04 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template
[2011/05/02 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2011/05/08 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Virgin Media
[2011/05/08 18:49:51 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/08 18:53:28 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

< End of report >
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you update Sophos please and also let me kow a few files that it is quarantining

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\Explorermgr.exe
C:\Windows\System32\verclsidmgr.exe::


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt .

  • 0

#20
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Example of files quarantined by Sophos attached.

I've got to head off for a few hours, is there a good time to come back?

Thank you so much for all your help today, it's very much appreciated :unsure: :)

Please find latest combofix log as follows:

ComboFix 11-05-07.03 - Alex 08/05/2011 19:34:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1863 [GMT 1:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Explorermgr.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Explorermgr.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 18:55 . 2011-05-08 18:59 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-05-08 18:55 . 2011-05-08 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-08 18:55 . 2011-05-08 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 14:39 . 2011-05-08 15:29 -------- d-----w- c:\windows\system32\config\systemprofile\DoctorWeb
2011-05-08 14:30 . 2011-05-08 14:30 196955 ----a-w- c:\windows\system32\verclsidmgr.exe
2011-05-08 14:30 . 2011-05-08 14:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2011-05-08 12:24 . 2011-05-08 12:24 -------- d-----w- c:\program files\Virgin Media
2011-05-08 12:15 . 2011-05-08 12:15 -------- d-----w- C:\_OTL
2011-05-08 10:19 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2F63D00-653E-4E83-AE36-FA0FA76661B6}\mpengine.dll
2011-05-07 21:03 . 2011-05-07 21:03 284160 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\icos.exe
2011-05-07 11:00 . 2011-05-07 11:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2011-05-04 07:37 . 2011-05-04 07:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-05-04 07:37 . 2011-05-04 07:37 -------- d-----w- c:\windows\Sun
2011-05-03 14:18 . 2011-05-03 14:18 -------- d-----w- C:\Temp
2011-05-03 14:18 . 2008-05-07 19:47 20732025 ----a-w- c:\temp\EasyTutuSetup\TutuCore.exe
2011-05-03 14:18 . 2006-01-01 04:17 246179 ----a-w- c:\temp\EasyTutuSetup\baldur.exe
2011-05-03 14:18 . 1999-01-12 12:42 274920 ----a-w- c:\temp\EasyTutuSetup\Setup.exe
2011-05-03 14:18 . 1998-10-29 16:45 506807 ----a-w- c:\temp\EasyTutuSetup\Uninst\ISUninst.exe
2011-05-03 14:18 . 1998-10-27 13:06 227797 ----a-w- c:\temp\EasyTutuSetup\_ISDel.exe
2011-05-03 14:18 . 1998-09-29 17:34 234839 ----a-w- c:\temp\EasyTutuSetup\_Setup.dll
2011-05-03 13:36 . 2011-05-03 13:36 -------- d-----w- C:\Black Isle
2011-05-02 16:05 . 2000-01-04 05:39 414123 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-05-02 13:13 . 2011-04-14 16:41 142296 ------w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 13:13 . 2011-04-14 16:41 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 13:13 . 2011-04-14 16:41 781272 ------w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 13:13 . 2011-04-14 16:41 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 13:13 . 2011-04-14 16:41 1874904 ------w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 13:13 . 2011-04-14 16:41 15832 ------w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 13:13 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 13:13 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-02 10:05 . 2011-03-03 15:59 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-05-02 10:05 . 2011-03-03 15:59 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-05-02 10:05 . 2011-03-03 15:59 139368 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-05-02 10:05 . 2011-03-03 15:59 837224 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-05-01 19:20 . 2011-05-01 19:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-04-28 09:59 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 09:59 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 09:58 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-15 11:48 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 11:48 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 11:48 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 11:48 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 11:48 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 11:48 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 11:48 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-13 20:50 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 20:50 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 10:22 . 2011-03-21 12:49 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-05-04 10:20 . 2011-03-21 12:48 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-04-08 05:14 . 2011-05-01 19:13 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-07 21:43 . 2011-04-07 21:43 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:43 . 2011-04-07 21:43 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-04-07 21:43 . 2011-04-07 21:43 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:43 . 2011-04-07 21:43 293992 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 21:43 . 2011-04-07 21:43 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:43 . 2011-04-07 21:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:43 . 2011-04-07 21:43 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:43 . 2011-04-07 21:43 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-03-21 12:47 . 2011-03-21 12:47 122360 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-03-21 12:46 . 2011-03-21 12:46 23928 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-03-21 12:46 . 2011-03-21 12:46 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-03-12 13:52 . 2009-06-02 17:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-12 13:52 . 2009-06-02 17:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-03 15:40 . 2011-04-28 09:59 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 09:59 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 09:59 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 09:59 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 09:49 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:49 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:49 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-14 16:41 . 2011-05-02 13:13 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ------w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-01 397312]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-03-21 439536]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-5 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-08-03 17:01 748386 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-02-12 17152]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-03 12872]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-03-21 23928]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-03-21 22536]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-03 717296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-03 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-03 67656]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-03-21 122360]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-11 233472]
S2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2009-06-08 49152]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-03-21 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-03-21 97520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-03-21 1541360]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{0FDD1B50-70D8-410B-9FF7-7E3E8B6880B5}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ao4wd6ik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 19:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,4b,22,0f,ae,b9,48,4a,b5,10,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,4b,22,0f,ae,b9,48,4a,b5,10,a8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2736)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-05-08 20:06:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-08 19:06
ComboFix2.txt 2011-05-08 17:48
ComboFix3.txt 2011-05-08 16:47
ComboFix4.txt 2008-12-14 17:08
.
Pre-Run: 29,561,856,000 bytes free
Post-Run: 29,424,795,648 bytes free
.
- - End Of File - - 2B1A5CA3C8C5DDD47B558882F91D1C2B

Attached Thumbnails

  • sophos quarantine eg.jpg

  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting alerts ? As I am concerned about how far this has gone. However, I am surprised Dr. Web did not catch it
  • 0

#22
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Lol don't say that. Yes, Sophos is still throwing up alerts, right now it's going with 'W32/Ramnit-A'.
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My recommendation at this stage would be to back up your data, as it is too firmly entrenched to remove. Then reformat and re-install windows

Right now, the best thing you can do is to backup, preferably to CD, all your important data, documents, pictures, movies, and songs.

DO NOT backup any applications or installers and DO NOT backup any files with the following extensions:
  • .exe
  • .scr
  • .htm
  • .html
  • .xml
  • .zip
  • .rar
  • .doc
  • .jpg
  • .pdf
For more information on file infectors, and why you need to reformat, have a read of miekiemoes blog here.

I will be here to assist you as you do this - any help needed just shout

I am sorry I cannot give any better news.
  • 0

#24
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ugh.. oh well, thanks anyway. Somehow I always knew this day would come.

So... how would I go about refomatting and re-installing vista?

I don't have a recovery disk but I do have a back up image made just after purchase if that helps?
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That would be Ideal - What is the make of your computer ? As there may be a recovery partition we could use
  • 0

Advertisements


#26
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Acer 5930g. There should be a recovery partition (though I've been getting error messages refering to it) - either way I think the disks I've got are an image of it.

Just backing up what I can now.
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you next reboot, once the beeps have finished press ALT+F10 simultaneously

Let me know what menu you get up
  • 0

#28
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok, I get a menu asking if I want to restore to factory default, or restore from a user back up.

Clicked on user backup and put in disk, but although it recognised the disk I didn't get an option to continue.

A
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With this infection I would recommend that you go for a factory default as that will totally wipe the disc and anything on it... But back up your stuff first though
  • 0

#30
Sybarite07

Sybarite07

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
All done.

One more question... I have 2 partitions, the second of which the recovery process hasn't touched, does this need to be reformated as well?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP