Jump to content

Recommended Posts

I have something on my computer acting as an Anti Spyware. It is called XP AntiSpyware 2012. In my task manager it is running as gvo.exe, the only way I have been able to stop it is by ending the process tree, but it still eventually pops up. I tried running MalwareBytes, but every time I click on the MalwareBytes icon, it does not open, but the gvo.exe starts right back up. This happens every time I try. I installed Microsoft Security Essentials, but it will not let me update it. After scanning it with Microsoft SE nothing was detected, but this gvo.exe keeps running as this XP AntiSpyware 2012. Please help!

I ran the DDS.txt and this is what came up in notepad-

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by user at 13:54:32 on 2011-11-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1013 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [757134825] c:\documents and settings\user\local settings\application data\gvo.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266869998921

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{3EC04F9B-7123-4F7B-8569-74EB9D5B2918} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{9A53CEA2-EC2D-4AEB-87DC-223AEE3F7C30} : DhcpNameServer = 192.168.254.254 192.168.254.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\1e9su1zv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.search.selectedEngine - 4 Loot

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\1e9su1zv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\1e9su1zv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - plugin: c:\documents and settings\user\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\opera 10.60 beta\program\plugins\npdsplay.dll

FF - plugin: c:\program files\opera 10.60 beta\program\plugins\npwmsdrm.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKslf420448d;MpKslf420448d;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{383b89f5-5546-45e3-9699-fe6327776bf0}\MpKslf420448d.sys [2011-11-28 28752]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]

S0 cerc6;cerc6; [x]

S1 MpKsl00287cb6;MpKsl00287cb6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl00287cb6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl00287cb6.sys [?]

S1 MpKsl024c475c;MpKsl024c475c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl024c475c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl024c475c.sys [?]

S1 MpKsl0cc50ada;MpKsl0cc50ada;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cc68f9-060d-4bf4-819f-d522d357f0f3}\mpksl0cc50ada.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cc68f9-060d-4bf4-819f-d522d357f0f3}\MpKsl0cc50ada.sys [?]

S1 MpKsl108071ef;MpKsl108071ef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl108071ef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl108071ef.sys [?]

S1 MpKsl1bfbac84;MpKsl1bfbac84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{273d43dc-e31a-4d22-b8d1-1719da5c7fa9}\mpksl1bfbac84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{273d43dc-e31a-4d22-b8d1-1719da5c7fa9}\MpKsl1bfbac84.sys [?]

S1 MpKsl2136f336;MpKsl2136f336;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8750b7bd-1e9c-407e-8fa0-66177a85bef7}\mpksl2136f336.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8750b7bd-1e9c-407e-8fa0-66177a85bef7}\MpKsl2136f336.sys [?]

S1 MpKsl253cf469;MpKsl253cf469;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl253cf469.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl253cf469.sys [?]

S1 MpKsl2715f460;MpKsl2715f460;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{474f868e-5fcc-4c3d-9803-0a6cf3416f79}\mpksl2715f460.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{474f868e-5fcc-4c3d-9803-0a6cf3416f79}\MpKsl2715f460.sys [?]

S1 MpKsl33d8ea0f;MpKsl33d8ea0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f72f6ae1-fdde-4a2f-9897-0ad1e188bc44}\mpksl33d8ea0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f72f6ae1-fdde-4a2f-9897-0ad1e188bc44}\MpKsl33d8ea0f.sys [?]

S1 MpKsl34f82089;MpKsl34f82089;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3695c18e-bd07-459a-a048-d44877954636}\mpksl34f82089.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3695c18e-bd07-459a-a048-d44877954636}\MpKsl34f82089.sys [?]

S1 MpKsl35bfa2b2;MpKsl35bfa2b2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4fb0789-ec71-4da8-b1f6-0815c388b459}\mpksl35bfa2b2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4fb0789-ec71-4da8-b1f6-0815c388b459}\MpKsl35bfa2b2.sys [?]

S1 MpKsl3a761eeb;MpKsl3a761eeb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b438eee4-2590-4057-8138-a6fc9f5f0952}\mpksl3a761eeb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b438eee4-2590-4057-8138-a6fc9f5f0952}\MpKsl3a761eeb.sys [?]

S1 MpKsl4726f673;MpKsl4726f673;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bb18e30-a707-427d-aade-a37793a42db1}\mpksl4726f673.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bb18e30-a707-427d-aade-a37793a42db1}\MpKsl4726f673.sys [?]

S1 MpKsl48d0195c;MpKsl48d0195c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae47e437-f379-41bc-aea5-bab52ff67874}\mpksl48d0195c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae47e437-f379-41bc-aea5-bab52ff67874}\MpKsl48d0195c.sys [?]

S1 MpKsl48e67d88;MpKsl48e67d88;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cf79e82-8498-4f71-9012-b77e0b8592d3}\mpksl48e67d88.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cf79e82-8498-4f71-9012-b77e0b8592d3}\MpKsl48e67d88.sys [?]

S1 MpKsl4daeeaef;MpKsl4daeeaef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8750b7bd-1e9c-407e-8fa0-66177a85bef7}\mpksl4daeeaef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8750b7bd-1e9c-407e-8fa0-66177a85bef7}\MpKsl4daeeaef.sys [?]

S1 MpKsl53c366af;MpKsl53c366af;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl53c366af.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl53c366af.sys [?]

S1 MpKsl540517a3;MpKsl540517a3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cf79e82-8498-4f71-9012-b77e0b8592d3}\mpksl540517a3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7cf79e82-8498-4f71-9012-b77e0b8592d3}\MpKsl540517a3.sys [?]

S1 MpKsl597ddc33;MpKsl597ddc33;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5471e6f-ee26-4545-bd63-7c8e9eb80a79}\mpksl597ddc33.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a5471e6f-ee26-4545-bd63-7c8e9eb80a79}\MpKsl597ddc33.sys [?]

S1 MpKsl5efa5ff7;MpKsl5efa5ff7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl5efa5ff7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl5efa5ff7.sys [?]

S1 MpKsl616c724e;MpKsl616c724e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14c9d0f1-fd68-4219-a13b-85d93caa79ab}\mpksl616c724e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14c9d0f1-fd68-4219-a13b-85d93caa79ab}\MpKsl616c724e.sys [?]

S1 MpKsl6ae18982;MpKsl6ae18982;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14252a7f-bfa4-442d-8c7d-e46747717a8e}\mpksl6ae18982.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14252a7f-bfa4-442d-8c7d-e46747717a8e}\MpKsl6ae18982.sys [?]

S1 MpKsl7047e5e3;MpKsl7047e5e3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5586593c-9d8d-41d5-b8fd-1ca42fe84816}\mpksl7047e5e3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5586593c-9d8d-41d5-b8fd-1ca42fe84816}\MpKsl7047e5e3.sys [?]

S1 MpKsl706bf146;MpKsl706bf146;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a871485-a461-40e7-a3d8-3cf79b01010f}\mpksl706bf146.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0a871485-a461-40e7-a3d8-3cf79b01010f}\MpKsl706bf146.sys [?]

S1 MpKsl75c4996b;MpKsl75c4996b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl75c4996b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl75c4996b.sys [?]

S1 MpKsl7f3d79bd;MpKsl7f3d79bd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f25a1a3-670e-4471-8239-560c5c56070e}\mpksl7f3d79bd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f25a1a3-670e-4471-8239-560c5c56070e}\MpKsl7f3d79bd.sys [?]

S1 MpKsl82e77b4e;MpKsl82e77b4e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl82e77b4e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl82e77b4e.sys [?]

S1 MpKsl94da2b0f;MpKsl94da2b0f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksl94da2b0f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsl94da2b0f.sys [?]

S1 MpKsla3f4103c;MpKsla3f4103c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{273d43dc-e31a-4d22-b8d1-1719da5c7fa9}\mpksla3f4103c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{273d43dc-e31a-4d22-b8d1-1719da5c7fa9}\MpKsla3f4103c.sys [?]

S1 MpKsladc9d2ed;MpKsladc9d2ed;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{10a2e564-770a-4d11-b778-1e6c5021af4b}\mpksladc9d2ed.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{10a2e564-770a-4d11-b778-1e6c5021af4b}\MpKsladc9d2ed.sys [?]

S1 MpKslaf938ae9;MpKslaf938ae9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3376ee0-4369-4130-89f6-9d75181bb987}\mpkslaf938ae9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3376ee0-4369-4130-89f6-9d75181bb987}\MpKslaf938ae9.sys [?]

S1 MpKslb1e93f36;MpKslb1e93f36;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpkslb1e93f36.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKslb1e93f36.sys [?]

S1 MpKslb782a4b6;MpKslb782a4b6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{706484a2-fd5f-409d-a457-7bcfd13de310}\mpkslb782a4b6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{706484a2-fd5f-409d-a457-7bcfd13de310}\MpKslb782a4b6.sys [?]

S1 MpKslb98feb33;MpKslb98feb33;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae47e437-f379-41bc-aea5-bab52ff67874}\mpkslb98feb33.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae47e437-f379-41bc-aea5-bab52ff67874}\MpKslb98feb33.sys [?]

S1 MpKslbc619c15;MpKslbc619c15;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3038f086-2b96-489c-a0f8-404771fda8f7}\mpkslbc619c15.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3038f086-2b96-489c-a0f8-404771fda8f7}\MpKslbc619c15.sys [?]

S1 MpKslc235d109;MpKslc235d109;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpkslc235d109.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKslc235d109.sys [?]

S1 MpKslc7ae3659;MpKslc7ae3659;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bb18e30-a707-427d-aade-a37793a42db1}\mpkslc7ae3659.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bb18e30-a707-427d-aade-a37793a42db1}\MpKslc7ae3659.sys [?]

S1 MpKslc9fecda3;MpKslc9fecda3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d37c3f93-4b6c-4813-9e24-4c6a24903560}\mpkslc9fecda3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d37c3f93-4b6c-4813-9e24-4c6a24903560}\MpKslc9fecda3.sys [?]

S1 MpKslcc844241;MpKslcc844241;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{10a2e564-770a-4d11-b778-1e6c5021af4b}\mpkslcc844241.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{10a2e564-770a-4d11-b778-1e6c5021af4b}\MpKslcc844241.sys [?]

S1 MpKsld05d6cfa;MpKsld05d6cfa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e89977d0-35ad-4e3e-8bb4-526304aa34ff}\mpksld05d6cfa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e89977d0-35ad-4e3e-8bb4-526304aa34ff}\MpKsld05d6cfa.sys [?]

S1 MpKsld4b32fad;MpKsld4b32fad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4fb0789-ec71-4da8-b1f6-0815c388b459}\mpksld4b32fad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4fb0789-ec71-4da8-b1f6-0815c388b459}\MpKsld4b32fad.sys [?]

S1 MpKsld79d61ea;MpKsld79d61ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3376ee0-4369-4130-89f6-9d75181bb987}\mpksld79d61ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3376ee0-4369-4130-89f6-9d75181bb987}\MpKsld79d61ea.sys [?]

S1 MpKsld7f2457c;MpKsld7f2457c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3376ee0-4369-4130-89f6-9d75181bb987}\mpksld7f2457c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3376ee0-4369-4130-89f6-9d75181bb987}\MpKsld7f2457c.sys [?]

S1 MpKslda2efc2b;MpKslda2efc2b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpkslda2efc2b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKslda2efc2b.sys [?]

S1 MpKsle635f567;MpKsle635f567;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpksle635f567.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKsle635f567.sys [?]

S1 MpKsled45b41a;MpKsled45b41a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9764fe66-e94e-4058-a17f-6d284c94f095}\mpksled45b41a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9764fe66-e94e-4058-a17f-6d284c94f095}\MpKsled45b41a.sys [?]

S1 MpKslf1525af6;MpKslf1525af6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\mpkslf1525af6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e86a8b69-09b8-482d-ba8d-8ed51a3cf732}\MpKslf1525af6.sys [?]

S1 MpKslf340f702;MpKslf340f702;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{917ee80b-2e59-4882-ada1-e1001f3bacc2}\mpkslf340f702.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{917ee80b-2e59-4882-ada1-e1001f3bacc2}\MpKslf340f702.sys [?]

S1 MpKslfb4ae75c;MpKslfb4ae75c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cc68f9-060d-4bf4-819f-d522d357f0f3}\mpkslfb4ae75c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cc68f9-060d-4bf4-819f-d522d357f0f3}\MpKslfb4ae75c.sys [?]

S2 LMIRescue_6a6f05b4-3086-423a-8aac-82234c35aa89;LogMeIn Rescue (6a6f05b4-3086-423a-8aac-82234c35aa89);"c:\docume~1\user\locals~1\temp\lmir0001.tmp\lmi_rescue_srv.exe" -service -sid 6a6f05b4-3086-423a-8aac-82234c35aa89 --> c:\docume~1\user\locals~1\temp\lmir0001.tmp\LMI_Rescue_srv.exe [?]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]

.

=============== Created Last 30 ================

.

2011-11-28 18:32:21 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{383b89f5-5546-45e3-9699-fe6327776bf0}\MpKslf420448d.sys

2011-11-28 18:32:07 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{383b89f5-5546-45e3-9699-fe6327776bf0}\offreg.dll

2011-11-27 21:29:18 -------- d-----w- c:\program files\common files\PC Tools

2011-11-27 21:27:50 -------- d-----w- c:\documents and settings\user\application data\TestApp

2011-11-27 21:27:50 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-11-27 18:09:33 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{383b89f5-5546-45e3-9699-fe6327776bf0}\mpengine.dll

2011-11-27 17:52:46 -------- d-----w- c:\program files\Microsoft Security Client

2011-11-27 05:30:23 288768 ----a-w- c:\documents and settings\user\local settings\application data\gvo.exe

2011-11-22 18:44:30 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-11-22 02:28:47 -------- d-----w- c:\documents and settings\all users\application data\VirtualizedApplications

2011-11-22 00:16:21 -------- d-----w- c:\documents and settings\user\local settings\application data\SoftGrid Client

2011-11-22 00:16:19 -------- d-----w- c:\documents and settings\user\application data\SoftGrid Client

2011-11-22 00:08:59 -------- d-----w- c:\documents and settings\user\application data\Dropbox

2011-11-21 22:46:41 -------- d-----w- c:\documents and settings\all users\Microsoft

2011-11-21 22:46:40 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2011-11-21 22:40:21 -------- d-----w- c:\documents and settings\user\application data\TP

2011-11-09 23:08:35 602624 ----a-w- c:\windows\system32\dx7vbC.dll

2011-11-09 23:08:34 65536 ----a-w- c:\windows\system32\FoxCBmp3.dl

2011-11-09 23:08:34 44544 ----a-w- c:\windows\system32\Gif89.dll

2011-11-09 23:08:34 211971 ----a-w- c:\windows\system32\Tabctl32.ocx

2011-11-09 23:08:34 207363 ----a-w- c:\windows\system32\Richtx32.ocx

2011-11-09 23:08:34 141315 ----a-w- c:\windows\system32\Comdlg32.ocx

2011-11-09 23:08:34 131072 ----a-w- c:\windows\system32\ARButton.ocx

2011-11-09 23:08:34 115920 ----a-w- c:\windows\system32\msinet.ocx

2011-11-09 23:08:34 110595 ----a-w- c:\windows\system32\Msscript1.ocx

2011-11-09 23:08:34 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX

2011-11-09 23:08:34 102400 ----a-w- c:\windows\system32\cpvButton.ocx

2011-11-09 23:08:33 844048 ----a-w- c:\windows\system32\Msdxm6.ocx

2011-11-05 04:42:49 -------- d-----w- c:\program files\ADLSoft UnCompressor

.

==================== Find3M ====================

.

2011-11-12 07:58:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 13:55:29.35 ===============

attach.txt

Link to post
Share on other sites

Hello Amber123! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.