Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Phishing Attack Pretends to be a Office 365 Non-Delivery Email

Featured Deal: Get 98% off the 2018 CompTIA Certification Training Bundle: Lifetime Access Deal

Photo

Internet Explorer / Firefox wont load

Started by shihalud , Feb 06 2010 11:15 PM

  • This topic is locked This topic is locked
10 replies to this topic

#1 shihalud

shihalud

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Arlington, TX
  • Local time:04:15 PM

Posted 06 February 2010 - 11:15 PM

Attached File  Attach.txt   7.79KB   16 downloadsWorking on a computer for a friend. the problem is Internet explorer nor Firefox (new install from USB drive) will load, I get the error that there is a problem and the program has stopped working. I downloaded AVG for Free 9.9 (can't install no internet connection), same for Spybot Search and Destroy. Also downloaded Malwarebites, but could not install - I try and run as administrator and the hour galss appears for a second like it was going to start the installation and just quits. Was able to run Defoggger, HijackThis, and DDR. Extracted GMER but when I try to run the program I get the same error as IE and Firefox. Since I cannot get to the internet (I am connect to my network and have local and internet capability), I had to download all of the programs and install via usb drive. When I boot the machine I get an error that says "MSASCui.exe failed to initialize", and Windows Security Center wont run properly either - it also states Windows defender stopped. Tried to do a system restore, but Vista says that there are no restore points available.

On the DEsktop there is a shortcut for the following program:

c:\Program Data\08517526\08517526.exe.

Norton 360 will not run.

UPDATE: changed name of gmer.exe and was able to run and have attached the file.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Da Quayster at 20:58:34.35 on Sat 02/06/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1305 [GMT -6:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.0.30\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.0.30\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.0.30\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [richtx64.exe] c:\users\daquay~1\appdata\local\temp\richtx64.exe
uRun: [Malware Defense] "c:\program files\malware defense\mdefense.exe" -noscan
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
StartupFolder: c:\users\daquay~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vongot~1.lnk - c:\windows\installer\{8c3ae2d1-854d-4650-a73d-c7cc7ee36b80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.0.30\CoIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305000.01e\SymEFA.sys [2010-1-24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305000.01e\BHDrvx86.sys [2010-1-24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305000.01e\cchpx86.sys [2010-1-24 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090712.001\IDSvix86.sys [2010-1-24 293424]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0305000.01e\symndisv.sys [2010-1-24 48688]
S2 N360;Norton 360;c:\program files\norton 360\engine\3.5.0.30\ccSvcHst.exe [2010-1-24 117640]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]

=============== Created Last 30 ================

2010-02-07 02:57:26 0 ----a-w- c:\users\da quayster\defogger_reenable
2010-02-07 02:04:24 0 d-----w- c:\program files\Trend Micro
2010-02-07 02:01:14 0 d-----w- c:\users\daquay~1\appdata\roaming\AVG8
2010-01-25 00:56:07 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-25 00:55:54 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-25 00:55:54 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-25 00:55:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-25 00:55:53 0 d-----w- c:\program files\Symantec
2010-01-25 00:55:50 0 d-----w- c:\programdata\Symantec
2010-01-25 00:53:54 0 d-----w- c:\windows\system32\drivers\N360
2010-01-25 00:53:43 0 d-----w- c:\program files\Norton 360
2010-01-25 00:46:38 0 d-----w- c:\users\da quayster\Office Genuine Advantage
2010-01-25 00:43:35 0 d-----w- c:\programdata\PCSettings
2010-01-25 00:43:34 0 d-----w- c:\programdata\Norton
2010-01-25 00:42:49 0 d-----w- c:\programdata\NortonInstaller
2010-01-25 00:42:49 0 d-----w- c:\program files\NortonInstaller
2010-01-10 07:03:12 23090 ----a-w- c:\windows\hpqins15.dat
2010-01-10 03:59:11 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-09 21:34:48 0 d-----w- C:\8ffd17ed6056df97f92371a21ae2ff12
2010-01-09 01:26:19 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-09 01:20:51 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-01-09 01:20:51 272384 ----a-w- c:\windows\system32\schannel.dll

==================== Find3M ====================

2010-01-25 00:56:00 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-25 00:56:00 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-25 00:56:00 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-22 03:56:56 28409 ----a-w- c:\programdata\nvModes.dat
2010-01-11 00:03:41 174 --sha-w- c:\program files\desktop.ini
2010-01-10 23:51:02 101376 ----a-w- c:\windows\system32\ifxcardm.dll
2010-01-10 23:50:26 79872 ----a-w- c:\windows\system32\axaltocm.dll
2010-01-10 23:40:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-28 18:59:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-28 18:58:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-21 20:44:23 58736 ----a-w- C:\symlcsv1.exe
2009-11-30 05:10:54 268800 ----a-w- c:\windows\system32\es.dll
2009-11-28 19:01:11 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-11-28 19:01:11 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-11-28 19:01:10 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-11-28 19:01:10 272896 ----a-w- c:\windows\system32\polstore.dll
2009-11-28 18:59:46 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-28 18:59:46 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-28 18:59:46 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-28 18:57:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-28 18:57:55 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-28 18:57:55 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-28 18:57:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-28 18:57:55 15360 ----a-w- c:\windows\system32\netevent.dll
2009-11-28 18:57:55 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-28 18:57:55 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-28 18:57:55 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-28 18:57:54 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-28 18:57:53 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-11-28 18:57:53 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-11-28 18:52:50 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-11-28 18:52:50 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-11-28 18:52:44 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-11-28 18:52:39 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-11-28 18:51:11 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-11-28 18:49:51 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-28 18:49:49 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-11-28 18:49:49 502784 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-28 18:49:49 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-28 18:49:49 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-28 18:49:48 299520 ----a-w- c:\windows\system32\wlansec.dll
2009-11-28 18:49:48 14827 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-11-28 18:48:13 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-28 18:48:12 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-28 18:48:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-28 18:48:12 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-28 18:46:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-11-28 18:46:35 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-11-28 18:46:35 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-28 18:46:35 24064 ----a-w- c:\windows\system32\lpk.dll
2009-11-28 18:46:35 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-11-28 18:46:35 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-28 18:45:06 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-11-28 18:45:05 7680 ----a-w- c:\windows\system32\lsass.exe
2009-11-28 18:45:05 72704 ----a-w- c:\windows\system32\secur32.dll
2009-11-28 18:45:05 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-28 18:45:05 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-11-28 18:43:27 2855424 ----a-w- c:\windows\system32\mf.dll
2009-11-28 18:43:26 98816 ----a-w- c:\windows\system32\mfps.dll
2009-11-28 18:43:26 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-11-28 18:43:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-11-28 18:43:26 2048 ----a-w- c:\windows\system32\mferror.dll
2009-11-28 18:41:39 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 18:35:01 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-28 18:33:51 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-11-28 18:30:00 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-28 18:30:00 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-28 18:27:35 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-11-28 18:27:35 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-11-28 18:26:26 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-11-28 18:25:15 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-11-28 18:25:15 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-11-28 18:25:15 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-11-28 18:23:59 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-11-28 18:20:25 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-11-28 18:16:37 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-11-28 18:16:36 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-11-28 18:16:36 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-28 18:12:42 696832 ----a-w- c:\windows\system32\localspl.dll
2009-11-28 18:11:37 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-11-28 18:11:37 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-11-28 18:11:37 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-11-28 18:11:37 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-28 18:11:37 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-11-28 18:11:37 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-11-28 18:08:18 2923520 ----a-w- c:\windows\explorer.exe
2009-11-28 18:07:17 8704 ----a-w- c:\windows\system32\hcrstco.dll
2009-11-28 18:07:17 8704 ----a-w- c:\windows\system32\hccoin.dll
2009-11-28 18:06:25 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-11-28 17:59:40 1585664 ----a-w- c:\windows\system32\setupapi.dll
2009-11-28 17:56:44 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-11-28 17:56:42 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-11-28 17:56:42 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-11-28 17:56:41 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-11-28 17:56:41 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-11-28 17:56:41 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-11-28 17:56:41 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-11-28 17:56:40 53248 ----a-w- c:\windows\system32\iasads.dll
2009-11-28 17:56:40 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-11-28 17:56:40 158720 ----a-w- c:\windows\system32\sdohlp.dll

============= FINISH: 21:01:27.54 ===============

Attached Files

  • Attached File  ark.txt   43.45KB   5 downloads
  • Attached File  ark.txt   43.45KB   15 downloads

Edited by shihalud, 07 February 2010 - 02:50 PM.

BC AdBot (Login to Remove)

 

#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 PM

Posted 13 February 2010 - 08:31 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 shihalud

shihalud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Arlington, TX
  • Local time:04:15 PM

Posted 15 February 2010 - 08:08 PM

I am here

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 PM

Posted 15 February 2010 - 08:23 PM

Okay, Gmer has found the rootkit which we need to remove.

As rootkits like to stop our tools (and it's already stopped some of yours) we need to run a small program first.

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.

Next we can run Combofix, this will remove this particular rootkit.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 shihalud

shihalud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Arlington, TX
  • Local time:04:15 PM

Posted 16 February 2010 - 12:05 AM

Here is the first log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Da Quayster on 02/15/2010 at 21:29:22.


Processes terminated by Rkill or while it was running:


C:\Windows\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe


Rkill completed on 02/15/2010 at 21:29:26.

And the second:

ComboFix 10-02-12.01 - Da Quayster 02/15/2010 21:44:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.950 [GMT -6:00]
Running from: c:\users\Da Quayster\Desktop\comfix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-686472627-498462119-808489602-500
c:\$recycle.bin\S-1-5-21-747642811-3982433225-4087218088-500
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\AV\Uninstall.lnk
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{9CF965E5-181D-4EEC-B0DA-625F672FBFDA}\setup.msi
c:\users\Da Quayster\Desktop\Security Tool.lnk
c:\windows\system32\drivers\H8SRTvdblouahou.sys
c:\windows\system32\H8SRTaghbfvudkb.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTpqtkkbuqxj.dll
c:\windows\system32\H8SRTrcqgpsxpme.dat
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTvnyijjbteu.dll
c:\windows\system32\H8SRTvwpyrrpdtx.dll
c:\windows\system32\KBL.LOG
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-16 04:02 . 2010-01-25 00:55 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-02-16 03:58 . 2010-02-16 04:12 -------- d-----w- c:\users\Da Quayster\AppData\Local\temp
2010-02-16 03:58 . 2010-02-16 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-16 03:40 . 2010-01-25 00:55 562544 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-07 04:18 . 2010-02-07 04:18 -------- d-----w- c:\users\Da Quayster\AppData\Local\Mozilla
2010-02-07 02:04 . 2010-02-07 02:04 -------- d-----w- c:\program files\Trend Micro
2010-02-07 02:01 . 2010-02-07 02:01 -------- d-----w- c:\users\Da Quayster\AppData\Roaming\AVG8
2010-01-25 01:14 . 2010-01-25 01:14 -------- d-----w- c:\users\Da Quayster\AppData\Local\Symantec
2010-01-25 00:56 . 2010-01-25 00:55 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-25 00:54 . 2010-01-25 00:54 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\CCERASER.DLL
2010-01-25 00:53 . 2010-01-25 00:53 -------- d-----w- c:\windows\system32\drivers\N360
2010-01-25 00:53 . 2010-01-25 00:54 -------- d-----w- c:\program files\Norton 360
2010-01-25 00:46 . 2010-01-25 00:46 -------- d-----w- c:\users\Da Quayster\Office Genuine Advantage
2010-01-25 00:43 . 2010-01-25 00:43 -------- d-----w- c:\programdata\PCSettings
2010-01-25 00:43 . 2010-01-25 00:43 -------- d-----w- c:\programdata\Norton
2010-01-25 00:42 . 2010-01-25 00:58 -------- d-----w- c:\programdata\NortonInstaller
2010-01-25 00:42 . 2010-01-25 00:42 -------- d-----w- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 03:50 . 2007-12-06 03:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-16 03:25 . 2009-11-28 21:53 28409 ----a-w- c:\programdata\nvModes.dat
2010-01-25 01:01 . 2010-01-25 00:55 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-25 01:01 . 2010-01-25 00:55 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-25 01:01 . 2010-01-25 00:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-25 01:01 . 2010-01-25 00:55 -------- d-----w- c:\program files\Symantec
2010-01-10 23:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-10 23:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-10 23:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-10 23:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-10 23:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-01-10 23:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-01-10 23:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-10 23:51 . 2006-11-02 10:32 101376 ----a-w- c:\windows\system32\ifxcardm.dll
2010-01-10 23:50 . 2006-11-02 10:32 79872 ----a-w- c:\windows\system32\axaltocm.dll
2010-01-10 23:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-10 07:04 . 2010-01-10 07:04 -------- d-----w- c:\users\Da Quayster\AppData\Roaming\HPAppData
2010-01-10 07:03 . 2010-01-10 07:03 23090 ----a-w- c:\windows\hpqins15.dat
2010-01-10 07:03 . 2007-12-06 04:51 -------- d-----w- c:\program files\HP
2010-01-10 07:01 . 2007-12-06 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 06:57 . 2007-12-06 03:04 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-10 06:54 . 2008-03-02 20:25 -------- d-----w- c:\users\Da Quayster\AppData\Roaming\Hewlett-Packard
2010-01-09 01:26 . 2010-01-09 01:26 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-12-30 00:37 . 2009-12-30 00:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-30 00:36 . 2009-12-30 00:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-30 00:35 . 2008-02-03 11:32 -------- d-----w- c:\program files\CONEXANT
2009-12-30 00:31 . 2009-12-30 00:31 -------- d-----w- c:\program files\Microsoft
2009-12-28 18:59 . 2009-12-28 18:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-28 18:58 . 2009-12-28 18:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-12-27 00:57 . 2009-12-27 00:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-27 00:56 . 2009-12-27 00:55 -------- d-----w- c:\program files\LeapFrog
2009-12-27 00:56 . 2009-12-27 00:56 28696928 ----a-w- c:\programdata\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-12-27 00:55 . 2009-12-27 00:55 6969680 ----a-w- c:\programdata\Leapfrog\LeapFrog Connect\Updates\TagJuniorPlugin.exe
2009-12-27 00:55 . 2009-12-27 00:55 -------- d-----w- c:\programdata\Leapfrog
2009-12-25 16:53 . 2009-12-25 16:53 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-24 19:27 . 2009-12-24 19:27 -------- d-----w- c:\programdata\McAfee
2009-12-23 17:57 . 2008-02-03 11:52 -------- d-----w- c:\programdata\NVIDIA
2009-12-22 15:31 . 2009-12-22 15:31 -------- d-----w- c:\programdata\McAfee Security Scan
2009-12-21 22:23 . 2009-12-20 20:10 -------- d-----w- c:\programdata\08517526
2009-12-21 20:44 . 2009-12-21 20:44 58736 ----a-w- C:\symlcsv1.exe
2009-12-21 20:42 . 2008-03-23 18:53 7620 ----a-w- c:\users\Da Quayster\AppData\Local\d3d9caps.dat
2009-12-21 18:00 . 2009-12-13 23:43 -------- d-----w- c:\users\Da Quayster\AppData\Roaming\Reg Tool
2009-12-19 19:26 . 2008-03-02 20:35 108248 ----a-w- c:\users\Da Quayster\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 19:17 . 2007-12-06 04:46 -------- d-----w- c:\programdata\Microsoft Help
2009-12-18 22:45 . 2007-12-06 04:24 -------- d-----w- c:\program files\Microsoft Works
2009-12-08 03:14 . 2009-12-08 03:14 1230960 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2009-12-08 02:04 . 2009-12-08 02:04 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7F4E.tmp.exe
2009-11-30 05:10 . 2009-11-30 05:10 268800 ----a-w- c:\windows\system32\es.dll
2009-11-28 19:01 . 2009-11-28 19:01 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-11-28 19:01 . 2009-11-28 19:01 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-11-28 19:01 . 2009-11-28 19:01 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-11-28 19:01 . 2009-11-28 19:01 272896 ----a-w- c:\windows\system32\polstore.dll
2009-11-28 18:59 . 2009-11-28 18:59 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-28 18:59 . 2009-11-28 18:59 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-28 18:59 . 2009-11-28 18:59 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-28 18:52 . 2009-11-28 18:52 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-11-28 18:52 . 2009-11-28 18:52 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-11-28 18:52 . 2009-11-28 18:52 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-11-28 18:52 . 2009-11-28 18:52 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-11-28 18:52 . 2009-11-28 18:52 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-11-28 18:52 . 2009-11-28 18:52 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2009-11-28 18:52 . 2009-11-28 18:52 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2009-11-28 18:52 . 2009-11-28 18:52 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2009-11-28 18:52 . 2009-11-28 18:52 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-11-28 18:51 . 2009-11-28 18:51 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-11-28 18:51 . 2009-11-28 18:51 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-11-28 18:49 . 2009-11-28 18:49 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-28 18:49 . 2009-11-28 18:49 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-11-28 18:49 . 2009-11-28 18:49 502784 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-28 18:49 . 2009-11-28 18:49 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-28 18:49 . 2009-11-28 18:49 289280 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-28 18:49 . 2009-11-28 18:49 299520 ----a-w- c:\windows\system32\wlansec.dll
2009-11-28 18:49 . 2009-11-28 18:49 14827 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-11-28 18:48 . 2009-11-28 18:48 1260032 ----a-w- c:\windows\system32\msxml3.dll
2009-11-28 18:48 . 2009-11-28 18:48 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-28 18:48 . 2009-11-28 18:48 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-28 18:48 . 2009-11-28 18:48 1406464 ----a-w- c:\windows\system32\msxml6.dll
2009-11-28 18:46 . 2009-11-28 18:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-11-28 18:46 . 2009-11-28 18:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-11-28 18:46 . 2009-11-28 18:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-28 18:46 . 2009-11-28 18:46 24064 ----a-w- c:\windows\system32\lpk.dll
2009-11-28 18:46 . 2009-11-28 18:46 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-11-28 18:46 . 2009-11-28 18:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-28 18:45 . 2009-11-28 18:45 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-11-28 18:45 . 2009-11-28 18:45 7680 ----a-w- c:\windows\system32\lsass.exe
2009-11-28 18:45 . 2009-11-28 18:45 72704 ----a-w- c:\windows\system32\secur32.dll
2009-11-28 18:45 . 2009-11-28 18:45 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-11-28 18:45 . 2009-11-28 18:45 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-28 18:45 . 2009-11-28 18:45 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-11-28 18:43 . 2009-11-28 18:43 2855424 ----a-w- c:\windows\system32\mf.dll
2009-11-28 18:43 . 2009-11-28 18:43 98816 ----a-w- c:\windows\system32\mfps.dll
2009-11-28 18:43 . 2009-11-28 18:43 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-11-28 18:43 . 2009-11-28 18:43 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-11-28 18:43 . 2009-11-28 18:43 2048 ----a-w- c:\windows\system32\mferror.dll
2009-11-28 18:41 . 2009-11-28 18:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 18:35 . 2009-11-28 18:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-28 18:33 . 2009-11-28 18:33 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-11-28 18:32 . 2009-11-28 18:32 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-11-28 18:32 . 2009-11-28 18:32 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-11-28 18:30 . 2009-11-28 18:30 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-11-28 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-06 1006264]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-12-5 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305000.01E\SymEFA.sys [1/24/2010 6:55 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305000.01E\BHDrvx86.sys [1/24/2010 6:55 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305000.01E\cchpx86.sys [1/24/2010 6:55 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys [1/24/2010 6:55 PM 293424]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.0.30\ccSvcHst.exe [1/24/2010 6:55 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/24/2010 6:55 PM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305000.01E\symndisv.sys [1/24/2010 6:55 PM 48688]
S3 FlyUsb;FLY Fusion;c:\windows\System32\drivers\FlyUsb.sys [6/18/2007 6:21 PM 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\HPCeeScheduleForDa Quayster.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-12-06 19:58]

2010-02-11 c:\windows\Tasks\Reg Tool Scan.job
- c:\program files\Reg Tool\Reg Tool.exe [2009-12-11 21:41]

2010-02-16 c:\windows\Tasks\User_Feed_Synchronization-{4D7FC7DB-B821-4BB1-9276-E65E03269F60}.job
- c:\windows\system32\msfeedssync.exe [2009-12-12 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 22:13
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.0.30\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2740)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\windows\system32\stobject.dll
c:\windows\System32\netshell.dll
c:\windows\system32\imapi2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-02-15 22:17:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-16 04:17

Pre-Run: 109,651,832,832 bytes free
Post-Run: 109,802,971,136 bytes free

- - End Of File - - 3215C841949D51272546C910CB63DCB5

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 PM

Posted 16 February 2010 - 07:36 AM

That's dealt with the rootkit. Let's see if it left anything behind.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Thanks thumbup2.gif

Posted Image
m0le is a proud member of UNITE

#7 shihalud

shihalud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Arlington, TX
  • Local time:04:15 PM

Posted 17 February 2010 - 08:27 PM

I still cannot open IE or Firefox I get the following error:

Illegal operation attempted on a registry key that is marked for deletion.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 PM

Posted 17 February 2010 - 09:14 PM

Can you reboot the machine and try again.
Posted Image
m0le is a proud member of UNITE

#9 shihalud

shihalud
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Arlington, TX
  • Local time:04:15 PM

Posted 20 February 2010 - 12:45 AM

Ok I restarted the machine and all is working apparently. I ran the scan as requested, but the machine was turned off by someone on my family before I could export the log. So I ran it again and there were no infections found. Thanks so much for your help.

I have attached a screen print of the files the quarantine folder

Attached Files


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 PM

Posted 20 February 2010 - 06:13 AM

Good job getting the log file screenshot. It shows all is now well with the PC.


You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Java cache was hiding something so let's clear the cache completely.

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it shihalud, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:15 PM

Posted 24 February 2010 - 07:50 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·