Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Trojan Worm Not Sure Plz Help!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 rockstar1960

rockstar1960

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 25 October 2010 - 11:34 AM

This is my brothers computer so I do not know exactly how/when he acquired this virus. I have tried:
Spybot
Malwarebytes.org
AVG
Avast
Adaware
XP virus remover
Windows Malicious Software Removal Tool
CCleaner
and... reloaded windows from the computer-no disks it is an acer aspire one with no disk drives.

I did note that on the first run of Spybot it allegedly found and fixed the Virtumonde Virus. Ran Spybot again and it claimed no threats. Same thing for AVG and Adaware but Avast and Adaware live keep attempting to block a real time threat.

Currently have AVAST and Adaware on the computer and they keep fighting like champs to keep from logging on to mslicious sites. Eventually computer slows to a halt and I have to shut it down and reboot. I followed instructions prior to posting. Here is the DDS log. Please help thanks in advance for your time.

DDS (Ver_10-10-21.02) - NTFSx86
Run by Brad at 11:40:45.64 on Mon 10/25/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.461 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Brad\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1010&m=aoa150
mDefault_Page_URL = hxxp://global.acer.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1010&m=aoa150
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\documents and settings\all users\application data\partner\partner.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brad\applic~1\mozilla\firefox\profiles\m4ly1vt9.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-21 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-22 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1355928]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 254976]
S2 0327211287699455mcinstcleanup;McAfee Application Installer Cleanup (0327211287699455);c:\windows\temp\032721~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\032721~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-10-21 24064]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]
S3 Partner Service;Partner Service;c:\documents and settings\all users\application data\partner\partner.exe [2010-10-21 110576]

=============== Created Last 30 ================

2010-10-22 17:50:44 38848 ----a-w- c:\windows\avastSS.scr
2010-10-22 16:42:14 -------- d-----w- c:\docume~1\brad\locals~1\applic~1\Adobe
2010-10-22 10:46:20 -------- d-----w- c:\docume~1\brad\applic~1\AVG
2010-10-21 23:40:35 -------- d-----w- c:\docume~1\brad\applic~1\AVG10
2010-10-21 23:39:05 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-21 23:37:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-21 23:37:03 -------- d-----w- c:\program files\AVG
2010-10-21 22:38:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-21 22:37:26 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-21 22:37:09 -------- d-----w- c:\program files\Lavasoft
2010-10-21 22:17:14 -------- d-----w- c:\docume~1\brad\locals~1\applic~1\Google
2010-10-21 22:14:01 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2010-10-21 22:14:01 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-10-21 22:14:01 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-10-21 22:14:01 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-10-21 22:14:01 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2010-10-21 22:13:19 125 ----a-w- c:\windows\xUninstall.bat
2010-10-21 22:13:18 110080 ----a-w- c:\windows\system32\JmCrIcon.dll
2010-10-21 22:13:18 -------- d-----w- c:\windows\JMCR_DIR
2010-10-21 22:13:13 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-10-21 22:13:13 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-10-21 22:13:12 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-10-21 22:13:12 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-10-21 22:13:12 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-10-21 22:13:10 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-10-21 22:13:09 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-10-21 22:11:33 -------- d-----w- c:\program files\common files\CrystalEye
2010-10-21 22:10:58 4342912 ----a-w- c:\windows\system32\acer.exe
2010-10-21 22:10:55 83554304 ----a-w- c:\windows\system32\acer.scr
2010-10-21 22:10:46 -------- d-----w- c:\program files\Acer Incorporated
2010-10-21 22:10:45 -------- d-----w- c:\windows\ACER
2010-10-21 22:05:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Partner
2010-10-21 22:05:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-21 22:04:34 -------- d-----w- c:\program files\Launch Manager
2010-10-21 21:57:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-10-21 21:57:44 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-10-21 21:57:44 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-10-21 21:57:41 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-10-21 21:57:28 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-10-21 21:57:23 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-10-21 21:57:20 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-10-21 21:57:19 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-10-21 21:54:49 -------- d-----w- c:\program files\ConsumerSoft
2010-10-21 21:51:55 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-10-21 21:51:49 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-21 21:51:46 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-10-21 21:51:43 -------- d-----w- c:\windows\WebCam
2010-10-21 21:51:42 91136 ----a-w- c:\windows\kswdmcap.ax
2010-10-21 21:51:42 61952 ----a-w- c:\windows\kstvtune.ax
2010-10-21 21:51:42 28672 ----a-w- c:\windows\vidcap.ax
2010-10-21 21:51:41 53760 ----a-w- c:\windows\vfwwdm32.dll
2010-10-21 21:51:41 43008 ----a-w- c:\windows\ksxbar.ax
2010-10-21 21:51:38 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-10-21 21:49:49 -------- d---a-w- c:\windows\AcerStore
2010-10-21 20:34:39 -------- d-----w- c:\windows\pss
2010-10-21 20:03:38 -------- d-----w- c:\program files\CCleaner
2010-10-21 19:49:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-10-21 21:49:51 3 ----a-w- c:\windows\HotFix.bat
2010-10-21 21:49:51 139 ----a-w- c:\windows\HotFix2.bat

============= FINISH: 11:42:18.09 ===============

Attached Files


Edited by rockstar1960, 25 October 2010 - 11:40 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:28 AM

Posted 25 October 2010 - 12:40 PM

Hello rockstar1960 ,

Posted Image

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You may have to temporarily uninstall AdAware and Spybot all together. Those 2 are notorious for interfering. <_<

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to rockstar.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 rockstar1960

rockstar1960
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 26 October 2010 - 11:21 AM

Hi Teacup

thanks for your help. I did what you wrote and here is a copy of the log.

thanks again

ComboFix 10-10-25.04 - Brad 10/26/2010 11:36:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.771 [GMT -4:00]
Running from: c:\documents and settings\Brad\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-26 to 2010-10-26 )))))))))))))))))))))))))))))))
.

2010-10-22 10:45 . 2010-10-26 15:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-21 23:39 . 2010-10-21 23:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-21 23:37 . 2010-10-22 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-21 23:37 . 2010-10-22 10:44 -------- d-----w- c:\program files\AVG
2010-10-21 22:37 . 2010-10-26 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-10-21 22:14 . 2007-04-13 15:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2010-10-21 22:14 . 2006-03-30 17:06 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2010-10-21 22:14 . 2006-03-23 16:02 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-10-21 22:14 . 2005-12-09 13:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2010-10-21 22:14 . 2004-11-03 13:06 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2010-10-21 22:13 . 2010-10-21 22:13 125 ----a-w- c:\windows\xUninstall.bat
2010-10-21 22:13 . 2010-10-21 22:13 -------- d-----w- c:\windows\JMCR_DIR
2010-10-21 22:13 . 2008-05-14 10:53 110080 ----a-w- c:\windows\system32\JmCrIcon.dll
2010-10-21 22:13 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-10-21 22:13 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-10-21 22:13 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-10-21 22:13 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-10-21 22:13 . 2005-04-04 02:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-10-21 22:13 . 2010-10-21 22:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-10-21 22:13 . 2010-10-21 22:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-10-21 22:11 . 2010-10-21 22:11 -------- d-----w- c:\program files\Common Files\CrystalEye
2010-10-21 22:10 . 2008-06-13 21:43 4342912 ----a-w- c:\windows\system32\acer.exe
2010-10-21 22:10 . 2007-04-19 17:41 83554304 ----a-w- c:\windows\system32\acer.scr
2010-10-21 22:10 . 2010-10-21 22:10 -------- d-----w- c:\program files\Acer Incorporated
2010-10-21 22:10 . 2010-10-21 22:11 -------- d-----w- c:\windows\ACER
2010-10-21 22:05 . 2010-10-21 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Partner
2010-10-21 22:05 . 2010-10-21 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-21 22:05 . 2010-10-21 19:35 -------- d-----w- c:\program files\Google
2010-10-21 22:04 . 2010-10-21 22:04 -------- d-----w- c:\program files\Launch Manager
2010-10-21 21:58 . 2010-10-25 15:37 -------- d-----w- c:\documents and settings\Brad
2010-10-21 21:57 . 2008-04-14 04:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-10-21 21:57 . 2008-04-15 03:00 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-10-21 21:57 . 2008-04-14 09:42 16384 ----a-w- c:\windows\system32\ipsink.ax
2010-10-21 21:57 . 2008-04-15 03:00 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-10-21 21:57 . 2008-04-14 04:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-10-21 21:57 . 2010-10-21 21:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2010-10-21 21:57 . 2008-04-14 04:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-10-21 21:57 . 2008-04-14 04:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-10-21 21:57 . 2008-04-14 04:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-10-21 21:54 . 2010-10-26 15:03 -------- d-----w- c:\program files\ConsumerSoft
2010-10-21 21:51 . 2008-04-14 12:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-10-21 21:51 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-21 21:51 . 2008-04-15 03:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-10-21 21:51 . 2010-10-21 21:51 -------- d-----w- c:\windows\WebCam
2010-10-21 21:51 . 2008-04-14 09:42 91136 ----a-w- c:\windows\kswdmcap.ax
2010-10-21 21:51 . 2008-04-14 09:42 61952 ----a-w- c:\windows\kstvtune.ax
2010-10-21 21:51 . 2008-04-14 09:42 28672 ----a-w- c:\windows\vidcap.ax
2010-10-21 21:51 . 2008-04-14 09:42 43008 ----a-w- c:\windows\ksxbar.ax
2010-10-21 21:51 . 2008-04-14 09:42 53760 ----a-w- c:\windows\vfwwdm32.dll
2010-10-21 21:51 . 2008-04-15 03:00 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-10-21 21:49 . 2010-10-21 21:49 -------- d---a-w- c:\windows\AcerStore
2010-10-21 20:44 . 2010-10-21 20:44 -------- d-----w- c:\documents and settings\Administrator
2010-10-21 20:03 . 2010-10-21 20:03 -------- d-----w- c:\program files\CCleaner
2010-10-21 19:49 . 2010-10-21 19:49 -------- d-----w- c:\program files\Alwil Software
2010-10-21 19:49 . 2010-10-21 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 21:49 . 2004-09-21 21:28 3 ----a-w- c:\windows\HotFix.bat
2010-10-21 21:49 . 2004-06-26 00:13 139 ----a-w- c:\windows\HotFix2.bat
2010-09-13 20:27 . 2010-09-13 20:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-10-21 22:05 157168 ----a-w- c:\documents and settings\All Users\Application Data\Partner\partner.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"M3000Mnt"="M3000Rmv.dll " [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-21 24064]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]

c:\documents and settings\Brad\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/5/2008 12:01 PM 254976]
S2 0327211287699455mcinstcleanup;McAfee Application Installer Cleanup (0327211287699455);c:\windows\TEMP\032721~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\032721~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/21/2010 6:05 PM 24064]
S3 Partner Service;Partner Service;c:\documents and settings\All Users\Application Data\Partner\partner.exe [10/21/2010 6:05 PM 110576]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1010&m=aoa150
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1010&m=aoa150
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\m4ly1vt9.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-26 12:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
Windows 5.1.2600

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86326446]<<
1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x863CE8D8]
2 nt[0x804E1397] -> CLASSPNP.SYS[0xF7767FD7] -> \Device\Harddisk0\DR0[0x863CE8D8]
3 CLASSPNP[0xF7767FD7] -> nt!IofCallDriver[0x804E1397] -> \Device\0000008b[0x863C2318]
4 nt[0x804E1397] -> ACPI.sys[0xF765E620] -> \Device\0000008b[0x863C2318]
5 ACPI[0xF765E620] -> nt!IofCallDriver[0x804E1397] -> [0x863D1940]
\Driver\atapi[0x863DEA28] -> IRP_MJ_CREATE -> 0x86326446
6 nt[0x804E1397] -> UNKNOWN[0x86326449] -> [0x863D1940]
kernel: MBR read successfully
detected hooks:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHitachi_HTS543212L9A300_________________FBBOC40C#383038303331424642303030474c424333414136#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xf776bf28
\Driver\ACPI -> ACPI.sys @ 0xf765ecb8
\Driver\atapi DriverStartIo -> 0x86326292
\Driver\atapi -> atapi.sys @ 0xf75fe852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
SecurityProcedure -> ntoskrnl.exe @ 0x805d9696
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e6686
SecurityProcedure -> ntoskrnl.exe @ 0x805d9696
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf74c6bd4
PacketIndicateHandler -> NDIS.sys @ 0xf74b4a0d
SendHandler -> NDIS.sys @ 0xf74c8b40
user != kernel MBR !!!
sectors 234441395 (+252): user != kernel

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\Brad\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2010-10-26 12:14:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-26 16:14

Pre-Run: 105,561,411,584 bytes free
Post-Run: 105,504,792,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - FAF4FA06B3D9DF3E4BA41BF11E1ECD98

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:28 AM

Posted 26 October 2010 - 12:13 PM

You're welcome, and Thanks :thumbup2:

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 rockstar1960

rockstar1960
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 26 October 2010 - 02:17 PM

Hi Tea,
thanks for the quick reply
followed your instructions. Says it cured one item and rebooted.

here is the log

2010/10/26 14:59:54.0515 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/26 14:59:54.0515 ================================================================================
2010/10/26 14:59:54.0515 SystemInfo:
2010/10/26 14:59:54.0515
2010/10/26 14:59:54.0515 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/26 14:59:54.0515 Product type: Workstation
2010/10/26 14:59:54.0515 ComputerName: ACER-6E40E97492
2010/10/26 14:59:54.0515 UserName: Brad
2010/10/26 14:59:54.0515 Windows directory: C:\WINDOWS
2010/10/26 14:59:54.0515 System windows directory: C:\WINDOWS
2010/10/26 14:59:54.0515 Processor architecture: Intel x86
2010/10/26 14:59:54.0515 Number of processors: 2
2010/10/26 14:59:54.0515 Page size: 0x1000
2010/10/26 14:59:54.0515 Boot type: Normal boot
2010/10/26 14:59:54.0515 ================================================================================
2010/10/26 14:59:55.0078 Initialize success
2010/10/26 15:00:05.0234 ================================================================================
2010/10/26 15:00:05.0234 Scan started
2010/10/26 15:00:05.0234 Mode: Manual;
2010/10/26 15:00:05.0234 ================================================================================
2010/10/26 15:00:06.0609 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/26 15:00:08.0015 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/26 15:00:08.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/26 15:00:09.0687 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/26 15:00:10.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/26 15:00:11.0375 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys
2010/10/26 15:00:11.0906 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/26 15:00:12.0671 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/26 15:00:13.0375 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/26 15:00:13.0968 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/26 15:00:14.0687 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/26 15:00:15.0468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/26 15:00:16.0171 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/26 15:00:16.0937 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/26 15:00:17.0609 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/26 15:00:18.0937 AR5416 (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/10/26 15:00:20.0875 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/26 15:00:21.0687 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/26 15:00:22.0234 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/26 15:00:23.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/26 15:00:23.0875 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/26 15:00:24.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/26 15:00:25.0671 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/26 15:00:26.0437 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/10/26 15:00:28.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/26 15:00:28.0859 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/26 15:00:29.0562 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/26 15:00:30.0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/26 15:00:31.0078 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/26 15:00:31.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/26 15:00:32.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/26 15:00:33.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/26 15:00:34.0281 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/26 15:00:34.0937 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/26 15:00:35.0656 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/26 15:00:36.0343 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/26 15:00:37.0125 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/26 15:00:37.0984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/26 15:00:38.0750 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/26 15:00:39.0515 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/10/26 15:00:40.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/26 15:00:42.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/26 15:00:42.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/26 15:00:43.0546 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/26 15:00:44.0296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/26 15:00:45.0046 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/26 15:00:45.0812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/26 15:00:46.0625 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/26 15:00:47.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/26 15:00:48.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/26 15:00:48.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/26 15:00:49.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/26 15:00:50.0500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/26 15:00:51.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/26 15:00:52.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/26 15:00:52.0828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/26 15:00:53.0578 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/26 15:00:54.0390 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/26 15:00:55.0296 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/26 15:00:55.0953 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/26 15:00:56.0703 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/26 15:01:00.0703 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/26 15:01:07.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/26 15:01:08.0640 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/26 15:01:12.0093 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/26 15:01:15.0531 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/26 15:01:16.0234 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/26 15:01:16.0937 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/26 15:01:17.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/26 15:01:18.0343 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/26 15:01:19.0093 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/26 15:01:19.0968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/26 15:01:20.0750 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/26 15:01:21.0265 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/26 15:01:22.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/26 15:01:22.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/26 15:01:23.0750 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/26 15:01:25.0140 M3000Srv (8da3ac548c6ef91b284dcff1a84be3db) C:\WINDOWS\system32\Drivers\M3000KNT.sys
2010/10/26 15:01:25.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/26 15:01:26.0625 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/26 15:01:27.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/26 15:01:28.0046 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/26 15:01:28.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/26 15:01:29.0593 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/26 15:01:30.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/26 15:01:31.0515 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/26 15:01:32.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/26 15:01:33.0375 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/26 15:01:34.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/26 15:01:34.0718 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/26 15:01:35.0453 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/26 15:01:36.0078 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/26 15:01:36.0906 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/26 15:01:37.0734 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/26 15:01:38.0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/26 15:01:39.0359 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/26 15:01:40.0000 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/26 15:01:40.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/26 15:01:41.0484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/26 15:01:42.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/26 15:01:43.0062 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/26 15:01:43.0906 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/26 15:01:44.0812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/26 15:01:45.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/26 15:01:46.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/26 15:01:47.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/26 15:01:48.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/26 15:01:48.0843 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/26 15:01:49.0609 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/26 15:01:50.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/26 15:01:51.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/26 15:01:52.0187 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/26 15:01:53.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/26 15:01:55.0406 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/26 15:01:56.0093 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/26 15:01:56.0890 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/26 15:01:57.0625 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/26 15:01:58.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/26 15:01:59.0062 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/26 15:01:59.0843 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/26 15:02:00.0640 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/26 15:02:01.0328 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/26 15:02:02.0093 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/26 15:02:02.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/26 15:02:03.0515 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/26 15:02:04.0203 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/26 15:02:04.0921 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/26 15:02:05.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/26 15:02:06.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/26 15:02:07.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/26 15:02:08.0234 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/26 15:02:09.0000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/26 15:02:09.0859 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/10/26 15:02:10.0578 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/26 15:02:11.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/26 15:02:11.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/26 15:02:12.0953 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/26 15:02:13.0718 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/26 15:02:14.0375 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/26 15:02:14.0921 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/26 15:02:15.0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/26 15:02:16.0468 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/26 15:02:17.0515 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/26 15:02:18.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/26 15:02:18.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/26 15:02:19.0687 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/26 15:02:20.0453 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/26 15:02:21.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/26 15:02:21.0953 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/26 15:02:22.0687 SynTP (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/26 15:02:23.0421 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/26 15:02:24.0343 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/26 15:02:24.0953 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/26 15:02:25.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/26 15:02:26.0359 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/26 15:02:27.0062 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/26 15:02:27.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/26 15:02:28.0546 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/26 15:02:29.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/26 15:02:30.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/26 15:02:31.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/26 15:02:31.0859 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/26 15:02:32.0640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/26 15:02:33.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/26 15:02:34.0000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/26 15:02:34.0781 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/26 15:02:35.0546 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/26 15:02:36.0328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/26 15:02:37.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/26 15:02:38.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/26 15:02:38.0968 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/26 15:02:39.0734 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/26 15:02:40.0156 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/26 15:02:40.0156 ================================================================================
2010/10/26 15:02:40.0156 Scan finished
2010/10/26 15:02:40.0156 ================================================================================
2010/10/26 15:02:40.0281 Detected object count: 1
2010/10/26 15:03:04.0093 \HardDisk0\MBR - will be cured after reboot
2010/10/26 15:03:04.0093 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/26 15:03:09.0781 Deinitialize success

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:28 AM

Posted 26 October 2010 - 03:46 PM

Excellent. :thumbup2: I wasn't sure which one you were dealing with until I saw the ComboFix log...you had the latest, tdl4 rootkit. How is it running now? It should be much better. :)

Have a scan with MBAM, if you haven't already, and make sure it's working all right and coming up clean. Post the report if anything shows up on it, please. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 rockstar1960

rockstar1960
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 27 October 2010 - 07:15 AM

Hi Tea
I'm not sure if it's all fixed or not. I ran MBAM. No threats found. I put AVAST back on to surf the net and have some protection and it is not showing any malicious website activity.

It's slow to start and it's slow to launch the browser. But it seems better especially the fact that its not showing any malicious sites. Any thoughts on anti-spyware? I am using AVAST, and SPybot on my computer.

thanks again

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:28 AM

Posted 27 October 2010 - 12:04 PM

Hi there,

Good that everything looks clean. :thumbup2: I did see bits of McAfee going....do you use it? I also see AVG. If all 3 of those are running, then that could be causing the slowness you describe.

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

If you're going to keep Avast!, it's fine, then if you like MBAM I would keep and use that and do away with Spybot. It isn't as efficient as it used to be. I actually stopped recommending it some time ago.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 rockstar1960

rockstar1960
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 31 October 2010 - 05:31 AM

Hi Tea,

Thanks again for all your help. I followed all of your instructions and I think I've got him back to where he can finally use his computer. I returned it to him but he's out of town. I'll have a full report when he gets back but everything I see makes me believe all is well. THANK YOU!!

I have Spybot, CLAM AV and Avast on my computer. Do you think those three are okay for protection?

b

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:28 AM

Posted 31 October 2010 - 11:18 AM

You're most welcome :)

Only one AV....take out that Clam and keep Avast!. Spybot is all right if you aren't a heavy or risky surfer. MBAM is the most efficient for current infections, not Spybot, as I said in my other post. If your computer is XP, then I would recommend a third party firewall like Comodo or Kerio. If W7.....well I don't run one on my W7 because the protection is better in the built in Windows one than in XP. If you're a heavy or risky user, then put one on anyway. :thumbup2:

Have a great Sunday!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 rockstar1960

rockstar1960
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 01 November 2010 - 05:42 AM

Hi Tea,
Does MBAM run in the background or is it only a program I can run occasionally to scan for Malware? It's never found anything. I don't think I'm too risky of a surfer but you know how the internet can be, deceiving when you're looking for something. I took Spybot and CLAM AV off and it doesn't seem to be running any faster. But, it never was all that slow. I am running XP so I will look into those third party firewalls.

Thanks again for all your help. Hope you had a great weekend.

b

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:28 AM

Posted 02 November 2010 - 12:06 PM

Does MBAM run in the background or is it only a program I can run occasionally to scan for Malware?

It does have a real time protection, but unless it's changed I think it depends on which version you get. Have a look at your options here: http:\\Malwarebytes.org I didn't suggest removing those programs for speed, but quality. :wink:

You're most welcome. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 rockstar1960

rockstar1960
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 03 November 2010 - 05:31 AM

Thanks Tea,

I'll keep Malware up and running with Avast. My speeds good I'm just a little apprehensive to no longer have AVG, Adaware, and Spybot with only Avast (and MBAM) as protection.

Thanks again for all your help.

b

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:28 AM

Posted 03 November 2010 - 12:02 PM

Hello,

You're welcome. :)

When you run more than one AntiVirus at a time you actually have less protection because the two have to fight each other for resources and cannot do their jobs properly. Now if you like you can keep them both (AVG and Avast!), but leave one of them disabled and every once in a while do an on demand scan. But they cannot both run real time shields at the same time. MBAM is simply replacing Spybot and AdAware. You aren't losing anything at all, I promise you. I would never recommend anything I thought wasn't going to give you the best protection. I do understand the apprehension, but I expect that will diminish over time.

If you have any questions, please do ask. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 rockstar1960

rockstar1960
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 06 November 2010 - 06:14 AM

Hi T

Thanks again for all your help!. I will follow your recommendations. My brother could not believe you were able to salvage his little Acer and he is quite happy. I'll be moving on to another problem I've got with a Home computer that I think is a hardware issue. You inspired me to get it going.

Take care,

b




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users