Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus hijacks internet start page and stops avg and malwarebytes from working


  • This topic is locked This topic is locked
12 replies to this topic

#1 JoelCo

JoelCo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 04 October 2011 - 02:01 PM

I have a desktop running Windows XP Pro.

I seem to have a virus that was causing my computer to freeze and has made AVG take instant scans of nothing and wont let me use Malwarebytes from opening. My Firefox home page also seems to have been changed.
Unfortunately, when I googled this problem I came across a link to combofix and ran it before coming to this forum and learning that I should not do so. When running Combofix, I got a message saying that it would take some time to run because I have a "rootkit". I then had to restart my computer several times.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Joel at 13:40:39 on 2011-10-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.364 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
D:\PROGRA~1\AVG\AVG10\avgchsvx.exe
D:\PROGRA~1\AVG\AVG10\avgrsx.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\AVG\AVG10\avgwdsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\AVG\AVG10\avgnsx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\stsystra.exe
D:\Program Files\Creative\Mixer\CTSVolFE.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Real\RealPlayer\update\realsched.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\AVG\AVG10\avgtray.exe
D:\Program Files\Nuance\PaperPort\pptd40nt.exe
D:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
D:\Program Files\Browny02\Brother\BrStMonW.exe
D:\Program Files\Citrix\ICA Client\concentr.exe
D:\Program Files\ControlCenter4\BrCtrlCntr.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
D:\Program Files\Browny02\BrYNSvc.exe
D:\Program Files\Citrix\ICA Client\wfcrun32.exe
D:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
D:\Program Files\ControlCenter4\BrCcUxSys.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg10\avgssie.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - d:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] d:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IDTSysTrayApp] sttray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSVolFE] "d:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "d:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] d:\program files\avg\avg10\avgtray.exe
mRun: [IndexSearch] "d:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "d:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "d:\program files\nuance\paperport\ereg\ereg.exe" -r "d:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] d:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] d:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] d:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] d:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [ConnectionCenter] "d:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - d:\program files\airlink101\airlink101 wlan monitor\RtWLan.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - d:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303500042062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{E90C4230-A485-413D-8090-CF572B898893} : DhcpNameServer = 167.206.254.2 167.206.254.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\joel\application data\mozilla\firefox\profiles\qahn9krd.default\
FF - plugin: d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npicaN.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R1 ctxusbm;Citrix USB Monitor Driver;d:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 avgwd;AVG WatchDog;d:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;d:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 BrYNSvc;BrYNSvc;d:\program files\browny02\BrYNSvc.exe [2011-5-18 245760]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;d:\windows\system32\drivers\RTL8192su.sys [2011-4-22 594048]
.
=============== Created Last 30 ================
.
2011-10-04 16:41:09 208896 ----a-w- d:\windows\MBR.exe
2011-10-04 16:41:08 98816 ----a-w- d:\windows\sed.exe
2011-10-04 16:41:08 518144 ----a-w- d:\windows\SWREG.exe
2011-10-04 16:41:08 256000 ----a-w- d:\windows\PEV.exe
2011-10-04 16:13:16 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-09-15 17:54:33 -------- d-----w- d:\documents and settings\joel\.gstreamer-0.10
2011-09-15 17:54:19 -------- d-----w- d:\documents and settings\joel\application data\ZumoCast
2011-09-15 17:54:06 -------- d-----w- d:\program files\Zecter
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-06 04:35:01 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00:50 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-15 13:29:31 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 13:42:01.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 PM

Posted 08 October 2011 - 04:37 PM

Please post the ComboFix Log(s)


(located at c:\combofix.txt - older logs > c:\qoobox\cpmbofix2.txt)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 JoelCo

JoelCo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 08 October 2011 - 08:35 PM

Since I posted, I uninstalled and reinstalled both Malwarebyes and AVG and they are now working. I realize that there may still be an underlying virus that could allow this problem again in the future, so I am posting the Combofix log.
Thanks.

ComboFix 11-10-04.04 - Joel 10/04/2011 12:51:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.608 [GMT -4:00]
Running from: d:\documents and settings\Joel\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Joel\Application Data\78B6.E78
d:\program files\StartNow Toolbar
d:\program files\StartNow Toolbar\Resources\images\btn-msn.png
d:\program files\StartNow Toolbar\Resources\images\chevronButton.png
d:\program files\StartNow Toolbar\Resources\images\engine_images.png
d:\program files\StartNow Toolbar\Resources\images\engine_maps.png
d:\program files\StartNow Toolbar\Resources\images\engine_news.png
d:\program files\StartNow Toolbar\Resources\images\engine_videos.png
d:\program files\StartNow Toolbar\Resources\images\engine_web.png
d:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
d:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
d:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
d:\program files\StartNow Toolbar\Resources\images\icon_games.png
d:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
d:\program files\StartNow Toolbar\Resources\images\icon_travel.png
d:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
d:\program files\StartNow Toolbar\Resources\images\separator.png
d:\program files\StartNow Toolbar\Resources\images\splitter.png
d:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
d:\program files\StartNow Toolbar\Resources\installer.xml
d:\program files\StartNow Toolbar\Resources\protect\index.html
d:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
d:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
d:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
d:\program files\StartNow Toolbar\Resources\protect\window.css
d:\program files\StartNow Toolbar\Resources\protect\window.js
d:\program files\StartNow Toolbar\Resources\reactivate\index.html
d:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
d:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
d:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
d:\program files\StartNow Toolbar\Resources\reactivate\window.css
d:\program files\StartNow Toolbar\Resources\reactivate\window.js
d:\program files\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
d:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
d:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
d:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
d:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
d:\program files\StartNow Toolbar\Resources\toolbar.xml
d:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
d:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
d:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
d:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
d:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
d:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
d:\program files\StartNow Toolbar\Resources\update.xml
d:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
d:\program files\StartNow Toolbar\Toolbar32.dll
d:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
d:\program files\StartNow Toolbar\uninstall.dat
d:\windows\$NtUninstallKB38200$
d:\windows\$NtUninstallKB38200$\3099120255\@
d:\windows\$NtUninstallKB38200$\3099120255\bckfg.tmp
d:\windows\$NtUninstallKB38200$\3099120255\cfg.ini
d:\windows\$NtUninstallKB38200$\3099120255\Desktop.ini
d:\windows\$NtUninstallKB38200$\3099120255\keywords
d:\windows\$NtUninstallKB38200$\3099120255\kwrd.dll
d:\windows\$NtUninstallKB38200$\3099120255\L\hevcdrng
d:\windows\$NtUninstallKB38200$\3099120255\lsflt7.ver
d:\windows\$NtUninstallKB38200$\3099120255\U\00000001.@
d:\windows\$NtUninstallKB38200$\3099120255\U\00000002.@
d:\windows\$NtUninstallKB38200$\3099120255\U\80000000.@
d:\windows\$NtUninstallKB38200$\3099120255\U\80000032.@
d:\windows\$NtUninstallKB38200$\85472439
d:\windows\system32\d3d9caps.dat
.
Infected copy of d:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - d:\system volume information\_restore{8DC2D2F6-D752-4429-BF2A-66E01BFE2BFA}\RP142\A0009695.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_b8b8d27f
-------\Legacy_Toolbar_Updater_Service
-------\Legacy_Toolbar_Updater_Service
-------\Service_Toolbar Updater Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 16:13 . 2011-10-04 16:13 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 00:55 . 2011-10-03 00:55 -------- d-----w- d:\program files\Microsoft Silverlight
2011-09-15 17:54 . 2011-10-04 16:20 -------- d-----w- d:\documents and settings\Joel\.gstreamer-0.10
2011-09-15 17:54 . 2011-10-04 17:05 -------- d-----w- d:\documents and settings\Joel\Application Data\ZumoCast
2011-09-15 17:54 . 2011-09-15 17:54 -------- d-----w- d:\program files\Zecter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-06 04:35 . 2011-05-26 00:08 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 21:00 . 2011-04-29 00:08 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- d:\windows\system32\drivers\ndistapi.sys
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- d:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- d:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- d:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- d:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- d:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- d:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- d:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- d:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- d:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- d:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-10-04 15:26 . 2011-04-22 19:18 134104 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="d:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"ZumoCast"="d:\program files\Zecter\ZumoCast\ZumoLauncher.lnk" [2011-10-04 1625]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"CTSVolFE"="d:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="d:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-28 273544]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"AVG_TRAY"="d:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"IndexSearch"="d:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="d:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="d:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="d:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="d:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="d:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="d:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"ConnectionCenter"="d:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLink101 Wireless Monitor.lnk - d:\program files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe [2011-4-22 897024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0d:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Airlink101\\Airlink101 WLAN Monitor\\RtWLan.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Brother\\Brmfl10f\\FAXRX.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"d:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"d:\\Program Files\\Zecter\\ZumoCast\\zumocast.exe"=
"d:\\Program Files\\Zecter\\ZumoCast\\bin\\gst-thumbnailer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 297168]
R1 ctxusbm;Citrix USB Monitor Driver;d:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;d:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 12:40 AM 144672]
R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 5:17 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
R3 BrYNSvc;BrYNSvc;d:\program files\Browny02\BrYNSvc.exe [5/18/2011 2:31 PM 245760]
S0 cerc6;cerc6; [x]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;d:\windows\system32\drivers\RTL8192su.sys [4/22/2011 3:12 PM 594048]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1770027372-1177238915-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-09-28 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1770027372-1177238915-1003.job
- d:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-10-04 d:\windows\Tasks\User_Feed_Synchronization-{9DF4FED5-81CA-4B73-AE5C-88D23AE00CAF}.job
- d:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - d:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
FF - ProfilePath - d:\documents and settings\Joel\Application Data\Mozilla\Firefox\Profiles\qahn9krd.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-StartNow Toolbar - d:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-04 13:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3196)
d:\windows\system32\WININET.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\progra~1\AVG\AVG10\avgchsvx.exe
d:\progra~1\AVG\AVG10\avgrsx.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\AVG\AVG10\avgnsx.exe
d:\windows\stsystra.exe
d:\program files\ControlCenter4\BrCtrlCntr.exe
d:\program files\Citrix\ICA Client\wfcrun32.exe
d:\program files\ControlCenter4\BrCcUxSys.exe
d:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
d:\program files\Zecter\ZumoCast\ZumoCast.exe
d:\program files\Zecter\ZumoCast\bin\gst-thumbnailer.exe
.
**************************************************************************
.
Completion time: 2011-10-04 13:07:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-04 17:07
.
Pre-Run: 99,545,194,496 bytes free
Post-Run: 100,161,798,144 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8A89E2FB46349CBFF7330D6C793E9E9F

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 PM

Posted 08 October 2011 - 08:51 PM

Please run the following:

  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 JoelCo

JoelCo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 08 October 2011 - 09:06 PM

I believe that in my case the C: drive is a backup and the D: drive is the main drive. Can you tailor the instructions for that? I tried to make changes to the command you sent to reflect that but I don't think I got it right.
Thanks

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 PM

Posted 08 October 2011 - 10:40 PM

Hi

My apologies, I should have noticed that


try this:

  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (D:\Windows).
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s d:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste or attach the content of it in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 JoelCo

JoelCo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 08 October 2011 - 11:10 PM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\d:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\d:\\System Volume Information: Access is denied.


...

...



...

...

...

..
Failed to open \\?\d:\\Program Files\AVG\AVG10\avgcsrvx.exe: Access is denied.



Failed to open \\?\d:\\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe: Access is denied.


.

...

...

...

...

...

...

.
Failed to open \\?\d:\\Qoobox\BackEnv: Access is denied.


..

...

...

...

...

...

...

...

...

...No reparse points found.




00:09:01.0640 4944 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
00:09:02.0109 4944 ============================================================
00:09:02.0109 4944 Current date / time: 2011/10/09 00:09:02.0109
00:09:02.0109 4944 SystemInfo:
00:09:02.0109 4944
00:09:02.0109 4944 OS Version: 5.1.2600 ServicePack: 3.0
00:09:02.0109 4944 Product type: Workstation
00:09:02.0109 4944 ComputerName: JOEL-C84A85BF73
00:09:02.0109 4944 UserName: Joel
00:09:02.0109 4944 Windows directory: D:\WINDOWS
00:09:02.0109 4944 System windows directory: D:\WINDOWS
00:09:02.0109 4944 Processor architecture: Intel x86
00:09:02.0109 4944 Number of processors: 2
00:09:02.0109 4944 Page size: 0x1000
00:09:02.0109 4944 Boot type: Normal boot
00:09:02.0109 4944 ============================================================
00:09:04.0484 4944 Initialize success
00:09:13.0484 3592 ============================================================
00:09:13.0484 3592 Scan started
00:09:13.0484 3592 Mode: Manual;
00:09:13.0484 3592 ============================================================
00:09:14.0531 3592 Abiosdsk - ok
00:09:14.0562 3592 abp480n5 - ok
00:09:14.0656 3592 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys
00:09:14.0656 3592 ACPI - ok
00:09:14.0703 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
00:09:14.0703 3592 ACPIEC - ok
00:09:14.0734 3592 adpu160m - ok
00:09:14.0812 3592 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys
00:09:14.0828 3592 aec - ok
00:09:14.0890 3592 AegisP (30bb1bde595ca65fd5549462080d94e5) D:\WINDOWS\system32\DRIVERS\AegisP.sys
00:09:14.0890 3592 AegisP - ok
00:09:14.0953 3592 AFD (355556d9e580915118cd7ef736653a89) D:\WINDOWS\System32\drivers\afd.sys
00:09:14.0984 3592 AFD - ok
00:09:15.0015 3592 Aha154x - ok
00:09:15.0046 3592 aic78u2 - ok
00:09:15.0078 3592 aic78xx - ok
00:09:15.0140 3592 AliIde - ok
00:09:15.0156 3592 amsint - ok
00:09:15.0218 3592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) D:\WINDOWS\system32\DRIVERS\arp1394.sys
00:09:15.0218 3592 Arp1394 - ok
00:09:15.0250 3592 asc - ok
00:09:15.0281 3592 asc3350p - ok
00:09:15.0312 3592 asc3550 - ok
00:09:15.0421 3592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:09:15.0437 3592 AsyncMac - ok
00:09:15.0515 3592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys
00:09:15.0531 3592 atapi - ok
00:09:15.0578 3592 Atdisk - ok
00:09:15.0609 3592 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:09:15.0609 3592 Atmarpc - ok
00:09:15.0687 3592 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
00:09:15.0687 3592 audstub - ok
00:09:15.0781 3592 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) D:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
00:09:15.0796 3592 AVGIDSDriver - ok
00:09:15.0843 3592 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) D:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
00:09:15.0843 3592 AVGIDSEH - ok
00:09:15.0875 3592 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) D:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
00:09:15.0890 3592 AVGIDSFilter - ok
00:09:15.0984 3592 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) D:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
00:09:15.0984 3592 AVGIDSShim - ok
00:09:16.0062 3592 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) D:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:09:16.0078 3592 Avgldx86 - ok
00:09:16.0109 3592 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) D:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:09:16.0109 3592 Avgmfx86 - ok
00:09:16.0140 3592 Avgrkx86 (f2038ed7284b79dcef581468121192a9) D:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:09:16.0140 3592 Avgrkx86 - ok
00:09:16.0203 3592 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) D:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:09:16.0218 3592 Avgtdix - ok
00:09:16.0281 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
00:09:16.0296 3592 Beep - ok
00:09:16.0375 3592 bvrp_pci - ok
00:09:16.0390 3592 catchme - ok
00:09:16.0437 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
00:09:16.0437 3592 cbidf2k - ok
00:09:16.0500 3592 CCDECODE (0be5aef125be881c4f854c554f2b025c) D:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:09:16.0515 3592 CCDECODE - ok
00:09:16.0531 3592 cd20xrnt - ok
00:09:16.0593 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
00:09:16.0609 3592 Cdaudio - ok
00:09:16.0656 3592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys
00:09:16.0656 3592 Cdfs - ok
00:09:16.0687 3592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys
00:09:16.0687 3592 Cdrom - ok
00:09:16.0703 3592 cerc6 - ok
00:09:16.0734 3592 Changer - ok
00:09:16.0828 3592 CmdIde - ok
00:09:16.0937 3592 Cpqarray - ok
00:09:17.0062 3592 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) D:\WINDOWS\system32\DRIVERS\ctxusbm.sys
00:09:17.0062 3592 ctxusbm - ok
00:09:17.0093 3592 dac2w2k - ok
00:09:17.0125 3592 dac960nt - ok
00:09:17.0203 3592 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys
00:09:17.0218 3592 Disk - ok
00:09:17.0296 3592 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys
00:09:17.0328 3592 dmboot - ok
00:09:17.0390 3592 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys
00:09:17.0390 3592 dmio - ok
00:09:17.0421 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
00:09:17.0421 3592 dmload - ok
00:09:17.0515 3592 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys
00:09:17.0515 3592 DMusic - ok
00:09:17.0593 3592 dpti2o - ok
00:09:17.0640 3592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys
00:09:17.0640 3592 drmkaud - ok
00:09:17.0703 3592 E100B (95974e66d3de4951d29e28e8bc0b644c) D:\WINDOWS\system32\DRIVERS\e100b325.sys
00:09:17.0718 3592 E100B - ok
00:09:17.0843 3592 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys
00:09:17.0859 3592 Fastfat - ok
00:09:17.0921 3592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\drivers\Fdc.sys
00:09:17.0921 3592 Fdc - ok
00:09:17.0968 3592 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys
00:09:17.0968 3592 Fips - ok
00:09:18.0000 3592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\drivers\Flpydisk.sys
00:09:18.0000 3592 Flpydisk - ok
00:09:18.0078 3592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:09:18.0078 3592 FltMgr - ok
00:09:18.0125 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
00:09:18.0125 3592 Fs_Rec - ok
00:09:18.0187 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:09:18.0203 3592 Ftdisk - ok
00:09:18.0234 3592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys
00:09:18.0250 3592 Gpc - ok
00:09:18.0281 3592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:09:18.0281 3592 HDAudBus - ok
00:09:18.0343 3592 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys
00:09:18.0343 3592 hidusb - ok
00:09:18.0375 3592 hpn - ok
00:09:18.0437 3592 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys
00:09:18.0437 3592 HTTP - ok
00:09:18.0484 3592 i2omgmt - ok
00:09:18.0515 3592 i2omp - ok
00:09:18.0593 3592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\drivers\i8042prt.sys
00:09:18.0593 3592 i8042prt - ok
00:09:18.0656 3592 iastor (80c633722da72e97f3f5b3b11325696d) D:\WINDOWS\system32\drivers\iastor.sys
00:09:18.0656 3592 iastor - ok
00:09:18.0718 3592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys
00:09:18.0734 3592 Imapi - ok
00:09:18.0765 3592 ini910u - ok
00:09:18.0812 3592 IntelIde - ok
00:09:18.0890 3592 intelppm (8c953733d8f36eb2133f5bb58808b66b) D:\WINDOWS\system32\DRIVERS\intelppm.sys
00:09:18.0890 3592 intelppm - ok
00:09:18.0921 3592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:09:18.0921 3592 Ip6Fw - ok
00:09:18.0984 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:09:19.0000 3592 IpFilterDriver - ok
00:09:19.0015 3592 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys
00:09:19.0015 3592 IpInIp - ok
00:09:19.0093 3592 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys
00:09:19.0093 3592 IpNat - ok
00:09:19.0140 3592 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys
00:09:19.0140 3592 IPSec - ok
00:09:19.0156 3592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys
00:09:19.0171 3592 IRENUM - ok
00:09:19.0234 3592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys
00:09:19.0234 3592 isapnp - ok
00:09:19.0281 3592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:09:19.0281 3592 Kbdclass - ok
00:09:19.0312 3592 kbdhid (9ef487a186dea361aa06913a75b3fa99) D:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:09:19.0312 3592 kbdhid - ok
00:09:19.0375 3592 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys
00:09:19.0375 3592 kmixer - ok
00:09:19.0421 3592 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys
00:09:19.0437 3592 KSecDD - ok
00:09:19.0500 3592 lbrtfdc - ok
00:09:19.0640 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
00:09:19.0656 3592 mnmdd - ok
00:09:19.0703 3592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys
00:09:19.0703 3592 Modem - ok
00:09:19.0765 3592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys
00:09:19.0781 3592 Mouclass - ok
00:09:19.0859 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
00:09:19.0859 3592 mouhid - ok
00:09:19.0875 3592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys
00:09:19.0875 3592 MountMgr - ok
00:09:19.0921 3592 mraid35x - ok
00:09:19.0968 3592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:09:19.0968 3592 MRxDAV - ok
00:09:20.0031 3592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:09:20.0046 3592 MRxSmb - ok
00:09:20.0093 3592 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys
00:09:20.0093 3592 Msfs - ok
00:09:20.0140 3592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys
00:09:20.0140 3592 MSKSSRV - ok
00:09:20.0187 3592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:09:20.0187 3592 MSPCLOCK - ok
00:09:20.0234 3592 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys
00:09:20.0234 3592 MSPQM - ok
00:09:20.0312 3592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:09:20.0312 3592 mssmbios - ok
00:09:20.0359 3592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) D:\WINDOWS\system32\drivers\MSTEE.sys
00:09:20.0359 3592 MSTEE - ok
00:09:20.0406 3592 Mup (de6a75f5c270e756c5508d94b6cf68f5) D:\WINDOWS\system32\drivers\Mup.sys
00:09:20.0406 3592 Mup - ok
00:09:20.0453 3592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:09:20.0453 3592 NABTSFEC - ok
00:09:20.0515 3592 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys
00:09:20.0515 3592 NDIS - ok
00:09:20.0562 3592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) D:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:09:20.0562 3592 NdisIP - ok
00:09:20.0625 3592 NdisTapi (0109c4f3850dfbab279542515386ae22) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:09:20.0625 3592 NdisTapi - ok
00:09:20.0671 3592 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:09:20.0671 3592 Ndisuio - ok
00:09:20.0703 3592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:09:20.0703 3592 NdisWan - ok
00:09:20.0750 3592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys
00:09:20.0765 3592 NDProxy - ok
00:09:20.0796 3592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys
00:09:20.0796 3592 NetBIOS - ok
00:09:20.0828 3592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys
00:09:20.0828 3592 NetBT - ok
00:09:21.0031 3592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) D:\WINDOWS\system32\DRIVERS\nic1394.sys
00:09:21.0046 3592 NIC1394 - ok
00:09:21.0109 3592 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys
00:09:21.0109 3592 Npfs - ok
00:09:21.0140 3592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys
00:09:21.0156 3592 Ntfs - ok
00:09:21.0234 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
00:09:21.0234 3592 Null - ok
00:09:21.0281 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:09:21.0281 3592 NwlnkFlt - ok
00:09:21.0312 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:09:21.0312 3592 NwlnkFwd - ok
00:09:21.0375 3592 ohci1394 (ca33832df41afb202ee7aeb05145922f) D:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:09:21.0375 3592 ohci1394 - ok
00:09:21.0437 3592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\drivers\Parport.sys
00:09:21.0437 3592 Parport - ok
00:09:21.0468 3592 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys
00:09:21.0468 3592 PartMgr - ok
00:09:21.0515 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
00:09:21.0531 3592 ParVdm - ok
00:09:21.0562 3592 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys
00:09:21.0562 3592 PCI - ok
00:09:21.0593 3592 PCIDump - ok
00:09:21.0640 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
00:09:21.0640 3592 PCIIde - ok
00:09:21.0718 3592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys
00:09:21.0718 3592 Pcmcia - ok
00:09:21.0750 3592 PDCOMP - ok
00:09:21.0781 3592 PDFRAME - ok
00:09:21.0812 3592 PDRELI - ok
00:09:21.0859 3592 PDRFRAME - ok
00:09:21.0890 3592 perc2 - ok
00:09:21.0937 3592 perc2hib - ok
00:09:22.0078 3592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys
00:09:22.0078 3592 PptpMiniport - ok
00:09:22.0125 3592 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys
00:09:22.0125 3592 PSched - ok
00:09:22.0171 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
00:09:22.0171 3592 Ptilink - ok
00:09:22.0218 3592 ql1080 - ok
00:09:22.0250 3592 Ql10wnt - ok
00:09:22.0281 3592 ql12160 - ok
00:09:22.0312 3592 ql1240 - ok
00:09:22.0328 3592 ql1280 - ok
00:09:22.0390 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
00:09:22.0406 3592 RasAcd - ok
00:09:22.0453 3592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:09:22.0453 3592 Rasl2tp - ok
00:09:22.0515 3592 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:09:22.0531 3592 RasPppoe - ok
00:09:22.0546 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
00:09:22.0546 3592 Raspti - ok
00:09:22.0578 3592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys
00:09:22.0593 3592 Rdbss - ok
00:09:22.0609 3592 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:09:22.0609 3592 RDPCDD - ok
00:09:22.0687 3592 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:09:22.0687 3592 rdpdr - ok
00:09:22.0781 3592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) D:\WINDOWS\system32\drivers\RDPWD.sys
00:09:22.0781 3592 RDPWD - ok
00:09:22.0859 3592 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys
00:09:22.0859 3592 redbook - ok
00:09:23.0062 3592 RTL8192su (b29eeb1ea7971bd83069eb2e2258d224) D:\WINDOWS\system32\DRIVERS\RTL8192su.sys
00:09:23.0078 3592 RTL8192su - ok
00:09:23.0171 3592 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys
00:09:23.0171 3592 Secdrv - ok
00:09:23.0250 3592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\drivers\Serial.sys
00:09:23.0250 3592 Serial - ok
00:09:23.0312 3592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys
00:09:23.0312 3592 Sfloppy - ok
00:09:23.0359 3592 Simbad - ok
00:09:23.0421 3592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) D:\WINDOWS\system32\DRIVERS\SLIP.sys
00:09:23.0421 3592 SLIP - ok
00:09:23.0453 3592 Sparrow - ok
00:09:23.0500 3592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys
00:09:23.0500 3592 splitter - ok
00:09:23.0562 3592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys
00:09:23.0562 3592 sr - ok
00:09:23.0640 3592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys
00:09:23.0656 3592 Srv - ok
00:09:23.0750 3592 STHDA (2a2dc39623adef8ab3703ab9fac4b440) D:\WINDOWS\system32\drivers\sthda.sys
00:09:23.0765 3592 STHDA - ok
00:09:23.0812 3592 StillCam (a9573045baa16eab9b1085205b82f1ed) D:\WINDOWS\system32\DRIVERS\serscan.sys
00:09:23.0828 3592 StillCam - ok
00:09:23.0921 3592 streamip (77813007ba6265c4b6098187e6ed79d2) D:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:09:23.0921 3592 streamip - ok
00:09:23.0953 3592 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys
00:09:23.0953 3592 swenum - ok
00:09:24.0000 3592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys
00:09:24.0000 3592 swmidi - ok
00:09:24.0031 3592 symc810 - ok
00:09:24.0062 3592 symc8xx - ok
00:09:24.0093 3592 sym_hi - ok
00:09:24.0140 3592 sym_u3 - ok
00:09:24.0187 3592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys
00:09:24.0187 3592 sysaudio - ok
00:09:24.0250 3592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys
00:09:24.0250 3592 Tcpip - ok
00:09:24.0281 3592 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys
00:09:24.0296 3592 TDPIPE - ok
00:09:24.0343 3592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys
00:09:24.0343 3592 TDTCP - ok
00:09:24.0375 3592 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys
00:09:24.0375 3592 TermDD - ok
00:09:24.0421 3592 TosIde - ok
00:09:24.0531 3592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys
00:09:24.0546 3592 Udfs - ok
00:09:24.0562 3592 ultra - ok
00:09:24.0656 3592 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys
00:09:24.0656 3592 Update - ok
00:09:24.0796 3592 usbaudio (e919708db44ed8543a7c017953148330) D:\WINDOWS\system32\drivers\usbaudio.sys
00:09:24.0812 3592 usbaudio - ok
00:09:24.0843 3592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:09:24.0843 3592 usbccgp - ok
00:09:24.0890 3592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys
00:09:24.0890 3592 usbehci - ok
00:09:24.0953 3592 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys
00:09:24.0953 3592 usbhub - ok
00:09:25.0015 3592 usbprint (a717c8721046828520c9edf31288fc00) D:\WINDOWS\system32\DRIVERS\usbprint.sys
00:09:25.0046 3592 usbprint - ok
00:09:25.0078 3592 usbstor (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:09:25.0078 3592 usbstor - ok
00:09:25.0093 3592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:09:25.0109 3592 usbuhci - ok
00:09:25.0140 3592 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) D:\WINDOWS\system32\Drivers\usbvideo.sys
00:09:25.0140 3592 usbvideo - ok
00:09:25.0187 3592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys
00:09:25.0203 3592 VgaSave - ok
00:09:25.0218 3592 ViaIde - ok
00:09:25.0265 3592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys
00:09:25.0265 3592 VolSnap - ok
00:09:25.0328 3592 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys
00:09:25.0328 3592 Wanarp - ok
00:09:25.0359 3592 WDICA - ok
00:09:25.0406 3592 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys
00:09:25.0421 3592 wdmaud - ok
00:09:25.0640 3592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:09:25.0640 3592 WSTCODEC - ok
00:09:25.0781 3592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:09:25.0984 3592 \Device\Harddisk0\DR0 - ok
00:09:26.0015 3592 Boot (0x1200) (a412be13b44d9f90428757148f4138ed) \Device\Harddisk0\DR0\Partition0
00:09:26.0015 3592 \Device\Harddisk0\DR0\Partition0 - ok
00:09:26.0046 3592 Boot (0x1200) (32cf2c5a5a392cf8c3ba8cd2b25b80fd) \Device\Harddisk0\DR0\Partition1
00:09:26.0062 3592 \Device\Harddisk0\DR0\Partition1 - ok
00:09:26.0062 3592 ============================================================
00:09:26.0062 3592 Scan finished
00:09:26.0062 3592 ============================================================
00:09:26.0093 4996 Detected object count: 0
00:09:26.0093 4996 Actual detected object count: 0
00:09:46.0671 4476 Deinitialize success

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 PM

Posted 08 October 2011 - 11:33 PM

Hi

Please do the following:

Please run the following:
  • please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:


d:\\System Volume Information
d:\\Program Files\AVG\AVG10\avgcsrvx.exe
d:\\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe


  • Now Click Unlock.
  • When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.



NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 JoelCo

JoelCo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 09 October 2011 - 09:56 AM

Thanks again!



GrantPerms by Farbar
Ran by Joel at 2011-10-09 10:05:57

===============================================
\\?\d:\\System Volume Information

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


\\?\d:\\Program Files\AVG\AVG10\avgcsrvx.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\d:\\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)









Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7908

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/9/2011 10:11:35 AM
mbam-log-2011-10-09 (10-11-35).txt

Scan type: Quick scan
Objects scanned: 159193
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



D:\Qoobox\Quarantine\D\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application
D:\Qoobox\Quarantine\D\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
D:\Qoobox\Quarantine\D\WINDOWS\system32\drivers\cdrom.sys.vir Win32/Sirefef.DA trojan
D:\System Volume Information\_restore{8DC2D2F6-D752-4429-BF2A-66E01BFE2BFA}\RP142\A0011698.sys Win32/Sirefef.DA trojan
D:\System Volume Information\_restore{8DC2D2F6-D752-4429-BF2A-66E01BFE2BFA}\RP142\A0012698.sys Win32/Sirefef.DA trojan
D:\System Volume Information\_restore{8DC2D2F6-D752-4429-BF2A-66E01BFE2BFA}\RP142\A0012722.sys Win32/Sirefef.DA trojan
D:\System Volume Information\_restore{8DC2D2F6-D752-4429-BF2A-66E01BFE2BFA}\RP142\A0012795.dll a variant of Win32/Toolbar.Zugo application
D:\System Volume Information\_restore{8DC2D2F6-D752-4429-BF2A-66E01BFE2BFA}\RP142\A0012796.exe a variant of Win32/Toolbar.Zugo application
D:\System Volume Information\_restore{8DC2D2F6-D752-4429-BF2A-66E01BFE2BFA}\RP142\A0012797.sys Win32/Sirefef.DA trojan

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 PM

Posted 09 October 2011 - 08:34 PM

the items detected by ESET are already in quarantine or old system restore points which we will clean up shortly

please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT


Please post a fresh DDS Log and advise how your computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 JoelCo

JoelCo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 10 October 2011 - 01:31 PM

I have not noticed any problems with the speed of the computer or with redirections of the browser for the last few days.
In summary, from my perspective there are no outstanding issues.
I will not be at my desktop for the next week so I will not be able to implement further fixes during that time.
I will respond to anything posted on this forum so that the thread is not discontinued and will resume with your instructions when I get back.
Thank you again for all your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Joel at 14:12:39 on 2011-10-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.320 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
D:\PROGRA~1\AVG\AVG2012\avgrsx.exe
D:\Program Files\AVG\AVG2012\avgcsrvx.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\AVG\AVG2012\avgwdsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
D:\Program Files\AVG\AVG2012\avgnsx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creative\Mixer\CTSVolFE.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Real\RealPlayer\update\realsched.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\Nuance\PaperPort\pptd40nt.exe
D:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
D:\Program Files\Browny02\Brother\BrStMonW.exe
D:\Program Files\Citrix\ICA Client\concentr.exe
D:\Program Files\ControlCenter4\BrCtrlCntr.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\AVG\AVG2012\avgtray.exe
D:\Program Files\Citrix\ICA Client\wfcrun32.exe
D:\Program Files\Browny02\BrYNSvc.exe
D:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\ControlCenter4\BrCcUxSys.exe
D:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
D:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg2012\avgssie.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - d:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ISUSPM] d:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSVolFE] "d:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "d:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IndexSearch] "d:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "d:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "d:\program files\nuance\paperport\ereg\ereg.exe" -r "d:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] d:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] d:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] d:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] d:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [ConnectionCenter] "d:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "d:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjA1NDU2OTYwLUZMMTArMS1YTzEwKzExLUxJQysyLUREVCsxMTk1OS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMS1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzE"&"prod=90"&"ver=10.0.1410
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - d:\program files\airlink101\airlink101 wlan monitor\RtWLan.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - d:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303500042062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{E90C4230-A485-413D-8090-CF572B898893} : DhcpNameServer = 167.206.254.2 167.206.254.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\joel\application data\mozilla\firefox\profiles\qahn9krd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: d:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npicaN.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 ctxusbm;Citrix USB Monitor Driver;d:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;d:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;d:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 BrYNSvc;BrYNSvc;d:\program files\browny02\BrYNSvc.exe [2011-5-18 245760]
S0 cerc6;cerc6; [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;d:\windows\system32\drivers\RTL8192su.sys [2011-4-22 594048]
.
=============== Created Last 30 ================
.
2011-10-09 14:14:38 -------- d-----w- d:\program files\ESET
2011-10-06 22:59:15 -------- d-----w- d:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-05 00:16:17 -------- d-----w- d:\documents and settings\joel\application data\AVG2012
2011-10-05 00:11:16 -------- d-----w- d:\documents and settings\all users\application data\AVG2012
2011-10-04 23:01:55 22216 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-10-04 23:01:54 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-10-04 16:41:09 208896 ----a-w- d:\windows\MBR.exe
2011-10-04 16:41:08 98816 ----a-w- d:\windows\sed.exe
2011-10-04 16:41:08 518144 ----a-w- d:\windows\SWREG.exe
2011-10-04 16:41:08 256000 ----a-w- d:\windows\PEV.exe
2011-09-15 17:54:33 -------- d-----w- d:\documents and settings\joel\.gstreamer-0.10
2011-09-15 17:54:19 -------- d-----w- d:\documents and settings\joel\application data\ZumoCast
2011-09-15 17:54:06 -------- d-----w- d:\program files\Zecter
.
==================== Find3M ====================
.
2011-10-09 02:00:04 150392 ----a-w- d:\windows\junction.exe
2011-09-13 10:30:10 32592 ----a-w- d:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12:13 599040 ----a-w- d:\windows\system32\crypt32.dll
2011-09-06 04:35:01 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 14:13:20.12 ===============

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 PM

Posted 10 October 2011 - 01:47 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the junction, TDSSKiller, Grant Perms, DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:50 PM

Posted 16 October 2011 - 09:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users