Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE is redirecting to me to different sites when typed in address bar


  • This topic is locked This topic is locked
15 replies to this topic

#1 gdrunner

gdrunner

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 26 January 2012 - 10:56 AM

Hello. This is my first time here.

I am using IE8 on a Windows XP laptop. When I type an address in the address bar, I am either being redirected to a Bing website or getting page is not valid. I have run malwarebytes which has not fixed the issue.

I just ran HijackThis and have attached my log file for someone to look at. I would appreciate any help that I can get.

Thanks!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 29 January 2012 - 03:18 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gdrunner

gdrunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 30 January 2012 - 08:33 AM

Thanks Gringo. Before I try what you suggested, I want to let you know that I am no longer being redirected. That problem has gone away, however, I am having an issue with my system resources spiking. When I look at my processes in task manager, it seems to be coming from a svchost.exe file. It is using a lot of virtual memory and memory usage. I have not been able to pinpoint the offending application. I was wondering if you could help me with that? I will wait to hear from until I do anything.

Thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 30 January 2012 - 12:05 PM

Hello


I will check to make sure it is not a malware issue as that is what I know


I need the reports to start


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gdrunner

gdrunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 31 January 2012 - 08:08 AM

Hi Gringo. Here are those files that you requested. I seemed to have lost sound on my computer maybe because of what you had me run. I am looking forward to hearing back from you.Attached File  dds.txt   9.15KB   0 downloadsAttached File  attach.txt   19.27KB   1 downloads

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 31 January 2012 - 08:42 AM

Hello

what we have run so far has nothing to do with the sound - they were only scanners



Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gdrunner

gdrunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 02 February 2012 - 10:57 AM

Gringo. I have attached the Combofix log file. The laptop seems a little quicker and I have not noticed the svchost.exe process using all the virtual memory.

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 02 February 2012 - 11:06 AM

Hello

Please don't attach the reports

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gdrunner

gdrunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 02 February 2012 - 11:58 AM

11:42:11.0213 1432 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
11:42:11.0854 1432 ============================================================
11:42:11.0854 1432 Current date / time: 2012/02/02 11:42:11.0854
11:42:11.0854 1432 SystemInfo:
11:42:11.0854 1432
11:42:11.0854 1432 OS Version: 5.1.2600 ServicePack: 3.0
11:42:11.0854 1432 Product type: Workstation
11:42:11.0854 1432 ComputerName: RUSSELLSL09
11:42:11.0854 1432 UserName: Laura and Dan
11:42:11.0854 1432 Windows directory: C:\WINDOWS
11:42:11.0854 1432 System windows directory: C:\WINDOWS
11:42:11.0854 1432 Processor architecture: Intel x86
11:42:11.0854 1432 Number of processors: 1
11:42:11.0854 1432 Page size: 0x1000
11:42:11.0854 1432 Boot type: Normal boot
11:42:11.0854 1432 ============================================================
11:42:16.0030 1432 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:42:16.0030 1432 \Device\Harddisk0\DR0:
11:42:16.0030 1432 MBR used
11:42:16.0030 1432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
11:42:16.0060 1432 Initialize success
11:42:16.0060 1432 ============================================================
11:42:23.0340 3884 ============================================================
11:42:23.0340 3884 Scan started
11:42:23.0340 3884 Mode: Manual;
11:42:23.0340 3884 ============================================================
11:42:23.0571 3884 Abiosdsk - ok
11:42:23.0641 3884 abp480n5 - ok
11:42:23.0761 3884 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:42:23.0761 3884 ACPI - ok
11:42:23.0861 3884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:42:23.0861 3884 ACPIEC - ok
11:42:23.0951 3884 adpu160m - ok
11:42:24.0041 3884 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:42:24.0051 3884 aec - ok
11:42:24.0212 3884 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:42:24.0212 3884 AegisP - ok
11:42:24.0322 3884 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:42:24.0332 3884 AFD - ok
11:42:24.0392 3884 Aha154x - ok
11:42:24.0462 3884 aic78u2 - ok
11:42:24.0522 3884 aic78xx - ok
11:42:24.0602 3884 AliIde - ok
11:42:24.0672 3884 amsint - ok
11:42:24.0793 3884 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:42:24.0793 3884 Arp1394 - ok
11:42:24.0883 3884 asc - ok
11:42:24.0943 3884 asc3350p - ok
11:42:25.0023 3884 asc3550 - ok
11:42:25.0113 3884 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:42:25.0113 3884 AsyncMac - ok
11:42:25.0193 3884 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:42:25.0193 3884 atapi - ok
11:42:25.0263 3884 Atdisk - ok
11:42:25.0363 3884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:42:25.0363 3884 Atmarpc - ok
11:42:25.0423 3884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:42:25.0423 3884 audstub - ok
11:42:25.0574 3884 b57w2k (b9543b0c771feab7ca095303007a159c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:42:25.0584 3884 b57w2k - ok
11:42:25.0704 3884 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:42:25.0724 3884 BCM43XX - ok
11:42:25.0844 3884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:42:25.0854 3884 Beep - ok
11:42:26.0054 3884 catchme - ok
11:42:26.0205 3884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:42:26.0205 3884 cbidf2k - ok
11:42:26.0325 3884 cd20xrnt - ok
11:42:26.0375 3884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:42:26.0385 3884 Cdaudio - ok
11:42:26.0485 3884 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:42:26.0485 3884 Cdfs - ok
11:42:26.0565 3884 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:42:26.0575 3884 Cdrom - ok
11:42:26.0655 3884 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
11:42:26.0665 3884 cercsr6 - ok
11:42:26.0685 3884 Changer - ok
11:42:26.0765 3884 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:42:26.0765 3884 CmBatt - ok
11:42:26.0795 3884 CmdIde - ok
11:42:26.0835 3884 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:42:26.0835 3884 Compbatt - ok
11:42:26.0906 3884 Cpqarray - ok
11:42:26.0976 3884 dac2w2k - ok
11:42:27.0026 3884 dac960nt - ok
11:42:27.0106 3884 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
11:42:27.0106 3884 DevUpper - ok
11:42:27.0156 3884 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:42:27.0156 3884 Disk - ok
11:42:27.0266 3884 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:42:27.0316 3884 dmboot - ok
11:42:27.0386 3884 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:42:27.0396 3884 dmio - ok
11:42:27.0496 3884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:42:27.0496 3884 dmload - ok
11:42:27.0607 3884 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:42:27.0617 3884 DMusic - ok
11:42:27.0707 3884 dpti2o - ok
11:42:27.0767 3884 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:42:27.0777 3884 drmkaud - ok
11:42:27.0897 3884 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:42:27.0907 3884 Fastfat - ok
11:42:27.0997 3884 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:42:27.0997 3884 Fdc - ok
11:42:28.0107 3884 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:42:28.0107 3884 Fips - ok
11:42:28.0258 3884 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:42:28.0268 3884 Flpydisk - ok
11:42:28.0338 3884 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:42:28.0338 3884 FltMgr - ok
11:42:28.0368 3884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:42:28.0378 3884 Fs_Rec - ok
11:42:28.0418 3884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:42:28.0418 3884 Ftdisk - ok
11:42:28.0478 3884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:42:28.0488 3884 GEARAspiWDM - ok
11:42:28.0558 3884 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:42:28.0568 3884 Gpc - ok
11:42:28.0618 3884 GTICARD (b14d8f5dedf7c495c7d3104d58e1d31c) C:\WINDOWS\system32\DRIVERS\gticard.sys
11:42:28.0618 3884 GTICARD - ok
11:42:28.0738 3884 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:42:28.0738 3884 HidUsb - ok
11:42:28.0798 3884 hpn - ok
11:42:28.0858 3884 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:42:28.0868 3884 HPZid412 - ok
11:42:28.0928 3884 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:42:28.0928 3884 HPZipr12 - ok
11:42:28.0979 3884 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:42:28.0989 3884 HPZius12 - ok
11:42:29.0059 3884 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
11:42:29.0069 3884 HSFHWICH - ok
11:42:29.0279 3884 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:42:29.0339 3884 HSF_DP - ok
11:42:29.0469 3884 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:42:29.0479 3884 HTTP - ok
11:42:29.0549 3884 i2omgmt - ok
11:42:29.0619 3884 i2omp - ok
11:42:29.0730 3884 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:42:29.0740 3884 i8042prt - ok
11:42:29.0910 3884 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:42:29.0960 3884 ialm - ok
11:42:30.0080 3884 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:42:30.0090 3884 Imapi - ok
11:42:30.0170 3884 ini910u - ok
11:42:30.0280 3884 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:42:30.0290 3884 IntelIde - ok
11:42:30.0361 3884 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:42:30.0361 3884 intelppm - ok
11:42:30.0471 3884 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:42:30.0471 3884 Ip6Fw - ok
11:42:30.0591 3884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:42:30.0591 3884 IpFilterDriver - ok
11:42:30.0701 3884 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:42:30.0701 3884 IpInIp - ok
11:42:30.0781 3884 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:42:30.0791 3884 IpNat - ok
11:42:30.0861 3884 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:42:30.0871 3884 IPSec - ok
11:42:30.0991 3884 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
11:42:30.0991 3884 irda - ok
11:42:31.0072 3884 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:42:31.0082 3884 IRENUM - ok
11:42:31.0192 3884 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:42:31.0192 3884 isapnp - ok
11:42:31.0332 3884 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:42:31.0342 3884 Kbdclass - ok
11:42:31.0432 3884 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:42:31.0442 3884 kbdhid - ok
11:42:31.0572 3884 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:42:31.0582 3884 kmixer - ok
11:42:31.0753 3884 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:42:31.0763 3884 KSecDD - ok
11:42:31.0873 3884 lbrtfdc - ok
11:42:32.0013 3884 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:42:32.0013 3884 mdmxsdk - ok
11:42:32.0113 3884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:42:32.0113 3884 mnmdd - ok
11:42:32.0243 3884 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:42:32.0273 3884 Modem - ok
11:42:32.0343 3884 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:42:32.0353 3884 Mouclass - ok
11:42:32.0444 3884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:42:32.0444 3884 mouhid - ok
11:42:32.0524 3884 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:42:32.0534 3884 MountMgr - ok
11:42:32.0584 3884 mraid35x - ok
11:42:32.0634 3884 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:42:32.0644 3884 MRxDAV - ok
11:42:32.0774 3884 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:42:32.0804 3884 MRxSmb - ok
11:42:32.0934 3884 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:42:32.0934 3884 Msfs - ok
11:42:33.0044 3884 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:42:33.0044 3884 MSKSSRV - ok
11:42:33.0135 3884 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:42:33.0145 3884 MSPCLOCK - ok
11:42:33.0255 3884 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:42:33.0265 3884 MSPQM - ok
11:42:33.0405 3884 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:42:33.0405 3884 mssmbios - ok
11:42:33.0485 3884 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:42:33.0495 3884 Mup - ok
11:42:33.0615 3884 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:42:33.0625 3884 NDIS - ok
11:42:33.0725 3884 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:42:33.0725 3884 NdisTapi - ok
11:42:33.0816 3884 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:42:33.0816 3884 Ndisuio - ok
11:42:33.0896 3884 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:42:33.0906 3884 NdisWan - ok
11:42:33.0996 3884 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:42:34.0006 3884 NDProxy - ok
11:42:34.0116 3884 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:42:34.0116 3884 NetBIOS - ok
11:42:34.0216 3884 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:42:34.0216 3884 NetBT - ok
11:42:34.0326 3884 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:42:34.0346 3884 NIC1394 - ok
11:42:34.0376 3884 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:42:34.0386 3884 Npfs - ok
11:42:34.0496 3884 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:42:34.0527 3884 Ntfs - ok
11:42:34.0577 3884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:42:34.0577 3884 Null - ok
11:42:34.0657 3884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:42:34.0657 3884 NwlnkFlt - ok
11:42:34.0687 3884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:42:34.0687 3884 NwlnkFwd - ok
11:42:34.0737 3884 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:42:34.0747 3884 ohci1394 - ok
11:42:34.0807 3884 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
11:42:34.0807 3884 OMCI - ok
11:42:34.0857 3884 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:42:34.0857 3884 Parport - ok
11:42:34.0887 3884 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:42:34.0897 3884 PartMgr - ok
11:42:34.0937 3884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:42:34.0937 3884 ParVdm - ok
11:42:34.0967 3884 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:42:34.0977 3884 PCI - ok
11:42:34.0997 3884 PCIDump - ok
11:42:35.0057 3884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:42:35.0057 3884 PCIIde - ok
11:42:35.0137 3884 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:42:35.0147 3884 Pcmcia - ok
11:42:35.0167 3884 PDCOMP - ok
11:42:35.0197 3884 PDFRAME - ok
11:42:35.0238 3884 PDRELI - ok
11:42:35.0308 3884 PDRFRAME - ok
11:42:35.0328 3884 perc2 - ok
11:42:35.0408 3884 perc2hib - ok
11:42:35.0568 3884 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:42:35.0568 3884 PptpMiniport - ok
11:42:35.0618 3884 PROCEXP151 - ok
11:42:35.0678 3884 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:42:35.0688 3884 PSched - ok
11:42:35.0768 3884 PSINAflt (9abf1d1da5afaaaa41fcbd940aa2e844) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
11:42:35.0778 3884 PSINAflt - ok
11:42:35.0858 3884 PSINFile (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
11:42:35.0858 3884 PSINFile - ok
11:42:35.0969 3884 PSINKNC (0518f472a69249e18612e29278bd58ec) C:\WINDOWS\system32\DRIVERS\psinknc.sys
11:42:35.0979 3884 PSINKNC - ok
11:42:36.0079 3884 PSINProc (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
11:42:36.0089 3884 PSINProc - ok
11:42:36.0139 3884 PSINProt (f4804beb5ff6741019b56a02ead4d3b7) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
11:42:36.0139 3884 PSINProt - ok
11:42:36.0169 3884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:42:36.0179 3884 Ptilink - ok
11:42:36.0219 3884 ql1080 - ok
11:42:36.0239 3884 Ql10wnt - ok
11:42:36.0269 3884 ql12160 - ok
11:42:36.0299 3884 ql1240 - ok
11:42:36.0339 3884 ql1280 - ok
11:42:36.0429 3884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:42:36.0429 3884 RasAcd - ok
11:42:36.0509 3884 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:42:36.0509 3884 Rasirda - ok
11:42:36.0650 3884 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:42:36.0650 3884 Rasl2tp - ok
11:42:36.0750 3884 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:42:36.0750 3884 RasPppoe - ok
11:42:36.0790 3884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:42:36.0800 3884 Raspti - ok
11:42:36.0860 3884 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:42:36.0870 3884 Rdbss - ok
11:42:36.0900 3884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:42:36.0910 3884 RDPCDD - ok
11:42:36.0960 3884 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:42:36.0980 3884 rdpdr - ok
11:42:37.0070 3884 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:42:37.0080 3884 RDPWD - ok
11:42:37.0130 3884 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:42:37.0130 3884 redbook - ok
11:42:37.0331 3884 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:42:37.0331 3884 Secdrv - ok
11:42:37.0401 3884 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:42:37.0441 3884 serenum - ok
11:42:37.0491 3884 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:42:37.0501 3884 Serial - ok
11:42:37.0541 3884 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:42:37.0541 3884 Sfloppy - ok
11:42:37.0591 3884 Simbad - ok
11:42:37.0661 3884 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:42:37.0671 3884 SMCIRDA - ok
11:42:37.0741 3884 Sparrow - ok
11:42:37.0811 3884 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:42:37.0821 3884 splitter - ok
11:42:37.0901 3884 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:42:37.0911 3884 sr - ok
11:42:38.0002 3884 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:42:38.0022 3884 Srv - ok
11:42:38.0122 3884 STAC97 (cdbe7738df54d9e869ac32d8cd3dbf47) C:\WINDOWS\system32\drivers\stac97.sys
11:42:38.0132 3884 STAC97 - ok
11:42:38.0242 3884 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:42:38.0252 3884 swenum - ok
11:42:38.0292 3884 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:42:38.0292 3884 swmidi - ok
11:42:38.0332 3884 symc810 - ok
11:42:38.0362 3884 symc8xx - ok
11:42:38.0402 3884 sym_hi - ok
11:42:38.0432 3884 sym_u3 - ok
11:42:38.0502 3884 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:42:38.0512 3884 sysaudio - ok
11:42:38.0672 3884 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:42:38.0693 3884 Tcpip - ok
11:42:38.0753 3884 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:42:38.0753 3884 TDPIPE - ok
11:42:38.0793 3884 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:42:38.0803 3884 TDTCP - ok
11:42:38.0833 3884 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:42:38.0833 3884 TermDD - ok
11:42:38.0913 3884 tiumfwl (a4c6f3e34358c94e5c3acfc3392f8907) C:\WINDOWS\system32\drivers\tiumfwl.sys
11:42:38.0913 3884 tiumfwl - ok
11:42:38.0953 3884 TosIde - ok
11:42:39.0013 3884 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:42:39.0013 3884 Udfs - ok
11:42:39.0043 3884 UIUSys - ok
11:42:39.0073 3884 ultra - ok
11:42:39.0133 3884 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:42:39.0153 3884 Update - ok
11:42:39.0253 3884 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:42:39.0253 3884 USBAAPL - ok
11:42:39.0363 3884 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:42:39.0363 3884 usbccgp - ok
11:42:39.0414 3884 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:42:39.0414 3884 usbehci - ok
11:42:39.0454 3884 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:42:39.0464 3884 usbhub - ok
11:42:39.0574 3884 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:42:39.0594 3884 usbprint - ok
11:42:39.0624 3884 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:42:39.0634 3884 usbscan - ok
11:42:39.0694 3884 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:42:39.0694 3884 usbstor - ok
11:42:39.0734 3884 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:42:39.0744 3884 usbuhci - ok
11:42:39.0774 3884 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:42:39.0774 3884 VgaSave - ok
11:42:39.0794 3884 ViaIde - ok
11:42:39.0864 3884 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:42:39.0874 3884 VolSnap - ok
11:42:39.0934 3884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:42:39.0934 3884 Wanarp - ok
11:42:39.0964 3884 WDICA - ok
11:42:40.0014 3884 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:42:40.0014 3884 wdmaud - ok
11:42:40.0145 3884 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:42:40.0205 3884 winachsf - ok
11:42:40.0335 3884 wlluc48 (dca17912a1926ae427537648fc0e74d5) C:\WINDOWS\system32\DRIVERS\wlluc48.sys
11:42:40.0345 3884 wlluc48 - ok
11:42:40.0535 3884 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:42:40.0545 3884 WS2IFSL - ok
11:42:40.0675 3884 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:42:40.0685 3884 WudfPf - ok
11:42:40.0776 3884 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:42:40.0786 3884 WudfRd - ok
11:42:41.0917 3884 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
11:42:41.0947 3884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:42:41.0947 3884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:42:41.0967 3884 Boot (0x1200) (d78280e7084f5c7ce10b6402320b7753) \Device\Harddisk0\DR0\Partition0
11:42:41.0967 3884 \Device\Harddisk0\DR0\Partition0 - ok
11:42:41.0977 3884 ============================================================
11:42:41.0977 3884 Scan finished
11:42:41.0977 3884 ============================================================
11:42:42.0007 3916 Detected object count: 1
11:42:42.0007 3916 Actual detected object count: 1
11:43:04.0440 3916 \Device\Harddisk0\DR0\# - copied to quarantine
11:43:04.0440 3916 \Device\Harddisk0\DR0 - copied to quarantine
11:43:04.0480 3916 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:43:04.0520 3916 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:43:04.0530 3916 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:43:04.0530 3916 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:43:04.0550 3916 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:43:04.0560 3916 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:43:04.0640 3916 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:43:04.0640 3916 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:43:04.0650 3916 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:43:04.0650 3916 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:43:04.0700 3916 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:43:04.0700 3916 \Device\Harddisk0\DR0 - ok
11:43:04.0700 3916 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:43:21.0614 2520 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 02 February 2012 - 12:03 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gdrunner

gdrunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 02 February 2012 - 01:35 PM

ComboFix 12-02-02.01 - Laura and Dan 02/02/2012 13:00:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.222 [GMT -5:00]
Running from: c:\documents and settings\Laura and Dan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Laura and Dan\Desktop\CFscript.txt
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 16:43 . 2012-02-02 16:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-31 15:27 . 2012-01-31 15:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2012-01-26 18:34 . 2012-01-26 18:10 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-01-26 18:34 . 2012-01-26 18:10 3038 ----a-w- C:\fix_svchost.bat
2012-01-26 18:34 . 2012-01-26 18:10 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-01-26 08:24 . 2012-01-26 08:24 -------- d-----w- c:\documents and settings\All Users\Application DataMicrosoft
2012-01-25 23:00 . 2012-01-25 23:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-25 22:59 . 2012-01-25 22:59 -------- d-----w- c:\program files\iPod
2012-01-25 22:57 . 2012-01-25 22:57 -------- d-----w- C:\New Folder (1)
2012-01-25 13:22 . 2012-01-25 13:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-01-25 08:35 . 2012-01-25 08:35 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-01-24 23:47 . 2012-01-24 23:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-05 11:08 . 2012-01-05 11:09 -------- d-----w- c:\documents and settings\Laura and Dan\Local Settings\Application Data\PhotoChannel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2010-04-12 21:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUNMain]
2011-04-28 12:01 439616 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [4/28/2011 6:57 AM 129992]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [8/1/2011 6:23 AM 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/28/2011 6:57 AM 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/28/2011 6:57 AM 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [4/28/2011 6:57 AM 112456]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/2003 6:23 PM 59328]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/28/2011 6:58 AM 140608]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-02-02 c:\windows\Tasks\User_Feed_Synchronization-{ED2127B8-6A88-457B-9DBE-70B68E0093D3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 192.168.1.1
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://vpn.mvalaw.com/+CSCOL+/cscopf.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 13:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-02 13:20:01
ComboFix-quarantined-files.txt 2012-02-02 18:19
ComboFix2.txt 2012-02-02 15:44
.
Pre-Run: 21,520,748,544 bytes free
Post-Run: 21,555,974,144 bytes free
.
- - End Of File - - 1AC52ADDB353ACE5AFE3904CAC22E6FB

The computer seems to be quicker

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 02 February 2012 - 04:53 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1
Java™ 6 Update 23
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 04 February 2012 - 11:37 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gdrunner

gdrunner
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 06 February 2012 - 01:14 PM

Gringo, thanks for all your help. I think we're good now. Is there anything I need to "turn back on now"? Emulators?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 AM

Posted 06 February 2012 - 10:03 PM

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users