Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Torpig.mbr detection and can't clean


  • This topic is locked This topic is locked
6 replies to this topic

#1 mulesmarinair

mulesmarinair

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 28 January 2012 - 11:04 AM

Hi
Rappor/trusteer is detecting and blocking Torpig.mbr and I can't clean it up.
I'm also getting another fake "Verified by Visa" screen that prompts for cardholder info (PIN, DOB etc.).
Unsure if it is related to Torpig infection.

DDS file as follows and Zip file attached.
Thanks very much
Gerry


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Gerry at 12:35:52 on 2012-01-28
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1213 [GMT 0:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\SQUEEZ~1\server\SqueezeSvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [DpUtil] c:\program files\toshiba\dualpointutility\TEDTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TMESBS.EXE] c:\program files\toshiba\tme3\TMESBS32.EXE /Client
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1810124C-569F-4ADA-974E-583572E3D3F5} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: psfus - psqlpwd.dll
Notify: TosBtNP - TosBtNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gerry\application data\mozilla\firefox\profiles\o2fu5vvk.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=3c5450fe00000000000000037aeb759e&q=
FF - plugin: c:\documents and settings\gerry\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-1-31 6144]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-28 11608]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-1-25 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-4 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-4 164112]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2006-1-31 5888]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-28 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-28 66616]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-12-21 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-12-21 33024]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-4 931640]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2005-12-21 3456]
R2 squeezesvc;Logitech Media Server;c:\progra~1\squeez~1\server\SqueezeSvr.exe [2011-11-2 14057569]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-1-31 35968]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2006-1-31 595072]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-4 56208]
S3 rs5mfid6.sys;rs5mfid6.sys;\??\c:\windows\system32\drivers\rs5mfid6.sys --> c:\windows\system32\drivers\rs5mfid6.sys [?]
S4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S4 Tmesbs;Tmesbs32;c:\program files\toshiba\tme3\TMESBS32.EXE [2006-1-31 77824]
S4 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2006-1-31 118784]
.
=============== Created Last 30 ================
.
2012-01-27 21:44:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-27 21:44:17 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-18 19:17:59 269272 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-01-18 19:17:59 19928 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-01-18 19:17:50 16096216 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-01-17 22:50:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-04 14:33:56 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-01-21 21:56:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-17 22:48:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-14 21:45:57 1056 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 12:37:07.82 ===============

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:55 AM

Posted 29 January 2012 - 09:21 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's work on the infected computer -

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.6.21.0_23.07.2011_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Once you have the above log, click on the Add Reply button below, and copy in the contents of the TDSSKiller log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 mulesmarinair

mulesmarinair
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 29 January 2012 - 01:17 PM

Hi Shannon
thanks very much for picking this up and helping me :)

Here is the report from TDSS. It found one item.

Will leave it to you to advise.

Thanks again
Gerry



17:39:18.0437 2860 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
17:39:18.0640 2860 ============================================================
17:39:18.0640 2860 Current date / time: 2012/01/29 17:39:18.0640
17:39:18.0640 2860 SystemInfo:
17:39:18.0640 2860
17:39:18.0640 2860 OS Version: 5.1.2600 ServicePack: 3.0
17:39:18.0640 2860 Product type: Workstation
17:39:18.0640 2860 ComputerName: LAPTOP
17:39:18.0640 2860 UserName: Gerry
17:39:18.0640 2860 Windows directory: C:\WINDOWS
17:39:18.0640 2860 System windows directory: C:\WINDOWS
17:39:18.0640 2860 Processor architecture: Intel x86
17:39:18.0640 2860 Number of processors: 2
17:39:18.0640 2860 Page size: 0x1000
17:39:18.0640 2860 Boot type: Normal boot
17:39:18.0640 2860 ============================================================
17:39:23.0250 2860 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:39:23.0343 2860 Initialize success
17:42:16.0875 3124 ============================================================
17:42:16.0875 3124 Scan started
17:42:16.0875 3124 Mode: Manual;
17:42:16.0875 3124 ============================================================
17:42:18.0937 3124 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
17:42:19.0015 3124 61883 - ok
17:42:19.0500 3124 Abiosdsk - ok
17:42:20.0078 3124 abp480n5 - ok
17:42:20.0750 3124 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:42:20.0765 3124 ACPI - ok
17:42:21.0453 3124 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:42:21.0484 3124 ACPIEC - ok
17:42:22.0093 3124 adpu160m - ok
17:42:22.0937 3124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:42:23.0093 3124 aec - ok
17:42:23.0828 3124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:42:23.0828 3124 AFD - ok
17:42:25.0250 3124 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:42:26.0328 3124 AgereSoftModem - ok
17:42:27.0062 3124 Aha154x - ok
17:42:27.0578 3124 aic78u2 - ok
17:42:28.0203 3124 aic78xx - ok
17:42:28.0656 3124 AliIde - ok
17:42:29.0203 3124 amsint - ok
17:42:29.0828 3124 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:42:29.0937 3124 ApfiltrService - ok
17:42:30.0875 3124 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:42:30.0937 3124 Arp1394 - ok
17:42:31.0421 3124 asc - ok
17:42:31.0890 3124 asc3350p - ok
17:42:32.0593 3124 asc3550 - ok
17:42:33.0328 3124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:42:33.0359 3124 AsyncMac - ok
17:42:33.0968 3124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:42:33.0968 3124 atapi - ok
17:42:34.0453 3124 Atdisk - ok
17:42:35.0000 3124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:42:35.0062 3124 Atmarpc - ok
17:42:35.0703 3124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:42:35.0718 3124 audstub - ok
17:42:36.0265 3124 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
17:42:36.0296 3124 Avc - ok
17:42:36.0453 3124 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:42:36.0468 3124 avgio - ok
17:42:37.0000 3124 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:42:37.0000 3124 avgntflt - ok
17:42:37.0562 3124 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:42:37.0578 3124 avipbb - ok
17:42:38.0265 3124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:42:38.0281 3124 Beep - ok
17:42:38.0890 3124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:42:38.0906 3124 cbidf2k - ok
17:42:39.0421 3124 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:42:39.0453 3124 CCDECODE - ok
17:42:39.0937 3124 cd20xrnt - ok
17:42:40.0437 3124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:42:40.0468 3124 Cdaudio - ok
17:42:41.0062 3124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:42:41.0203 3124 Cdfs - ok
17:42:41.0906 3124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:42:41.0968 3124 Cdrom - ok
17:42:42.0546 3124 Changer - ok
17:42:43.0296 3124 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:42:43.0343 3124 CmBatt - ok
17:42:43.0953 3124 CmdIde - ok
17:42:44.0687 3124 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:42:44.0703 3124 Compbatt - ok
17:42:45.0343 3124 Cpqarray - ok
17:42:45.0937 3124 dac2w2k - ok
17:42:46.0531 3124 dac960nt - ok
17:42:47.0234 3124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:42:47.0296 3124 Disk - ok
17:42:47.0828 3124 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:42:47.0875 3124 DLABOIOM - ok
17:42:48.0453 3124 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:42:48.0484 3124 DLACDBHM - ok
17:42:49.0015 3124 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:42:49.0046 3124 DLADResN - ok
17:42:49.0656 3124 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:42:49.0859 3124 DLAIFS_M - ok
17:42:50.0484 3124 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:42:50.0531 3124 DLAOPIOM - ok
17:42:51.0250 3124 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:42:51.0296 3124 DLAPoolM - ok
17:42:52.0078 3124 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:42:52.0140 3124 DLARTL_N - ok
17:42:53.0171 3124 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:42:53.0250 3124 DLAUDFAM - ok
17:42:54.0062 3124 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:42:54.0156 3124 DLAUDF_M - ok
17:42:55.0406 3124 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:42:55.0984 3124 dmboot - ok
17:42:56.0687 3124 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:42:56.0796 3124 dmio - ok
17:42:57.0421 3124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:42:57.0468 3124 dmload - ok
17:42:58.0125 3124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:42:58.0218 3124 DMusic - ok
17:42:58.0781 3124 dpti2o - ok
17:42:59.0281 3124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:42:59.0281 3124 drmkaud - ok
17:43:00.0078 3124 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:43:00.0234 3124 DRVMCDB - ok
17:43:01.0187 3124 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:43:01.0406 3124 DRVNDDM - ok
17:43:02.0140 3124 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:43:02.0250 3124 e1express - ok
17:43:02.0796 3124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:43:02.0875 3124 Fastfat - ok
17:43:03.0343 3124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:43:03.0375 3124 Fdc - ok
17:43:03.0671 3124 FdRedir (8affa5814b135417494e48eb9c0b6c5e) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
17:43:03.0718 3124 FdRedir - ok
17:43:03.0843 3124 FileDisk2 (6ed5c6a25174118036e978b42f0974d1) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
17:43:04.0015 3124 FileDisk2 - ok
17:43:04.0593 3124 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:43:04.0609 3124 Fips - ok
17:43:05.0343 3124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:43:05.0390 3124 Flpydisk - ok
17:43:06.0046 3124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:43:06.0281 3124 FltMgr - ok
17:43:06.0953 3124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:43:06.0984 3124 Fs_Rec - ok
17:43:07.0953 3124 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:43:08.0078 3124 Ftdisk - ok
17:43:08.0890 3124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:43:08.0953 3124 Gpc - ok
17:43:09.0609 3124 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
17:43:09.0656 3124 grmnusb - ok
17:43:10.0484 3124 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:43:10.0531 3124 HDAudBus - ok
17:43:11.0187 3124 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:43:11.0218 3124 HidUsb - ok
17:43:11.0937 3124 hpn - ok
17:43:13.0140 3124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:43:13.0218 3124 HTTP - ok
17:43:13.0656 3124 i2omgmt - ok
17:43:14.0093 3124 i2omp - ok
17:43:14.0593 3124 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:43:14.0625 3124 i8042prt - ok
17:43:15.0093 3124 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:43:15.0125 3124 IFXTPM - ok
17:43:15.0734 3124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:43:15.0750 3124 Imapi - ok
17:43:16.0171 3124 ini910u - ok
17:43:16.0593 3124 IntelIde - ok
17:43:17.0062 3124 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:43:17.0062 3124 intelppm - ok
17:43:17.0515 3124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:43:17.0593 3124 Ip6Fw - ok
17:43:18.0109 3124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:43:18.0125 3124 IpFilterDriver - ok
17:43:18.0562 3124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:43:18.0578 3124 IpInIp - ok
17:43:19.0125 3124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:43:19.0125 3124 IpNat - ok
17:43:19.0593 3124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:43:19.0593 3124 IPSec - ok
17:43:20.0125 3124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:43:20.0140 3124 IRENUM - ok
17:43:20.0593 3124 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:43:20.0609 3124 isapnp - ok
17:43:21.0109 3124 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:43:21.0125 3124 Kbdclass - ok
17:43:21.0703 3124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:43:21.0859 3124 kmixer - ok
17:43:22.0343 3124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:43:22.0343 3124 KSecDD - ok
17:43:22.0468 3124 Lavasoft Kernexplorer - ok
17:43:23.0015 3124 lbrtfdc - ok
17:43:23.0500 3124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:43:23.0515 3124 mnmdd - ok
17:43:24.0000 3124 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:43:24.0000 3124 Modem - ok
17:43:24.0578 3124 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:43:24.0609 3124 Mouclass - ok
17:43:25.0140 3124 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:43:25.0187 3124 mouhid - ok
17:43:25.0703 3124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:43:25.0734 3124 MountMgr - ok
17:43:26.0203 3124 mraid35x - ok
17:43:26.0781 3124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:43:26.0984 3124 MRxDAV - ok
17:43:27.0796 3124 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:43:27.0906 3124 MRxSmb - ok
17:43:28.0453 3124 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
17:43:28.0484 3124 MSDV - ok
17:43:28.0921 3124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:43:28.0937 3124 Msfs - ok
17:43:29.0390 3124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:43:29.0390 3124 MSKSSRV - ok
17:43:29.0875 3124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:43:29.0875 3124 MSPCLOCK - ok
17:43:30.0296 3124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:43:30.0312 3124 MSPQM - ok
17:43:30.0859 3124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:43:30.0875 3124 mssmbios - ok
17:43:31.0468 3124 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:43:31.0468 3124 MSTEE - ok
17:43:31.0937 3124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:43:31.0937 3124 Mup - ok
17:43:32.0406 3124 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:43:32.0453 3124 NABTSFEC - ok
17:43:32.0984 3124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:43:32.0984 3124 NDIS - ok
17:43:33.0703 3124 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:43:33.0718 3124 NdisIP - ok
17:43:34.0171 3124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:43:34.0171 3124 NdisTapi - ok
17:43:34.0656 3124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:43:34.0671 3124 Ndisuio - ok
17:43:35.0171 3124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:43:35.0218 3124 NdisWan - ok
17:43:35.0671 3124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:43:35.0671 3124 NDProxy - ok
17:43:36.0125 3124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:43:36.0140 3124 NetBIOS - ok
17:43:36.0640 3124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:43:36.0718 3124 NetBT - ok
17:43:37.0140 3124 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
17:43:37.0156 3124 Netdevio - ok
17:43:37.0609 3124 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:43:37.0625 3124 NIC1394 - ok
17:43:38.0125 3124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:43:38.0156 3124 Npfs - ok
17:43:38.0953 3124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:43:39.0250 3124 Ntfs - ok
17:43:39.0687 3124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:43:39.0703 3124 Null - ok
17:43:41.0984 3124 nv (41bea0680a04740113b0b0678a007e96) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:43:43.0796 3124 nv - ok
17:43:44.0296 3124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:43:44.0312 3124 NwlnkFlt - ok
17:43:44.0750 3124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:43:44.0781 3124 NwlnkFwd - ok
17:43:45.0218 3124 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:43:45.0218 3124 ohci1394 - ok
17:43:45.0687 3124 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:43:45.0734 3124 Parport - ok
17:43:46.0156 3124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:43:46.0171 3124 PartMgr - ok
17:43:46.0609 3124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:43:46.0625 3124 ParVdm - ok
17:43:47.0109 3124 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:43:47.0140 3124 PCI - ok
17:43:47.0546 3124 PCIDump - ok
17:43:48.0015 3124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:43:48.0031 3124 PCIIde - ok
17:43:48.0500 3124 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:43:48.0562 3124 Pcmcia - ok
17:43:48.0968 3124 PDCOMP - ok
17:43:49.0375 3124 PDFRAME - ok
17:43:49.0796 3124 PDRELI - ok
17:43:50.0203 3124 PDRFRAME - ok
17:43:50.0593 3124 perc2 - ok
17:43:51.0000 3124 perc2hib - ok
17:43:51.0468 3124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:43:51.0500 3124 PptpMiniport - ok
17:43:51.0953 3124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:43:51.0984 3124 PSched - ok
17:43:52.0421 3124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:43:52.0421 3124 Ptilink - ok
17:43:52.0843 3124 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:43:52.0859 3124 PxHelp20 - ok
17:43:53.0265 3124 ql1080 - ok
17:43:53.0906 3124 Ql10wnt - ok
17:43:54.0312 3124 ql12160 - ok
17:43:54.0718 3124 ql1240 - ok
17:43:55.0140 3124 ql1280 - ok
17:43:55.0421 3124 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
17:43:55.0421 3124 RapportCerberus_34302 - ok
17:43:55.0578 3124 RapportEI (00da31621298490d3821d2d62a299150) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
17:43:55.0593 3124 RapportEI - ok
17:43:55.0687 3124 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
17:43:55.0687 3124 RapportIaso - ok
17:43:56.0250 3124 RapportKELL (b40d945259f9834d4f6a62c15ec72c94) C:\WINDOWS\system32\Drivers\RapportKELL.sys
17:43:56.0281 3124 RapportKELL - ok
17:43:56.0421 3124 RapportPG (84179c63b5a88d6c6676e95a35865665) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
17:43:56.0437 3124 RapportPG - ok
17:43:56.0843 3124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:43:56.0859 3124 RasAcd - ok
17:43:57.0343 3124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:43:57.0375 3124 Rasl2tp - ok
17:43:57.0796 3124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:43:57.0828 3124 RasPppoe - ok
17:43:58.0265 3124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:43:58.0265 3124 Raspti - ok
17:43:58.0781 3124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:43:58.0875 3124 Rdbss - ok
17:43:59.0296 3124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:43:59.0296 3124 RDPCDD - ok
17:43:59.0828 3124 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:43:59.0953 3124 rdpdr - ok
17:44:00.0468 3124 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:44:00.0468 3124 RDPWD - ok
17:44:00.0921 3124 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:44:00.0953 3124 redbook - ok
17:44:01.0359 3124 rs5mfid6.sys - ok
17:44:01.0859 3124 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:44:01.0906 3124 sdbus - ok
17:44:02.0359 3124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:44:02.0375 3124 Secdrv - ok
17:44:02.0828 3124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:44:02.0843 3124 serenum - ok
17:44:03.0375 3124 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:44:03.0421 3124 Serial - ok
17:44:03.0859 3124 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:44:03.0859 3124 sffdisk - ok
17:44:04.0296 3124 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:44:04.0312 3124 sffp_sd - ok
17:44:04.0734 3124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:44:04.0734 3124 Sfloppy - ok
17:44:05.0203 3124 Simbad - ok
17:44:05.0671 3124 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:44:05.0671 3124 SLIP - ok
17:44:05.0781 3124 smihlp (aef89571c4e567575db8bdf120765b6c) C:\Program Files\Protector Suite QL\smihlp.sys
17:44:05.0796 3124 smihlp - ok
17:44:06.0203 3124 Sparrow - ok
17:44:06.0625 3124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:44:06.0640 3124 splitter - ok
17:44:07.0093 3124 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:44:07.0140 3124 sr - ok
17:44:07.0765 3124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:44:07.0859 3124 Srv - ok
17:44:08.0296 3124 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:44:08.0296 3124 ssmdrv - ok
17:44:09.0281 3124 STHDA (ba225dbe19060a8bece4cfbcdcc8b69d) C:\WINDOWS\system32\drivers\sthda.sys
17:44:09.0296 3124 STHDA - ok
17:44:09.0796 3124 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:44:09.0812 3124 streamip - ok
17:44:10.0265 3124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:44:10.0281 3124 swenum - ok
17:44:10.0796 3124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:44:10.0828 3124 swmidi - ok
17:44:11.0234 3124 symc810 - ok
17:44:11.0640 3124 symc8xx - ok
17:44:12.0046 3124 sym_hi - ok
17:44:12.0437 3124 sym_u3 - ok
17:44:12.0921 3124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:44:12.0953 3124 sysaudio - ok
17:44:13.0609 3124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:44:13.0609 3124 Tcpip - ok
17:44:14.0312 3124 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
17:44:14.0343 3124 TcUsb - ok
17:44:14.0796 3124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:44:14.0812 3124 TDPIPE - ok
17:44:15.0250 3124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:44:15.0281 3124 TDTCP - ok
17:44:16.0015 3124 TEchoCan (4a80e7a7d65560aa26e10b4c0a77d87a) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
17:44:16.0328 3124 TEchoCan - ok
17:44:16.0812 3124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:44:16.0843 3124 TermDD - ok
17:44:17.0281 3124 Thpdrv (9a932560e9246b0d370fb97789bc0fd4) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
17:44:17.0296 3124 Thpdrv - ok
17:44:17.0703 3124 Thpevm (51b3dfbe72ce64faf326c07ccbb5d632) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
17:44:17.0718 3124 Thpevm - ok
17:44:18.0140 3124 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
17:44:18.0156 3124 TMEI3E - ok
17:44:18.0640 3124 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
17:44:18.0640 3124 toshidpt - ok
17:44:19.0046 3124 TosIde - ok
17:44:19.0500 3124 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
17:44:19.0515 3124 tosporte - ok
17:44:20.0000 3124 Tosrfbd (37a7d0d105110aafac6e982a2c49b8b6) C:\WINDOWS\system32\Drivers\tosrfbd.sys
17:44:20.0062 3124 Tosrfbd - ok
17:44:20.0531 3124 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
17:44:20.0562 3124 Tosrfbnp - ok
17:44:21.0015 3124 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
17:44:21.0046 3124 Tosrfcom - ok
17:44:21.0468 3124 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
17:44:21.0468 3124 tosrfec - ok
17:44:21.0906 3124 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
17:44:21.0953 3124 Tosrfhid - ok
17:44:22.0375 3124 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
17:44:22.0390 3124 tosrfnds - ok
17:44:22.0859 3124 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
17:44:22.0890 3124 TosRfSnd - ok
17:44:23.0328 3124 Tosrfusb (1d19323d5bc7309d9df65dad5635005c) C:\WINDOWS\system32\Drivers\tosrfusb.sys
17:44:23.0343 3124 Tosrfusb - ok
17:44:23.0781 3124 TVALZ (ccf4f8f8240f7057bf864ef73e91dcbb) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
17:44:23.0796 3124 TVALZ - ok
17:44:24.0281 3124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:44:24.0312 3124 Udfs - ok
17:44:24.0781 3124 ultra - ok
17:44:25.0406 3124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:44:25.0640 3124 Update - ok
17:44:26.0156 3124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:44:26.0187 3124 usbccgp - ok
17:44:26.0625 3124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:44:26.0640 3124 usbehci - ok
17:44:27.0109 3124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:44:27.0140 3124 usbhub - ok
17:44:27.0578 3124 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:44:27.0593 3124 usbprint - ok
17:44:28.0031 3124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:44:28.0046 3124 usbscan - ok
17:44:28.0468 3124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:44:28.0500 3124 USBSTOR - ok
17:44:28.0937 3124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:44:28.0953 3124 usbuhci - ok
17:44:29.0421 3124 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:44:29.0484 3124 usbvideo - ok
17:44:29.0937 3124 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
17:44:29.0968 3124 VClone - ok
17:44:30.0390 3124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:44:30.0406 3124 VgaSave - ok
17:44:30.0828 3124 ViaIde - ok
17:44:31.0296 3124 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:44:31.0328 3124 VolSnap - ok
17:44:32.0468 3124 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
17:44:33.0046 3124 w39n51 - ok
17:44:33.0515 3124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:44:33.0531 3124 Wanarp - ok
17:44:34.0000 3124 WDICA - ok
17:44:34.0750 3124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:44:34.0796 3124 wdmaud - ok
17:44:35.0281 3124 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:44:35.0296 3124 WpdUsb - ok
17:44:35.0765 3124 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:44:35.0781 3124 WSTCODEC - ok
17:44:36.0265 3124 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:44:36.0312 3124 WudfPf - ok
17:44:36.0765 3124 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:44:36.0812 3124 WudfRd - ok
17:44:37.0218 3124 xcpip - ok
17:44:37.0625 3124 xpsec - ok
17:44:37.0656 3124 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
17:44:37.0656 3124 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
17:44:37.0656 3124 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
17:44:37.0671 3124 Boot (0x1200) (b858f511fadea40027aa93cf1ac86d3e) \Device\Harddisk0\DR0\Partition0
17:44:37.0671 3124 \Device\Harddisk0\DR0\Partition0 - ok
17:44:37.0671 3124 ============================================================
17:44:37.0671 3124 Scan finished
17:44:37.0671 3124 ============================================================
17:44:37.0671 0884 Detected object count: 1
17:44:37.0671 0884 Actual detected object count: 1
17:45:13.0156 0884 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
17:45:13.0218 0884 \Device\Harddisk0\DR0 - ok
17:45:13.0218 0884 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
17:45:33.0187 2204 Deinitialize success

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:55 AM

Posted 30 January 2012 - 08:26 AM

Hi-

Sorry, I thought I had posted this to you yesterday.

TDSSKiller uncovered a backdoor trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

  • Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    How to Temporarily Disable your Anti-virusl


    Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Next, we need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your reply, please copy in the contents of the ComboFix report and the two OTL reports. How is your computer running now?

Shannon

#5 mulesmarinair

mulesmarinair
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 31 January 2012 - 04:24 PM

Hi Shannon
Thanks very much for coming back to me, apologies for the short delay on my side too :)
I think it's best that I don't take any chances for the future -
I'll clean the disc and start afresh.

I backed up my personal docs - music, photos etc. to an extenal hard drive a month ago or so.
Do you think there will be any risks with these files?


regards
Gerry

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:55 AM

Posted 31 January 2012 - 06:25 PM

Hi-

That is your safest option!

You should be able to backup your data files and restore them without re-infecting your computer, but you should not backup or restore files with the following extensions:
.exe
.scr
.htm
.html
.xml
.zip
.rar
.asp
.php

as these might harbor infections.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a pop up appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop ups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a pop up that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period. another recommended, and free, AntiSpyware program is Malwarebytes' Anti-Malware (MBAM).

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update your Java runtimes regularly

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Download the latest version here - http://java.sun.com/javase/downloads/index.jsp. You want to select the JRE version.
Follow this list and your potential for being infected again will reduce dramatically.

Good Luck!!

Shannon

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:55 AM

Posted 05 February 2012 - 09:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users