Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 acv28

acv28

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 29 February 2012 - 11:51 AM

Hi I originally posted this http://www.bleepingcomputer.com/forums/topic443959.html/page__pid__2610120#entry2610120

I have followed steps 6-10 and attached the logs, THANKS!

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 29 February 2012 - 06:02 PM

Hello acv28,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 02 March 2012 - 04:44 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 04 March 2012 - 10:29 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 AM

Posted 04 March 2012 - 11:50 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 05 March 2012 - 12:23 AM

Hello,

Please proceed with the steps outlined in Post#2

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 acv28

acv28
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 05 March 2012 - 12:12 PM

Hello sorry for the delay, here are the results

12:11:20.0687 1092 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
12:11:20.0968 1092 ============================================================
12:11:20.0968 1092 Current date / time: 2012/03/05 12:11:20.0968
12:11:20.0968 1092 SystemInfo:
12:11:20.0968 1092
12:11:20.0968 1092 OS Version: 5.1.2600 ServicePack: 3.0
12:11:20.0968 1092 Product type: Workstation
12:11:20.0968 1092 ComputerName: TOSHIBA-FFD59AD
12:11:20.0968 1092 UserName: Toshiba
12:11:20.0968 1092 Windows directory: C:\WINDOWS
12:11:20.0968 1092 System windows directory: C:\WINDOWS
12:11:20.0968 1092 Processor architecture: Intel x86
12:11:20.0968 1092 Number of processors: 2
12:11:20.0968 1092 Page size: 0x1000
12:11:20.0968 1092 Boot type: Normal boot
12:11:20.0968 1092 ============================================================
12:11:22.0703 1092 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:11:22.0703 1092 \Device\Harddisk0\DR0:
12:11:22.0703 1092 MBR used
12:11:22.0703 1092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:11:23.0046 1092 Initialize success
12:11:23.0046 1092 ============================================================
12:11:24.0296 2168 ============================================================
12:11:24.0296 2168 Scan started
12:11:24.0296 2168 Mode: Manual;
12:11:24.0296 2168 ============================================================
12:11:25.0187 2168 93071602 - ok
12:11:25.0218 2168 Abiosdsk - ok
12:11:25.0265 2168 abp480n5 - ok
12:11:25.0312 2168 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:11:25.0312 2168 ACPI - ok
12:11:25.0406 2168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:11:25.0406 2168 ACPIEC - ok
12:11:25.0453 2168 adpu160m - ok
12:11:25.0500 2168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:11:25.0500 2168 aec - ok
12:11:25.0593 2168 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:11:25.0593 2168 AFD - ok
12:11:25.0765 2168 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:11:25.0812 2168 AgereSoftModem - ok
12:11:25.0843 2168 Aha154x - ok
12:11:25.0890 2168 aic78u2 - ok
12:11:25.0906 2168 aic78xx - ok
12:11:25.0984 2168 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\WINDOWS\system32\drivers\AlfaFF.sys
12:11:25.0984 2168 AlfaFF - ok
12:11:26.0031 2168 AliIde - ok
12:11:26.0078 2168 amsint - ok
12:11:26.0171 2168 ApfiltrService (0e7efa7c472e4643bbf48375a9c94f9b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:11:26.0187 2168 ApfiltrService - ok
12:11:26.0281 2168 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:11:26.0281 2168 Arp1394 - ok
12:11:26.0328 2168 asc - ok
12:11:26.0359 2168 asc3350p - ok
12:11:26.0390 2168 asc3550 - ok
12:11:26.0468 2168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:11:26.0468 2168 AsyncMac - ok
12:11:26.0515 2168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:11:26.0531 2168 atapi - ok
12:11:26.0593 2168 Atdisk - ok
12:11:26.0671 2168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:11:26.0671 2168 Atmarpc - ok
12:11:26.0750 2168 ATSWPDRV (7ceaaa478bd100ecbb1a2fc38f8f03de) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
12:11:26.0750 2168 ATSWPDRV - ok
12:11:26.0843 2168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:11:26.0843 2168 audstub - ok
12:11:26.0890 2168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:11:26.0890 2168 Beep - ok
12:11:26.0906 2168 catchme - ok
12:11:27.0031 2168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:11:27.0031 2168 cbidf2k - ok
12:11:27.0109 2168 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:11:27.0109 2168 CCDECODE - ok
12:11:27.0140 2168 cd20xrnt - ok
12:11:27.0203 2168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:11:27.0203 2168 Cdaudio - ok
12:11:27.0390 2168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:11:27.0421 2168 Cdfs - ok
12:11:27.0515 2168 Cdrom - ok
12:11:27.0609 2168 Changer - ok
12:11:27.0640 2168 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:11:27.0656 2168 CmBatt - ok
12:11:27.0656 2168 CmdIde - ok
12:11:27.0671 2168 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:11:27.0671 2168 Compbatt - ok
12:11:27.0703 2168 Cpqarray - ok
12:11:27.0703 2168 dac2w2k - ok
12:11:27.0718 2168 dac960nt - ok
12:11:27.0734 2168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:11:27.0734 2168 Disk - ok
12:11:27.0796 2168 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:11:27.0828 2168 dmboot - ok
12:11:27.0906 2168 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:11:27.0906 2168 dmio - ok
12:11:27.0921 2168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:11:27.0921 2168 dmload - ok
12:11:27.0937 2168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:11:27.0937 2168 DMusic - ok
12:11:27.0953 2168 dpti2o - ok
12:11:27.0984 2168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:11:27.0984 2168 drmkaud - ok
12:11:28.0015 2168 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:11:28.0015 2168 e1express - ok
12:11:28.0109 2168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:11:28.0109 2168 Fastfat - ok
12:11:28.0156 2168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:11:28.0156 2168 Fdc - ok
12:11:28.0203 2168 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:11:28.0203 2168 Fips - ok
12:11:28.0250 2168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:11:28.0250 2168 Flpydisk - ok
12:11:28.0281 2168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:11:28.0281 2168 FltMgr - ok
12:11:28.0312 2168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:11:28.0312 2168 Fs_Rec - ok
12:11:28.0343 2168 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:11:28.0343 2168 Ftdisk - ok
12:11:28.0390 2168 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:11:28.0390 2168 GEARAspiWDM - ok
12:11:28.0468 2168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:11:28.0468 2168 Gpc - ok
12:11:28.0531 2168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:11:28.0531 2168 HDAudBus - ok
12:11:28.0609 2168 HECI (982da8edc8e2680ba8e39dc1ad54a04e) C:\WINDOWS\system32\DRIVERS\HECI.sys
12:11:28.0609 2168 HECI - ok
12:11:28.0718 2168 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:11:28.0718 2168 HidUsb - ok
12:11:28.0750 2168 hpn - ok
12:11:28.0812 2168 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:11:28.0828 2168 HTTP - ok
12:11:28.0859 2168 i2omgmt - ok
12:11:28.0875 2168 i2omp - ok
12:11:28.0921 2168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:11:28.0937 2168 i8042prt - ok
12:11:29.0203 2168 ialm (bd9462e346229f37fd5b95fbcb6d3d34) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:11:29.0421 2168 ialm - ok
12:11:29.0546 2168 ICAM3NT5 (7e9dce459be666ab54f67e77cb7d1297) C:\WINDOWS\system32\Drivers\Icam3.sys
12:11:29.0562 2168 ICAM3NT5 - ok
12:11:29.0609 2168 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:11:29.0609 2168 IFXTPM - ok
12:11:29.0656 2168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:11:29.0656 2168 Imapi - ok
12:11:29.0671 2168 ini910u - ok
12:11:29.0906 2168 IntcAzAudAddService (f81deaa7785d141dbe9a3898ecbcd343) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:11:29.0984 2168 IntcAzAudAddService - ok
12:11:30.0015 2168 IntelIde - ok
12:11:30.0078 2168 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:11:30.0078 2168 intelppm - ok
12:11:30.0171 2168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:11:30.0187 2168 Ip6Fw - ok
12:11:30.0250 2168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:11:30.0250 2168 IpFilterDriver - ok
12:11:30.0296 2168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:11:30.0312 2168 IpInIp - ok
12:11:30.0343 2168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:11:30.0343 2168 IpNat - ok
12:11:30.0390 2168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:11:30.0390 2168 IPSec - ok
12:11:30.0437 2168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:11:30.0437 2168 IRENUM - ok
12:11:30.0468 2168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:11:30.0468 2168 isapnp - ok
12:11:30.0562 2168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:11:30.0562 2168 Kbdclass - ok
12:11:30.0593 2168 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:11:30.0593 2168 kbdhid - ok
12:11:30.0625 2168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:11:30.0625 2168 kmixer - ok
12:11:30.0687 2168 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:11:30.0687 2168 KSecDD - ok
12:11:30.0718 2168 lbrtfdc - ok
12:11:30.0765 2168 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:11:30.0765 2168 MBAMProtector - ok
12:11:30.0812 2168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:11:30.0812 2168 mnmdd - ok
12:11:30.0890 2168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:11:30.0890 2168 Modem - ok
12:11:31.0000 2168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:11:31.0000 2168 Mouclass - ok
12:11:31.0062 2168 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:11:31.0062 2168 mouhid - ok
12:11:31.0093 2168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:11:31.0093 2168 MountMgr - ok
12:11:31.0109 2168 mraid35x - ok
12:11:31.0140 2168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:11:31.0140 2168 MRxDAV - ok
12:11:31.0156 2168 MRxSmb - ok
12:11:31.0171 2168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:11:31.0171 2168 Msfs - ok
12:11:31.0218 2168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:11:31.0234 2168 MSKSSRV - ok
12:11:31.0250 2168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:11:31.0250 2168 MSPCLOCK - ok
12:11:31.0312 2168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:11:31.0312 2168 MSPQM - ok
12:11:31.0343 2168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:11:31.0343 2168 mssmbios - ok
12:11:31.0359 2168 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:11:31.0359 2168 MSTEE - ok
12:11:31.0390 2168 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:11:31.0390 2168 Mup - ok
12:11:31.0421 2168 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:11:31.0453 2168 NABTSFEC - ok
12:11:31.0515 2168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:11:31.0515 2168 NDIS - ok
12:11:31.0562 2168 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:11:31.0562 2168 NdisIP - ok
12:11:31.0656 2168 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:11:31.0656 2168 NdisTapi - ok
12:11:31.0687 2168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:11:31.0687 2168 Ndisuio - ok
12:11:31.0718 2168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:11:31.0718 2168 NdisWan - ok
12:11:31.0765 2168 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:11:31.0765 2168 NDProxy - ok
12:11:31.0843 2168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:11:31.0843 2168 NetBIOS - ok
12:11:31.0953 2168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:11:31.0968 2168 NetBT - ok
12:11:32.0109 2168 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
12:11:32.0203 2168 NETw4x32 - ok
12:11:32.0218 2168 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:11:32.0234 2168 NIC1394 - ok
12:11:32.0265 2168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:11:32.0265 2168 Npfs - ok
12:11:32.0296 2168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:11:32.0328 2168 Ntfs - ok
12:11:32.0375 2168 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:11:32.0390 2168 NuidFltr - ok
12:11:32.0437 2168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:11:32.0437 2168 Null - ok
12:11:32.0484 2168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:11:32.0484 2168 NwlnkFlt - ok
12:11:32.0609 2168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:11:32.0609 2168 NwlnkFwd - ok
12:11:32.0656 2168 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:11:32.0671 2168 ohci1394 - ok
12:11:32.0734 2168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:11:32.0734 2168 Parport - ok
12:11:32.0781 2168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:11:32.0781 2168 PartMgr - ok
12:11:32.0843 2168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:11:32.0843 2168 ParVdm - ok
12:11:32.0859 2168 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:11:32.0875 2168 PCI - ok
12:11:32.0890 2168 PCIDump - ok
12:11:32.0953 2168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:11:32.0953 2168 PCIIde - ok
12:11:32.0968 2168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:11:32.0968 2168 Pcmcia - ok
12:11:32.0984 2168 PDCOMP - ok
12:11:33.0015 2168 PDFRAME - ok
12:11:33.0015 2168 PDRELI - ok
12:11:33.0031 2168 PDRFRAME - ok
12:11:33.0046 2168 perc2 - ok
12:11:33.0078 2168 perc2hib - ok
12:11:33.0140 2168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:11:33.0140 2168 PptpMiniport - ok
12:11:33.0218 2168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:11:33.0218 2168 PSched - ok
12:11:33.0234 2168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:11:33.0234 2168 Ptilink - ok
12:11:33.0234 2168 ql1080 - ok
12:11:33.0250 2168 Ql10wnt - ok
12:11:33.0265 2168 ql12160 - ok
12:11:33.0281 2168 ql1240 - ok
12:11:33.0281 2168 ql1280 - ok
12:11:33.0312 2168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:11:33.0312 2168 RasAcd - ok
12:11:33.0328 2168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:11:33.0328 2168 Rasl2tp - ok
12:11:33.0359 2168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:11:33.0359 2168 RasPppoe - ok
12:11:33.0375 2168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:11:33.0375 2168 Raspti - ok
12:11:33.0406 2168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:11:33.0406 2168 Rdbss - ok
12:11:33.0421 2168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:11:33.0421 2168 RDPCDD - ok
12:11:33.0437 2168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:11:33.0453 2168 rdpdr - ok
12:11:33.0500 2168 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:11:33.0500 2168 RDPWD - ok
12:11:33.0546 2168 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:11:33.0562 2168 redbook - ok
12:11:33.0656 2168 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:11:33.0656 2168 SASDIFSV - ok
12:11:33.0671 2168 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:11:33.0687 2168 SASKUTIL - ok
12:11:33.0828 2168 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:11:33.0828 2168 sdbus - ok
12:11:33.0906 2168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:11:33.0906 2168 Secdrv - ok
12:11:33.0968 2168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:11:33.0968 2168 Serial - ok
12:11:34.0015 2168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:11:34.0015 2168 Sfloppy - ok
12:11:34.0093 2168 Simbad - ok
12:11:34.0156 2168 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:11:34.0156 2168 SLIP - ok
12:11:34.0250 2168 Sparrow - ok
12:11:34.0296 2168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:11:34.0296 2168 splitter - ok
12:11:34.0359 2168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:11:34.0359 2168 sr - ok
12:11:34.0468 2168 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:11:34.0484 2168 Srv - ok
12:11:34.0531 2168 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:11:34.0546 2168 streamip - ok
12:11:34.0640 2168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:11:34.0640 2168 swenum - ok
12:11:34.0750 2168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:11:34.0750 2168 swmidi - ok
12:11:34.0796 2168 symc810 - ok
12:11:34.0828 2168 symc8xx - ok
12:11:34.0859 2168 sym_hi - ok
12:11:34.0906 2168 sym_u3 - ok
12:11:34.0984 2168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:11:34.0984 2168 sysaudio - ok
12:11:35.0109 2168 TBtnKey (1f1b3aa534db6107118bf7942275f100) C:\WINDOWS\system32\DRIVERS\TBtnKey.sys
12:11:35.0109 2168 TBtnKey - ok
12:11:35.0171 2168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:11:35.0187 2168 Tcpip - ok
12:11:35.0234 2168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:11:35.0234 2168 TDPIPE - ok
12:11:35.0265 2168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:11:35.0281 2168 TDTCP - ok
12:11:35.0312 2168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:11:35.0312 2168 TermDD - ok
12:11:35.0375 2168 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
12:11:35.0375 2168 Thpevm - ok
12:11:35.0437 2168 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
12:11:35.0453 2168 tifm21 - ok
12:11:35.0531 2168 tjukh - ok
12:11:35.0578 2168 TosIde - ok
12:11:35.0625 2168 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
12:11:35.0625 2168 tosporte - ok
12:11:35.0656 2168 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
12:11:35.0656 2168 tosrfbd - ok
12:11:35.0687 2168 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
12:11:35.0687 2168 tosrfbnp - ok
12:11:35.0734 2168 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\WINDOWS\system32\Drivers\tosrfcom.sys
12:11:35.0750 2168 Tosrfcom - ok
12:11:35.0781 2168 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
12:11:35.0781 2168 tosrfec - ok
12:11:35.0796 2168 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
12:11:35.0796 2168 Tosrfhid - ok
12:11:35.0828 2168 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
12:11:35.0828 2168 tosrfnds - ok
12:11:35.0875 2168 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\WINDOWS\system32\drivers\tosrfsnd.sys
12:11:35.0875 2168 TosRfSnd - ok
12:11:35.0906 2168 tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
12:11:35.0921 2168 tosrfusb - ok
12:11:35.0968 2168 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
12:11:35.0968 2168 TVALZ - ok
12:11:36.0078 2168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:11:36.0078 2168 Udfs - ok
12:11:36.0109 2168 ultra - ok
12:11:36.0187 2168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:11:36.0203 2168 Update - ok
12:11:36.0281 2168 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:11:36.0281 2168 USBAAPL - ok
12:11:36.0328 2168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:11:36.0343 2168 usbccgp - ok
12:11:36.0484 2168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:11:36.0500 2168 usbehci - ok
12:11:36.0546 2168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:11:36.0546 2168 usbhub - ok
12:11:36.0593 2168 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:11:36.0593 2168 usbscan - ok
12:11:36.0625 2168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:11:36.0640 2168 USBSTOR - ok
12:11:36.0640 2168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:11:36.0656 2168 usbuhci - ok
12:11:36.0687 2168 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:11:36.0703 2168 usbvideo - ok
12:11:36.0718 2168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:11:36.0718 2168 VgaSave - ok
12:11:36.0734 2168 ViaIde - ok
12:11:36.0765 2168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:11:36.0781 2168 VolSnap - ok
12:11:36.0890 2168 WacomVTHid (d126f319f0631a5238e0c4861fb91860) C:\WINDOWS\system32\DRIVERS\WacomVTHid.sys
12:11:36.0906 2168 WacomVTHid - ok
12:11:36.0984 2168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:11:36.0984 2168 Wanarp - ok
12:11:37.0062 2168 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:11:37.0093 2168 Wdf01000 - ok
12:11:37.0109 2168 WDICA - ok
12:11:37.0156 2168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:11:37.0156 2168 wdmaud - ok
12:11:37.0234 2168 wisdpen (b20f6f5d1148965dc38e26af277f5115) C:\WINDOWS\system32\DRIVERS\wisdpen.sys
12:11:37.0234 2168 wisdpen - ok
12:11:37.0359 2168 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:11:37.0375 2168 WS2IFSL - ok
12:11:37.0453 2168 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:11:37.0453 2168 WSTCODEC - ok
12:11:37.0500 2168 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:11:37.0687 2168 \Device\Harddisk0\DR0 - ok
12:11:37.0687 2168 Boot (0x1200) (1799c29e49422b05b2dcb564f039d5f4) \Device\Harddisk0\DR0\Partition0
12:11:37.0703 2168 \Device\Harddisk0\DR0\Partition0 - ok
12:11:37.0703 2168 ============================================================
12:11:37.0703 2168 Scan finished
12:11:37.0703 2168 ============================================================
12:11:37.0718 2252 Detected object count: 0
12:11:37.0718 2252 Actual detected object count: 0

ComboFix 12-03-04.02 - Toshiba 03/04/2012 21:50:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2007.1638 [GMT -5:00]
Running from: c:\documents and settings\Toshiba\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nwirevye.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nwirevye.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nwirevye.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nwirevye.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nwirevye.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\install.rdf
c:\documents and settings\All Users\Application Data\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\NetworkService\Application Data\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi
c:\documents and settings\NetworkService\Local Settings\Application Data\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi
c:\documents and settings\Toshiba\Application Data\6746.678
c:\documents and settings\Toshiba\Application Data\Adobe\plugs
c:\documents and settings\Toshiba\Application Data\Adobe\shed
c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\mgy0gzrt.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}
c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\mgy0gzrt.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\chrome.manifest
c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\mgy0gzrt.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\chrome\xulcache.jar
c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\mgy0gzrt.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\defaults\preferences\xulcache.js
c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\mgy0gzrt.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\install.rdf
c:\documents and settings\Toshiba\Local Settings\Application Data\Google\GoogleUpdate\Googleupdt32.dll
c:\documents and settings\Toshiba\Local Settings\Application Data\Microsoft\sett.dat
c:\documents and settings\Toshiba\My Documents\~WRL0001.tmp
c:\documents and settings\Toshiba\My Documents\~WRL0003.tmp
c:\documents and settings\Toshiba\My Documents\~WRL0005.tmp
c:\documents and settings\Toshiba\My Documents\~WRL1769.tmp
c:\documents and settings\Toshiba\Recent\Thumbs.db
c:\windows\$NtUninstallKB27203$
c:\windows\$NtUninstallKB27203$\1646281532
c:\windows\$NtUninstallKB27203$\2920531024\@
c:\windows\$NtUninstallKB27203$\2920531024\L(2)\lebrlnbn
c:\windows\$NtUninstallKB27203$\2920531024\U(2)\00000001.@
c:\windows\$NtUninstallKB27203$\2920531024\U(2)\00000002.@
c:\windows\$NtUninstallKB27203$\2920531024\U(2)\00000004.@
c:\windows\$NtUninstallKB27203$\2920531024\U(2)\80000000.@
c:\windows\$NtUninstallKB27203$\2920531024\U(2)\80000004.@
c:\windows\$NtUninstallKB27203$\2920531024\U(2)\80000032.$
c:\windows\system32\Cache
c:\windows\system32\Cache\ca4316073ceb28c1.fb
c:\windows\system32\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-02-24 05:10 . 2012-02-24 05:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 03:49 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-02-09 03:49 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-02-09 03:49 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-02-09 03:49 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 05:12 . 2010-07-23 01:47 64000 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2011-12-10 20:24 . 2011-07-14 22:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 01:19 . 2006-02-28 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-20 03:28 . 2011-08-05 02:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2009-01-22 22:42 122880 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-18 16861696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-29 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-29 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-29 141848]
"TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2007-11-20 81920]
"TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 49152]
"TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2006-07-20 327680]
"CrossMenu"="c:\program files\TOSHIBA\CrossMenu\CrossMenu.exe" [2007-10-12 806912]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2007-08-22 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-10-21 704512]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2009-01-22 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-11-01 232912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-11-11 19:33 184320 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-19 00:22 136176 ----atw- c:\documents and settings\Toshiba\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 18:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PwdBank]
2009-01-22 22:44 3200512 ----a-w- c:\program files\TrueSuite Access Manager\PwdBank.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-01-08 23:18 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-02-23 16:27 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2008-04-14 00:12 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2008-04-14 00:12 16384 ----a-w- c:\windows\Help\splshwrp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
2006-04-10 22:14 622592 ----a-w- c:\windows\system32\TFNF5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"FingerprintServer"=2 (0x2)
"BITS"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Toshiba\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [3/14/2008 1:18 PM 42608]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 12:14 AM 6528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2011 5:22 PM 652360]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [7/22/2010 8:51 PM 1464856]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [7/22/2010 8:39 PM 95528]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/18/2010 4:16 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2011 5:22 PM 20464]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [7/22/2010 8:50 PM 8832]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [7/22/2010 8:39 PM 13992]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [7/22/2010 8:38 PM 30888]
S0 93071602;93071602;c:\windows\system32\drivers\95692046.sys --> c:\windows\system32\drivers\95692046.sys [?]
S0 tjukh;tjukh;c:\windows\system32\drivers\dyxb.sys --> c:\windows\system32\drivers\dyxb.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/28/2006 7:00 AM 14336]
S4 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [11/11/2008 2:33 PM 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-2111687655-725345543-1003Core.job
- c:\documents and settings\Toshiba\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 00:22]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-2111687655-725345543-1003UA.job
- c:\documents and settings\Toshiba\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-19 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\mgy0gzrt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Google - c:\documents and settings\Toshiba\Local Settings\Application Data\Google\GoogleUpdate\Googleupdt32.dll
SafeBoot-06727271.sys
SafeBoot-38458702.sys
SafeBoot-63141201.sys
SafeBoot-85019607.sys
SafeBoot-92916120.sys
SafeBoot-93071602.sys
SafeBoot-96520991.sys
MSConfigStartUp-ISTray - c:\program files\PC Tools\PC Tools Security\pctsGui.exe
MSConfigStartUp-Tbiwanekulemun - c:\windows\csvcmap.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 22:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\drivers\tsk11A.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\drivers\tskDA4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,70,51,70,bd,b8,06,4f,8c,db,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,70,51,70,bd,b8,06,4f,8c,db,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
.
- - - - - - - > 'explorer.exe'(1056)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\TAMSvr.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Apoint2K\Apntex.exe
c:\program files\WTouch\WTouchUser.exe
.
**************************************************************************
.
Completion time: 2012-03-04 22:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 03:03
.
Pre-Run: 139,705,675,776 bytes free
Post-Run: 140,806,909,952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 03E58C77E2F199B4CBE62B1B5913B577


Thanks!

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 05 March 2012 - 06:49 PM

How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 acv28

acv28
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 05 March 2012 - 10:01 PM

So far it seems to be running ok. I haven't noticed any redirects as of late, and no weird pop-ups. If there are no more steps at this time, I would like to thank you. I appreciate your time and help!

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 05 March 2012 - 10:45 PM

Hello,

Lets run a couple other scanners to make sure no leftovers.


1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 acv28

acv28
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 06 March 2012 - 01:01 AM

Thanks for the follow up

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Toshiba :: TOSHIBA-FFD59AD [administrator]

Protection: Disabled

3/6/2012 12:07:23 AM
mbam-log-2012-03-06 (00-07-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188673
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\1e136c0-67740625 a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\3163f180-2f4a0dd3 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\42\66a198aa-5d3f414f a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\1494686d-16a6b287 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\2e4fe6bb-434ee1cf multiple threats deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\10\7bc15c8a-59424bf5 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\13\5bd89d0d-37850540 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\2\5911cc2-71ee8200 Java/Agent.EA trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\2\63d48c42-59f5ff92 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\20\4ef244d4-1a131da3 multiple threats deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-526ab6b3 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\3\3b6b9743-3d1a7e9d a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\34\12b52ba2-1ce951bd a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-19fc8b24 multiple threats deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\39\4a34b027-7bedb280 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\41\4ae491e9-624a5a46 multiple threats deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\43\402b2b-70966d8d multiple threats deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\44\3b21af6c-3f6dd296 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\45\5a0f87ed-3c872b58 a variant of Java/Agent.DP trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\46\2fd1b4ee-1a38c847 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-4e1f3332 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\47\67e448ef-6efa9e27 Java/Exploit.CVE-2011-3544.T trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\49\6d01bb31-4f095b2d a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\52\15038ef4-2b7309a6 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\52\43b8adf4-6e463264 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\52\58007f34-181b5c3d multiple threats deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\55\386bdbf7-701ec138 Java/Exploit.CVE-2011-3544.H trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\59\6b62f07b-31563263 Java/Exploit.CVE-2011-3544.T trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\60\5abff83c-23549b1c Java/Agent.EA trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\60\7fb8c6fc-6fbe6809 Java/Agent.EA trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\62\2bc3143e-6033f4f8 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\63\271c0b7f-77836538 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\63\53c488bf-3d142d63 multiple threats deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\7\124509c7-199429e8 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Toshiba\Application Data\Sun\Java\Deployment\cache\6.0\9\4d485149-475f2f61 Java/Exploit.CVE-2011-3544.T trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nwirevye.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi.vir a variant of Win32/Kryptik.ZBW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi.vir a variant of Win32/Kryptik.ZBW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi.vir a variant of Win32/Kryptik.ZBW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Toshiba\Application Data\Mozilla\Firefox\Profiles\mgy0gzrt.default\extensions\{dc08c53d-b013-425f-8dda-42724c17c12a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Toshiba\Local Settings\Application Data\Google\GoogleUpdate\Googleupdt32.dll.vir a variant of Win32/Kryptik.XZU trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\CFE6EE05-DD6B-2CAF-7F0A-9D1FD37C7302.avi.vir a variant of Win32/Kryptik.ZBW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3D11A798-3549-4498-9B2E-AFD835448EB3}\RP208\A0103107.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3D11A798-3549-4498-9B2E-AFD835448EB3}\RP208\A0104107.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3D11A798-3549-4498-9B2E-AFD835448EB3}\RP254\A0120795.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3D11A798-3549-4498-9B2E-AFD835448EB3}\RP254\A0120796.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{3D11A798-3549-4498-9B2E-AFD835448EB3}\RP254\A0120797.dll a variant of Win32/Kryptik.XZU trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\24.02.2012_00.10.21\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 06 March 2012 - 06:55 PM

Hello,acv28.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:12 PM

Posted 09 March 2012 - 10:52 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users