Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

updatesearch.org


  • This topic is locked This topic is locked
15 replies to this topic

#1 bertcollege

bertcollege

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 01 March 2012 - 04:50 PM

The general problem was described in this thread: http://www.bleepingcomputer.com/forums/topic444704.html

No problems were found and I was told to do some ore digging with other programs, then post it here.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 1.6.0_29
Run by rtm5101 at 16:12:47 on 2012-03-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1346 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\rtm5101\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\users\rtm5101\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\users\rtm5101\desktop\antibadstuff\mbamgui.exe /install /silent
StartupFolder: c:\users\rtm5101\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
TCP: Interfaces\{DB69DD32-9B40-487C-BC43-47B14A9D3C4A}\7594E4053555D2E425B45393034373F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E4274979-99B7-47F4-A7FF-D7D1D0EFCE77} : DhcpNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rtm5101\appdata\roaming\mozilla\firefox\profiles\qockbtna.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\rtm5101\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\rtm5101\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-11 1343400]
.
=============== Created Last 30 ================
.
2012-03-01 16:27:22 -------- d-----w- c:\users\rtm5101\appdata\roaming\Malwarebytes
2012-03-01 16:26:00 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 16:25:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 14:55:11 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba74a3a0-d999-4f7e-a08d-71135dcb6ac9}\mpengine.dll
2012-02-16 01:17:34 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 01:17:25 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 01:17:20 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 01:17:04 2343424 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:14:12.09 ===============



Attach and ark are both attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 02 March 2012 - 02:45 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 March 2012 - 12:07 AM

Here's the log. There hasn't been any redirects since the first one, and my computer has been running normally.

ComboFix 12-03-02.01 - rtm5101 03/02/2012 23:55:10.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1811 [GMT -5:00]
Running from: c:\users\rtm5101\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\setupsqm.exe
c:\windows\system32\oobe\windeploy.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 05:01 . 2012-03-03 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 05:01 . 2012-03-03 05:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-02 05:39 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03511AD8-ED9B-4214-AC43-5C1602627824}\mpengine.dll
2012-03-01 16:27 . 2012-03-01 16:27 -------- d-----w- c:\users\rtm5101\AppData\Roaming\Malwarebytes
2012-03-01 16:26 . 2012-03-01 16:26 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 16:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 01:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 01:17 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 01:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 01:17 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2011-09-04 04:11 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-20 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\rtm5101\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1343400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000Core.job
- c:\users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 18:13]
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000UA.job
- c:\users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 18:13]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000Core.job
- c:\users\rtm5101\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 18:14]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000UA.job
- c:\users\rtm5101\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 18:14]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
FF - ProfilePath - c:\users\rtm5101\AppData\Roaming\Mozilla\Firefox\Profiles\qockbtna.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-03 00:05:26
ComboFix-quarantined-files.txt 2012-03-03 05:05
.
Pre-Run: 195,737,677,824 bytes free
Post-Run: 197,436,751,872 bytes free
.
- - End Of File - - 1A07FAD5B4A70815B743F14F5BB35AD3

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 03 March 2012 - 12:10 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 March 2012 - 02:10 AM

No threats found with TDSSKiller, here's the log.

02:09:23.0817 3616 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
02:09:24.0141 3616 ============================================================
02:09:24.0141 3616 Current date / time: 2012/03/03 02:09:24.0141
02:09:24.0141 3616 SystemInfo:
02:09:24.0141 3616
02:09:24.0141 3616 OS Version: 6.1.7601 ServicePack: 1.0
02:09:24.0141 3616 Product type: Workstation
02:09:24.0141 3616 ComputerName: WINPSU-NRK59047
02:09:24.0143 3616 UserName: rtm5101
02:09:24.0143 3616 Windows directory: C:\Windows
02:09:24.0143 3616 System windows directory: C:\Windows
02:09:24.0143 3616 Processor architecture: Intel x86
02:09:24.0143 3616 Number of processors: 2
02:09:24.0143 3616 Page size: 0x1000
02:09:24.0143 3616 Boot type: Normal boot
02:09:24.0143 3616 ============================================================
02:09:25.0684 3616 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:09:25.0688 3616 \Device\Harddisk0\DR0:
02:09:25.0688 3616 MBR used
02:09:25.0688 3616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
02:09:25.0707 3616 Initialize success
02:09:25.0708 3616 ============================================================
02:09:30.0490 3896 ============================================================
02:09:30.0490 3896 Scan started
02:09:30.0490 3896 Mode: Manual;
02:09:30.0490 3896 ============================================================
02:09:31.0348 3896 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
02:09:31.0351 3896 1394ohci - ok
02:09:31.0402 3896 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
02:09:31.0406 3896 ACPI - ok
02:09:31.0461 3896 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
02:09:31.0469 3896 AcpiPmi - ok
02:09:31.0840 3896 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
02:09:31.0861 3896 adp94xx - ok
02:09:31.0912 3896 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
02:09:31.0939 3896 adpahci - ok
02:09:32.0014 3896 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
02:09:32.0039 3896 adpu320 - ok
02:09:32.0187 3896 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
02:09:32.0195 3896 AFD - ok
02:09:32.0245 3896 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
02:09:32.0266 3896 agp440 - ok
02:09:32.0327 3896 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
02:09:32.0352 3896 aic78xx - ok
02:09:32.0461 3896 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
02:09:32.0473 3896 aliide - ok
02:09:32.0530 3896 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
02:09:32.0547 3896 amdagp - ok
02:09:32.0591 3896 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
02:09:32.0602 3896 amdide - ok
02:09:32.0658 3896 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
02:09:32.0670 3896 AmdK8 - ok
02:09:32.0789 3896 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
02:09:32.0805 3896 AmdPPM - ok
02:09:32.0882 3896 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
02:09:32.0899 3896 amdsata - ok
02:09:32.0964 3896 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
02:09:32.0982 3896 amdsbs - ok
02:09:33.0055 3896 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
02:09:33.0056 3896 amdxata - ok
02:09:33.0133 3896 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
02:09:33.0148 3896 AppID - ok
02:09:33.0226 3896 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
02:09:33.0240 3896 arc - ok
02:09:33.0349 3896 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
02:09:33.0364 3896 arcsas - ok
02:09:33.0414 3896 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:09:33.0415 3896 AsyncMac - ok
02:09:33.0490 3896 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
02:09:33.0491 3896 atapi - ok
02:09:33.0701 3896 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
02:09:33.0758 3896 b06bdrv - ok
02:09:33.0833 3896 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:09:33.0874 3896 b57nd60x - ok
02:09:33.0986 3896 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:09:33.0987 3896 Beep - ok
02:09:34.0057 3896 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:09:34.0059 3896 blbdrive - ok
02:09:34.0121 3896 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
02:09:34.0124 3896 bowser - ok
02:09:34.0157 3896 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:09:34.0172 3896 BrFiltLo - ok
02:09:34.0250 3896 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:09:34.0265 3896 BrFiltUp - ok
02:09:34.0388 3896 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
02:09:34.0406 3896 BridgeMP - ok
02:09:34.0482 3896 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:09:34.0508 3896 Brserid - ok
02:09:34.0586 3896 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:09:34.0608 3896 BrSerWdm - ok
02:09:34.0644 3896 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:09:34.0659 3896 BrUsbMdm - ok
02:09:34.0690 3896 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:09:34.0708 3896 BrUsbSer - ok
02:09:34.0742 3896 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:09:34.0766 3896 BTHMODEM - ok
02:09:34.0869 3896 catchme - ok
02:09:35.0000 3896 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:09:35.0002 3896 cdfs - ok
02:09:35.0078 3896 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
02:09:35.0080 3896 cdrom - ok
02:09:35.0138 3896 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
02:09:35.0155 3896 circlass - ok
02:09:35.0208 3896 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:09:35.0216 3896 CLFS - ok
02:09:35.0326 3896 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
02:09:35.0327 3896 CmBatt - ok
02:09:35.0385 3896 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
02:09:35.0405 3896 cmdide - ok
02:09:35.0480 3896 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
02:09:35.0502 3896 CNG - ok
02:09:35.0554 3896 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
02:09:35.0555 3896 Compbatt - ok
02:09:35.0658 3896 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
02:09:35.0660 3896 CompositeBus - ok
02:09:35.0724 3896 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
02:09:35.0741 3896 crcdisk - ok
02:09:35.0841 3896 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
02:09:35.0865 3896 CSC - ok
02:09:35.0991 3896 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
02:09:35.0994 3896 DfsC - ok
02:09:36.0056 3896 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:09:36.0058 3896 discache - ok
02:09:36.0118 3896 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
02:09:36.0121 3896 Disk - ok
02:09:36.0249 3896 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:09:36.0266 3896 drmkaud - ok
02:09:36.0356 3896 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
02:09:36.0389 3896 DXGKrnl - ok
02:09:36.0558 3896 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
02:09:36.0685 3896 ebdrv - ok
02:09:36.0790 3896 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:09:36.0818 3896 eeCtrl - ok
02:09:36.0971 3896 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
02:09:37.0016 3896 elxstor - ok
02:09:37.0149 3896 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:09:37.0172 3896 EraserUtilRebootDrv - ok
02:09:37.0334 3896 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
02:09:37.0351 3896 ErrDev - ok
02:09:37.0439 3896 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:09:37.0460 3896 exfat - ok
02:09:37.0510 3896 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:09:37.0528 3896 fastfat - ok
02:09:37.0564 3896 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
02:09:37.0577 3896 fdc - ok
02:09:37.0672 3896 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:09:37.0674 3896 FileInfo - ok
02:09:37.0717 3896 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:09:37.0731 3896 Filetrace - ok
02:09:37.0780 3896 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
02:09:37.0836 3896 flpydisk - ok
02:09:37.0897 3896 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:09:37.0901 3896 FltMgr - ok
02:09:37.0991 3896 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:09:38.0007 3896 FsDepends - ok
02:09:38.0067 3896 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
02:09:38.0068 3896 Fs_Rec - ok
02:09:38.0137 3896 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
02:09:38.0142 3896 fvevol - ok
02:09:38.0212 3896 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:09:38.0226 3896 gagp30kx - ok
02:09:38.0323 3896 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:09:38.0338 3896 hcw85cir - ok
02:09:38.0432 3896 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
02:09:38.0457 3896 HdAudAddService - ok
02:09:38.0544 3896 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
02:09:38.0547 3896 HDAudBus - ok
02:09:38.0660 3896 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
02:09:38.0673 3896 HidBatt - ok
02:09:38.0720 3896 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
02:09:38.0739 3896 HidBth - ok
02:09:38.0789 3896 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
02:09:38.0801 3896 HidIr - ok
02:09:38.0882 3896 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
02:09:38.0883 3896 HidUsb - ok
02:09:38.0992 3896 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
02:09:38.0994 3896 HpqRemHid - ok
02:09:39.0046 3896 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
02:09:39.0064 3896 HpSAMD - ok
02:09:39.0158 3896 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
02:09:39.0191 3896 HTTP - ok
02:09:39.0289 3896 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
02:09:39.0290 3896 hwpolicy - ok
02:09:39.0358 3896 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
02:09:39.0360 3896 i8042prt - ok
02:09:39.0445 3896 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
02:09:39.0483 3896 iaStorV - ok
02:09:39.0738 3896 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:09:39.0905 3896 igfx - ok
02:09:39.0959 3896 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
02:09:39.0977 3896 iirsp - ok
02:09:40.0170 3896 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
02:09:40.0238 3896 IntcAzAudAddService - ok
02:09:40.0302 3896 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
02:09:40.0303 3896 intelide - ok
02:09:40.0501 3896 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:09:40.0503 3896 intelppm - ok
02:09:40.0564 3896 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:09:40.0584 3896 IpFilterDriver - ok
02:09:40.0693 3896 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
02:09:40.0728 3896 IPMIDRV - ok
02:09:40.0777 3896 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:09:40.0802 3896 IPNAT - ok
02:09:40.0863 3896 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:09:40.0878 3896 IRENUM - ok
02:09:40.0955 3896 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
02:09:40.0974 3896 isapnp - ok
02:09:41.0034 3896 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
02:09:41.0058 3896 iScsiPrt - ok
02:09:41.0154 3896 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
02:09:41.0156 3896 kbdclass - ok
02:09:41.0211 3896 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
02:09:41.0213 3896 kbdhid - ok
02:09:41.0296 3896 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
02:09:41.0298 3896 KSecDD - ok
02:09:41.0348 3896 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
02:09:41.0351 3896 KSecPkg - ok
02:09:41.0481 3896 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:09:41.0483 3896 lltdio - ok
02:09:41.0557 3896 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:09:41.0575 3896 LSI_FC - ok
02:09:41.0622 3896 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:09:41.0643 3896 LSI_SAS - ok
02:09:41.0699 3896 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:09:41.0716 3896 LSI_SAS2 - ok
02:09:41.0753 3896 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:09:41.0772 3896 LSI_SCSI - ok
02:09:41.0888 3896 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:09:41.0891 3896 luafv - ok
02:09:41.0947 3896 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
02:09:41.0965 3896 megasas - ok
02:09:42.0009 3896 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
02:09:42.0034 3896 MegaSR - ok
02:09:42.0089 3896 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:09:42.0092 3896 Modem - ok
02:09:42.0149 3896 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
02:09:42.0150 3896 MODEMCSA - ok
02:09:42.0253 3896 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:09:42.0254 3896 monitor - ok
02:09:42.0301 3896 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
02:09:42.0303 3896 mouclass - ok
02:09:42.0355 3896 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:09:42.0357 3896 mouhid - ok
02:09:42.0422 3896 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
02:09:42.0426 3896 mountmgr - ok
02:09:42.0504 3896 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
02:09:42.0527 3896 mpio - ok
02:09:42.0799 3896 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:09:42.0801 3896 mpsdrv - ok
02:09:42.0924 3896 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
02:09:42.0944 3896 MRxDAV - ok
02:09:43.0027 3896 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:09:43.0031 3896 mrxsmb - ok
02:09:43.0086 3896 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:09:43.0091 3896 mrxsmb10 - ok
02:09:43.0146 3896 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:09:43.0149 3896 mrxsmb20 - ok
02:09:43.0205 3896 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
02:09:43.0206 3896 msahci - ok
02:09:43.0276 3896 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
02:09:43.0296 3896 msdsm - ok
02:09:43.0382 3896 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:09:43.0384 3896 Msfs - ok
02:09:43.0422 3896 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:09:43.0435 3896 mshidkmdf - ok
02:09:43.0488 3896 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
02:09:43.0489 3896 msisadrv - ok
02:09:43.0565 3896 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:09:43.0588 3896 MSKSSRV - ok
02:09:43.0661 3896 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:09:43.0663 3896 MSPCLOCK - ok
02:09:43.0717 3896 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:09:43.0718 3896 MSPQM - ok
02:09:43.0763 3896 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:09:43.0767 3896 MsRPC - ok
02:09:43.0826 3896 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
02:09:43.0827 3896 mssmbios - ok
02:09:43.0905 3896 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:09:43.0919 3896 MSTEE - ok
02:09:43.0980 3896 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
02:09:43.0998 3896 MTConfig - ok
02:09:44.0045 3896 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:09:44.0047 3896 Mup - ok
02:09:44.0115 3896 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:09:44.0121 3896 NativeWifiP - ok
02:09:44.0252 3896 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120302.002\NAVENG.SYS
02:09:44.0273 3896 NAVENG - ok
02:09:44.0374 3896 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120302.002\NAVEX15.SYS
02:09:44.0500 3896 NAVEX15 - ok
02:09:44.0633 3896 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
02:09:44.0666 3896 NDIS - ok
02:09:44.0727 3896 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:09:44.0745 3896 NdisCap - ok
02:09:44.0795 3896 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:09:44.0796 3896 NdisTapi - ok
02:09:44.0907 3896 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
02:09:44.0909 3896 Ndisuio - ok
02:09:44.0980 3896 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
02:09:44.0984 3896 NdisWan - ok
02:09:45.0040 3896 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
02:09:45.0041 3896 NDProxy - ok
02:09:45.0109 3896 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:09:45.0110 3896 NetBIOS - ok
02:09:45.0196 3896 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
02:09:45.0200 3896 NetBT - ok
02:09:45.0416 3896 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
02:09:45.0556 3896 netw5v32 - ok
02:09:45.0659 3896 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
02:09:45.0676 3896 nfrd960 - ok
02:09:45.0746 3896 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:09:45.0747 3896 Npfs - ok
02:09:45.0800 3896 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:09:45.0801 3896 nsiproxy - ok
02:09:45.0908 3896 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
02:09:45.0953 3896 Ntfs - ok
02:09:46.0069 3896 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:09:46.0070 3896 Null - ok
02:09:46.0124 3896 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
02:09:46.0145 3896 nvraid - ok
02:09:46.0193 3896 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
02:09:46.0216 3896 nvstor - ok
02:09:46.0287 3896 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
02:09:46.0308 3896 nv_agp - ok
02:09:46.0418 3896 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
02:09:46.0435 3896 ohci1394 - ok
02:09:46.0513 3896 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
02:09:46.0531 3896 Parport - ok
02:09:46.0588 3896 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
02:09:46.0590 3896 partmgr - ok
02:09:46.0629 3896 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
02:09:46.0644 3896 Parvdm - ok
02:09:46.0741 3896 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
02:09:46.0747 3896 pci - ok
02:09:46.0791 3896 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
02:09:46.0807 3896 pciide - ok
02:09:46.0866 3896 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
02:09:46.0893 3896 pcmcia - ok
02:09:46.0925 3896 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:09:46.0927 3896 pcw - ok
02:09:46.0973 3896 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:09:47.0009 3896 PEAUTH - ok
02:09:47.0148 3896 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:09:47.0150 3896 PptpMiniport - ok
02:09:47.0200 3896 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
02:09:47.0217 3896 Processor - ok
02:09:47.0293 3896 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:09:47.0296 3896 Psched - ok
02:09:47.0380 3896 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
02:09:47.0471 3896 ql2300 - ok
02:09:47.0568 3896 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
02:09:47.0598 3896 ql40xx - ok
02:09:47.0643 3896 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:09:47.0644 3896 QWAVEdrv - ok
02:09:47.0682 3896 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:09:47.0696 3896 RasAcd - ok
02:09:47.0752 3896 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:09:47.0753 3896 RasAgileVpn - ok
02:09:47.0813 3896 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:09:47.0816 3896 Rasl2tp - ok
02:09:48.0003 3896 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:09:48.0011 3896 RasPppoe - ok
02:09:48.0198 3896 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:09:48.0201 3896 RasSstp - ok
02:09:48.0264 3896 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
02:09:48.0270 3896 rdbss - ok
02:09:48.0301 3896 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:09:48.0302 3896 rdpbus - ok
02:09:48.0405 3896 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:09:48.0406 3896 RDPCDD - ok
02:09:48.0467 3896 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
02:09:48.0489 3896 RDPDR - ok
02:09:48.0563 3896 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:09:48.0564 3896 RDPENCDD - ok
02:09:48.0596 3896 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:09:48.0597 3896 RDPREFMP - ok
02:09:48.0706 3896 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
02:09:48.0728 3896 RDPWD - ok
02:09:48.0815 3896 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
02:09:48.0820 3896 rdyboost - ok
02:09:48.0891 3896 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
02:09:48.0892 3896 rimmptsk - ok
02:09:48.0980 3896 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
02:09:48.0982 3896 rimsptsk - ok
02:09:49.0032 3896 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
02:09:49.0034 3896 rismxdp - ok
02:09:49.0132 3896 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:09:49.0135 3896 rspndr - ok
02:09:49.0236 3896 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
02:09:49.0240 3896 RTL8167 - ok
02:09:49.0305 3896 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
02:09:49.0320 3896 s3cap - ok
02:09:49.0383 3896 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
02:09:49.0404 3896 sbp2port - ok
02:09:49.0474 3896 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
02:09:49.0490 3896 scfilter - ok
02:09:49.0611 3896 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
02:09:49.0614 3896 sdbus - ok
02:09:49.0682 3896 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:09:49.0684 3896 secdrv - ok
02:09:49.0766 3896 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
02:09:49.0782 3896 Serenum - ok
02:09:49.0822 3896 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
02:09:49.0842 3896 Serial - ok
02:09:49.0946 3896 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
02:09:49.0961 3896 sermouse - ok
02:09:50.0039 3896 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
02:09:50.0056 3896 sffdisk - ok
02:09:50.0104 3896 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
02:09:50.0119 3896 sffp_mmc - ok
02:09:50.0166 3896 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
02:09:50.0181 3896 sffp_sd - ok
02:09:50.0239 3896 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
02:09:50.0256 3896 sfloppy - ok
02:09:50.0379 3896 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
02:09:50.0399 3896 sisagp - ok
02:09:50.0457 3896 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:09:50.0476 3896 SiSRaid2 - ok
02:09:50.0524 3896 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
02:09:50.0543 3896 SiSRaid4 - ok
02:09:50.0616 3896 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:09:50.0636 3896 Smb - ok
02:09:50.0782 3896 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
02:09:50.0838 3896 smserial - ok
02:09:50.0972 3896 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
02:09:51.0023 3896 SPBBCDrv - ok
02:09:51.0116 3896 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:09:51.0118 3896 spldr - ok
02:09:51.0184 3896 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
02:09:51.0188 3896 SRTSP - ok
02:09:51.0256 3896 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
02:09:51.0289 3896 SRTSPL - ok
02:09:51.0327 3896 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
02:09:51.0330 3896 SRTSPX - ok
02:09:51.0430 3896 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
02:09:51.0435 3896 srv - ok
02:09:51.0491 3896 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
02:09:51.0498 3896 srv2 - ok
02:09:51.0551 3896 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
02:09:51.0555 3896 srvnet - ok
02:09:51.0636 3896 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
02:09:51.0654 3896 stexstor - ok
02:09:51.0761 3896 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
02:09:51.0764 3896 storflt - ok
02:09:51.0810 3896 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
02:09:51.0827 3896 storvsc - ok
02:09:51.0872 3896 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
02:09:51.0874 3896 swenum - ok
02:09:51.0965 3896 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
02:09:51.0986 3896 SymEvent - ok
02:09:52.0087 3896 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
02:09:52.0088 3896 SYMREDRV - ok
02:09:52.0131 3896 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
02:09:52.0136 3896 SYMTDI - ok
02:09:52.0212 3896 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
02:09:52.0218 3896 SynTP - ok
02:09:52.0335 3896 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
02:09:52.0354 3896 SysPlant - ok
02:09:52.0475 3896 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
02:09:52.0530 3896 Tcpip - ok
02:09:52.0607 3896 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
02:09:52.0625 3896 TCPIP6 - ok
02:09:52.0726 3896 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
02:09:52.0727 3896 tcpipreg - ok
02:09:52.0791 3896 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
02:09:52.0808 3896 TDPIPE - ok
02:09:52.0857 3896 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
02:09:52.0873 3896 TDTCP - ok
02:09:52.0936 3896 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
02:09:52.0939 3896 tdx - ok
02:09:53.0039 3896 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
02:09:53.0041 3896 Teefer2 - ok
02:09:53.0098 3896 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
02:09:53.0100 3896 TermDD - ok
02:09:53.0206 3896 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:09:53.0222 3896 tssecsrv - ok
02:09:53.0292 3896 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
02:09:53.0312 3896 TsUsbFlt - ok
02:09:53.0421 3896 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
02:09:53.0425 3896 tunnel - ok
02:09:53.0476 3896 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
02:09:53.0497 3896 uagp35 - ok
02:09:53.0566 3896 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
02:09:53.0590 3896 udfs - ok
02:09:53.0674 3896 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
02:09:53.0692 3896 uliagpkx - ok
02:09:53.0790 3896 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
02:09:53.0791 3896 umbus - ok
02:09:53.0843 3896 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
02:09:53.0858 3896 UmPass - ok
02:09:53.0905 3896 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
02:09:53.0909 3896 usbccgp - ok
02:09:53.0962 3896 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
02:09:53.0980 3896 usbcir - ok
02:09:54.0021 3896 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
02:09:54.0024 3896 usbehci - ok
02:09:54.0116 3896 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
02:09:54.0123 3896 usbhub - ok
02:09:54.0179 3896 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
02:09:54.0196 3896 usbohci - ok
02:09:54.0258 3896 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:09:54.0274 3896 usbprint - ok
02:09:54.0325 3896 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:09:54.0343 3896 USBSTOR - ok
02:09:54.0403 3896 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:09:54.0405 3896 usbuhci - ok
02:09:54.0519 3896 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
02:09:54.0525 3896 usbvideo - ok
02:09:54.0567 3896 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
02:09:54.0569 3896 vdrvroot - ok
02:09:54.0633 3896 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:09:54.0651 3896 vga - ok
02:09:54.0693 3896 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:09:54.0694 3896 VgaSave - ok
02:09:54.0742 3896 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
02:09:54.0770 3896 vhdmp - ok
02:09:54.0863 3896 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
02:09:54.0882 3896 viaagp - ok
02:09:54.0930 3896 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
02:09:54.0947 3896 ViaC7 - ok
02:09:54.0980 3896 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
02:09:54.0997 3896 viaide - ok
02:09:55.0062 3896 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
02:09:55.0068 3896 vmbus - ok
02:09:55.0105 3896 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
02:09:55.0121 3896 VMBusHID - ok
02:09:55.0200 3896 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
02:09:55.0202 3896 volmgr - ok
02:09:55.0267 3896 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:09:55.0274 3896 volmgrx - ok
02:09:55.0336 3896 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
02:09:55.0340 3896 volsnap - ok
02:09:55.0394 3896 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
02:09:55.0417 3896 vsmraid - ok
02:09:55.0514 3896 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
02:09:55.0530 3896 vwifibus - ok
02:09:55.0584 3896 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
02:09:55.0600 3896 WacomPen - ok
02:09:55.0677 3896 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:09:55.0680 3896 WANARP - ok
02:09:55.0688 3896 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:09:55.0690 3896 Wanarpv6 - ok
02:09:55.0769 3896 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
02:09:55.0786 3896 Wd - ok
02:09:55.0894 3896 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:09:55.0928 3896 Wdf01000 - ok
02:09:56.0025 3896 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:09:56.0026 3896 WfpLwf - ok
02:09:56.0063 3896 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:09:56.0083 3896 WIMMount - ok
02:09:56.0248 3896 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
02:09:56.0249 3896 WmiAcpi - ok
02:09:56.0335 3896 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
02:09:56.0353 3896 WPS - ok
02:09:56.0414 3896 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
02:09:56.0437 3896 WpsHelper - ok
02:09:56.0476 3896 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:09:56.0491 3896 ws2ifsl - ok
02:09:56.0619 3896 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
02:09:56.0623 3896 WudfPf - ok
02:09:56.0663 3896 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:09:56.0683 3896 WUDFRd - ok
02:09:56.0742 3896 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:09:56.0793 3896 \Device\Harddisk0\DR0 - ok
02:09:56.0799 3896 Boot (0x1200) (af3187cdcaac54856bc12b93d30146d4) \Device\Harddisk0\DR0\Partition0
02:09:56.0803 3896 \Device\Harddisk0\DR0\Partition0 - ok
02:09:56.0804 3896 ============================================================
02:09:56.0804 3896 Scan finished
02:09:56.0804 3896 ============================================================
02:09:56.0831 2768 Detected object count: 0
02:09:56.0831 2768 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 03 March 2012 - 02:19 AM

Hello


that is one of two reports I asked for can you send me the aswMBR report



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 March 2012 - 02:36 AM

aswMBR log. While scanning, Symantec found some viruses.


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 02:11:35
-----------------------------
02:11:35.529 OS Version: Windows 6.1.7601 Service Pack 1
02:11:35.529 Number of processors: 2 586 0xF0D
02:11:35.534 ComputerName: WINPSU-NRK59047 UserName: rtm5101
02:11:38.286 Initialize success
02:12:08.107 AVAST engine defs: 12030201
02:12:54.996 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
02:12:55.003 Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 8909 Size: 238475MB BusType: 11
02:12:55.039 Disk 0 MBR read successfully
02:12:55.045 Disk 0 MBR scan
02:12:55.059 Disk 0 Windows 7 default MBR code
02:12:55.076 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
02:12:55.096 Disk 0 scanning sectors +488394752
02:12:55.171 Disk 0 scanning C:\Windows\system32\drivers
02:13:13.097 Service scanning
02:13:45.987 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
02:13:47.253 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
02:13:54.568 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
02:13:55.056 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
02:13:56.697 Modules scanning
02:14:09.785 Disk 0 trace - called modules:
02:14:09.819 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
02:14:09.834 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d98030]
02:14:09.849 3 CLASSPNP.SYS[8b00459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x858e9908]
02:14:11.907 AVAST engine scan C:\Windows
02:14:24.872 AVAST engine scan C:\Windows\system32
02:21:19.524 AVAST engine scan C:\Windows\system32\drivers
02:21:48.207 AVAST engine scan C:\Users\rtm5101
02:31:08.224 AVAST engine scan C:\ProgramData
02:33:07.648 Scan finished successfully
02:35:25.376 Disk 0 MBR has been saved successfully to "C:\Users\rtm5101\Desktop\MBR.dat"
02:35:25.402 The log file has been saved successfully to "C:\Users\rtm5101\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 03 March 2012 - 03:09 AM

Greetings

Send me the part of the report from Symantic that shows what it found

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 March 2012 - 03:45 AM

I couldn't find a way to copy/paste the things in the report from Symantec. There were 4 viruses, risk trojan.gen.2, 3 were infected and quarantined and one was "log only" that couldn't be fixed.

Combofix report:ComboFix 12-03-02.01 - rtm5101 03/03/2012 3:24.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1408 [GMT -5:00]
Running from: c:\users\rtm5101\Downloads\ComboFix.exe
Command switches used :: c:\users\rtm5101\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 08:31 . 2012-03-03 08:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 08:31 . 2012-03-03 08:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-02 05:39 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03511AD8-ED9B-4214-AC43-5C1602627824}\mpengine.dll
2012-03-01 16:27 . 2012-03-01 16:27 -------- d-----w- c:\users\rtm5101\AppData\Roaming\Malwarebytes
2012-03-01 16:26 . 2012-03-01 16:26 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 16:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 01:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 01:17 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 01:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 01:17 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2011-09-04 04:11 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-20 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\rtm5101\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-11 1343400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000Core.job
- c:\users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 18:13]
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000UA.job
- c:\users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 18:13]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000Core.job
- c:\users\rtm5101\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 18:14]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065987245-3427736278-1215212232-1000UA.job
- c:\users\rtm5101\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 18:14]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 146.186.163.66 128.118.141.32 128.118.25.3 130.203.1.4
FF - ProfilePath - c:\users\rtm5101\AppData\Roaming\Mozilla\Firefox\Profiles\qockbtna.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-03-03 03:39:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 08:39
ComboFix2.txt 2012-03-03 05:05
.
Pre-Run: 196,950,102,016 bytes free
Post-Run: 196,724,494,336 bytes free
.
- - End Of File - - EBF8DCE639725247CCFFB58E4030CCF7

#10 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 March 2012 - 04:00 AM

The "log only" thing on the symantec report just came from a failed attempt to clean the virus it found and doesn't actually seem to be a virus. My computer is still running fine, with no redirects or weird behavior since a few days ago.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 03 March 2012 - 05:06 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 March 2012 - 05:44 AM

Malwarebytes Log:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.03.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8080.16413
rtm5101 :: WINPSU-NRK59047 [administrator]

3/3/2012 5:37:46 AM
mbam-log-2012-03-03 (05-37-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189355
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:43:03 AM, on 3/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\rtm5101\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 4796 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 03 March 2012 - 02:30 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\rtm5101\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bertcollege

bertcollege
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 03 March 2012 - 05:00 PM

It was impossible to highlight or copy the results of the Eset scanner, but after 90 minutes and 89592 scanned files, no threats were found. I guess this means I'm good to go?

Which of these programs are worth keeping on my computer?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 03 March 2012 - 09:28 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users