Jump to content

Intrusions Detected and Communication gets Blocked

Dheena
 Share

Recommended Posts

Dheena

Dheena

Posted
Posted

Hello,

Whenever i open IE, within seconds - symantec detects intrusions and blocks the IE Traffic.

Also when i click on the Google search results, it automatically gets re-directedly to some un-known web-pages and within few second the Internet Traffic gets disconnected. I need to wait for 30mins or add the intrusion IP to symantec Exclude List to browse Internet. :P

I ran the Malwarebytes' Anti-Malware and Removed the infected files, but the issue still persists.

Please help to fix this issue. Thanks

******************************** Malwarebytes' Anti-Malware 1.46 ***************************

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4236

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

6/24/2010 10:00:48 PM

mbam-log-2010-06-24 (22-00-48).txt

Scan type: Quick scan

Objects scanned: 148657

Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

******************************************************************************

***************************** DDS.txt ******************************************

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 22:49:22.87 on Thu 06/24/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1789.809 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance

c:\Program Files\Fingerprint Sensor\AtService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\WINDOWS\system32\mnmsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [PC Suite Tray] "n:\nokia 5800\programfiles\nokia pc suite 7\PCSuite.exe" -onlytray

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRunOnce: [!CleanupNetMeetingDispDriver] "c:\windows\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: iLO Remote Console Applet - hxxps://nodb1avsp01r/dvc.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab

DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://ausb3rmwp01/arsys/apps/shared

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} - hxxp://netmon/SWToolset.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hp.webex.com/client/T26L/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ackpbsc - c:\windows\system32\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll

AppInit_DLLs: c:\windows\system32\APSHook.dll APSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Notification Packages = scecli ASWLNPkg

============= SERVICES / DRIVERS ===============

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-6-21 174600]

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2008-6-21 15416]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-5-30 108752]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]

R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2008-5-28 337280]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2008-5-28 54656]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-15 1176824]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2008-6-24 191848]

R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2008-6-24 202088]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2008-6-24 169320]

R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2008-9-30 1956792]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-21 193840]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100624.002\naveng.sys [2010-6-24 85552]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100624.002\navex15.sys [2010-6-24 1347504]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520]

S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2008-9-30 116664]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S4 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]

=============== Created Last 30 ================

2010-06-25 03:41:49 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-06-25 02:46:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-25 02:46:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-25 02:46:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-25 02:46:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-06 10:52:55 58 ----a-w- c:\windows\Audiocut.ini

2010-06-06 10:49:57 5 ----a-w- c:\windows\system32\SySCut.dat

2010-06-06 10:49:41 3082 ----a-w- c:\windows\system32\affv11300p2now.sys

2010-05-27 01:18:08 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-05-27 01:17:57 0 d-----w- c:\program files\PC Connectivity Solution

2010-05-27 01:17:13 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2010-05-27 01:17:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2010-05-27 01:17:10 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2010-05-27 01:17:08 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll

2010-05-27 01:17:08 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2010-05-27 01:17:08 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

==================== Find3M ====================

2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:51:20 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-16 11:43:25 634656 ------w- c:\windows\system32\dllcache\iexplore.exe

2010-04-16 11:43:23 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2010-04-06 09:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll

============= FINISH: 22:50:49.28 ===============

ark.zip

Link to post
Share on other sites
Dheena

Dheena

Posted
  • Author
Posted
Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Hey,

I ran the combofix twice, first time it kept running for 4.5 hours, which i had to close abruptly. Re-booted the Machine and ran again for 7 hours, this time also it kept running and has to close it. Both the instances, the firewall (All symantec services) were disabled and the combofix was stuck in the page that shows "Scanning for infected Files ..., Typically doesn't take more than 10 mins ." . ;)

Do we have any other options, Am i on the right path ? :)

-Dheena

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi Dheena,

Delete your copy of ComboFix, grab a fresh copy, and save it to your Desktop; do not run it yet.

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\ComboFix.exe" /killall

See if it runs normally now; stop it if it has gotten stuck for over half an hour.

Link to post
Share on other sites
Dheena

Dheena

Posted
  • Author
Posted
Hi Dheena,

Delete your copy of ComboFix, grab a fresh copy, and save it to your Desktop; do not run it yet.

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\ComboFix.exe" /killall

See if it runs normally now; stop it if it has gotten stuck for over half an hour.

Hi Chris,

As suggested, i performed the mentioned steps. But again, the combofix stays up at the page - "Scanning for infected Files". It stays there for more than 30 mins and i had to do a hard re-boot.

do we have any other option available here?

Thanks

Dheena

Link to post
Share on other sites
Dheena

Dheena

Posted
  • Author
Posted
One more thing I'd like to try before moving on.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Run ComboFix from there. If no joy, let me know and we'll attempt alternate avenues.

Hi Chris,

This time it worked. I ran the combofix in the SafeMode :)

Please find the Combofix log in the attachment.

Also, here are the New DDS Logs.

********************************************* DDS **************************************************************

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 20:55:16.50 on Fri 07/02/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1789.857 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance

c:\Program Files\Fingerprint Sensor\AtService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\mqtgsvc.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: iLO Remote Console Applet - hxxps://nodb1avsp01r/dvc.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab

DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://ausb3rmwp01/arsys/apps/shared

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} - hxxp://netmon/SWToolset.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hp.webex.com/client/T26L/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ackpbsc - c:\windows\system32\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll

AppInit_DLLs: APSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

============= FINISH: 20:56:41.56 ===============

********************************************************************************

******************************

*********************************************** Attach ********************************************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/1/2009 1:31:00 PM

System Uptime: 7/2/2010 8:48:47 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30E3

Processor: AMD AthlonX2 DualCore QL-60 | Unknown | 1900/200mhz

Processor: AMD AthlonX2 DualCore QL-60 | Unknown | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 48 GiB total, 20.933 GiB free.

D: is FIXED (NTFS) - 50 GiB total, 32.865 GiB free.

E: is CDROM ()

M: is FIXED (NTFS) - 25 GiB total, 17.051 GiB free.

N: is FIXED (NTFS) - 26 GiB total, 15.397 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\1122335555667799

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\1122335555667799

Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: 5800 XpressMusic

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: 5800 XpressMusic

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

==== System Restore Points ===================

RP239: 4/27/2010 9:41:01 PM - Installed PrimalScript 2009

RP240: 4/29/2010 11:20:31 AM - System Checkpoint

RP241: 4/30/2010 11:30:47 AM - System Checkpoint

RP242: 5/2/2010 5:54:10 AM - System Checkpoint

RP243: 5/3/2010 10:46:08 AM - System Checkpoint

RP244: 5/4/2010 11:26:55 AM - System Checkpoint

RP245: 5/4/2010 10:23:07 PM - Installed WMI Tools

RP246: 5/6/2010 8:58:15 AM - System Checkpoint

RP247: 5/7/2010 9:15:00 AM - System Checkpoint

RP248: 5/9/2010 6:09:00 AM - System Checkpoint

RP249: 5/10/2010 10:17:25 AM - System Checkpoint

RP250: 5/11/2010 11:17:41 AM - System Checkpoint

RP251: 5/12/2010 11:47:44 AM - System Checkpoint

RP252: 5/13/2010 11:53:11 AM - System Checkpoint

RP253: 5/15/2010 5:44:00 AM - System Checkpoint

RP254: 5/15/2010 10:16:24 AM - Software Distribution Service 3.0

RP255: 5/17/2010 11:28:07 AM - System Checkpoint

RP256: 5/18/2010 12:40:12 PM - System Checkpoint

RP257: 5/19/2010 8:52:25 PM - System Checkpoint

RP258: 5/19/2010 9:07:16 PM - Installed ActivePerl 5.10.1 Build 1007

RP259: 5/21/2010 10:55:49 AM - System Checkpoint

RP260: 5/24/2010 11:35:20 AM - System Checkpoint

RP261: 5/25/2010 1:04:33 PM - System Checkpoint

RP262: 5/26/2010 1:17:24 PM - System Checkpoint

RP263: 5/26/2010 8:15:24 PM - Removed Nokia Software Updater.

RP264: 5/26/2010 8:16:33 PM - Removed Nokia Connectivity Cable Driver

RP265: 5/26/2010 8:17:36 PM - Removed PC Connectivity Solution

RP266: 5/26/2010 10:15:59 PM - Software Distribution Service 3.0

RP267: 5/28/2010 11:23:18 AM - System Checkpoint

RP268: 5/29/2010 11:57:41 AM - System Checkpoint

RP269: 5/31/2010 8:31:08 AM - System Checkpoint

RP270: 6/1/2010 11:34:31 AM - System Checkpoint

RP271: 6/2/2010 11:40:53 AM - System Checkpoint

RP272: 6/3/2010 1:28:35 PM - System Checkpoint

RP273: 6/5/2010 3:43:01 PM - System Checkpoint

RP274: 6/9/2010 11:22:30 AM - System Checkpoint

RP275: 6/10/2010 11:30:09 AM - System Checkpoint

RP276: 6/11/2010 12:11:59 PM - System Checkpoint

RP277: 6/14/2010 11:46:27 AM - System Checkpoint

RP278: 6/14/2010 1:17:28 PM - Installed Adobe Flash Player 10 ActiveX.

RP279: 6/15/2010 3:51:47 PM - System Checkpoint

RP280: 6/17/2010 12:00:59 PM - System Checkpoint

RP281: 6/18/2010 12:05:20 PM - System Checkpoint

RP282: 6/21/2010 11:57:55 AM - System Checkpoint

RP283: 6/21/2010 9:44:54 PM - Software Distribution Service 3.0

RP284: 6/22/2010 9:45:47 PM - Software Distribution Service 3.0

RP285: 6/24/2010 11:30:10 AM - System Checkpoint

RP286: 6/25/2010 9:45:10 AM - Installed Windows 7 Upgrade Advisor

RP287: 6/28/2010 9:48:19 AM - System Checkpoint

RP288: 6/29/2010 10:40:37 AM - System Checkpoint

RP289: 6/30/2010 12:14:24 PM - System Checkpoint

RP290: 7/1/2010 12:37:35 PM - System Checkpoint

RP291: 7/2/2010 3:58:37 PM - System Checkpoint

==== Installed Programs ======================

==== Event Viewer Messages From Past Week ========

==== End Of File ===========================

********************************************************************************

**************************

ComboFix.zip

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\SySCut.dat

c:\windows\system32\affv11300p2now.sys

Post the results in your reply.

Link to post
Share on other sites
Dheena

Dheena

Posted
  • Author
Posted
Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\SySCut.dat

c:\windows\system32\affv11300p2now.sys

Post the results in your reply.

Chris,

Please find the necessary Logs :

************************************************ TDSSKiller ********************************************************

20:41:35:093 2444 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

20:41:35:109 2444 ================================================================================

20:41:35:109 2444 SystemInfo:

20:41:35:109 2444 OS Version: 5.1.2600 ServicePack: 2.0

20:41:35:109 2444 Product type: Workstation

20:41:35:109 2444 ComputerName: CHNLDSELLAGO

20:41:35:109 2444 UserName: Administrator

20:41:35:109 2444 Windows directory: C:\WINDOWS

20:41:35:109 2444 System windows directory: C:\WINDOWS

20:41:35:109 2444 Processor architecture: Intel x86

20:41:35:109 2444 Number of processors: 2

20:41:35:109 2444 Page size: 0x1000

20:41:35:109 2444 Boot type: Normal boot

20:41:35:109 2444 ================================================================================

20:41:35:609 2444 Initialize success

20:41:35:609 2444

20:41:35:609 2444 Scanning Services ...

20:41:36:046 2444 Raw services enum returned 411 services

20:41:36:046 2444

20:41:36:062 2444 Scanning Drivers ...

20:41:36:781 2444 Accelerometer (a0baabb7d3549460e3f8c5ad6f778683) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys

20:41:36:843 2444 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:41:36:859 2444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

20:41:36:921 2444 ADIHdAudAddService (ff60db2aca88543c025eacba25cee5c1) C:\WINDOWS\system32\drivers\ADIHdAud.sys

20:41:36:953 2444 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys

20:41:37:000 2444 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

20:41:37:046 2444 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

20:41:37:109 2444 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

20:41:37:187 2444 ahcix86 (15da079ff09be5fa6602041ee286de80) C:\WINDOWS\system32\DRIVERS\ahcix86.sys

20:41:37:218 2444 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

20:41:37:265 2444 Amddfltr (c26488bfb5278b3d357f99d3bbc790c9) C:\WINDOWS\system32\DRIVERS\Amddfltr.sys

20:41:37:312 2444 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

20:41:37:359 2444 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:41:37:500 2444 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:41:37:546 2444 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:41:37:656 2444 ati2mtag (bc1030fa3b251b3915d6076018586f92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

20:41:37:812 2444 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:41:37:875 2444 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys

20:41:37:937 2444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:41:37:968 2444 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

20:41:38:015 2444 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

20:41:38:078 2444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:41:38:125 2444 btaudio (5bcf6090b825def29065bdbd59691dbe) C:\WINDOWS\system32\drivers\btaudio.sys

20:41:38:250 2444 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys

20:41:38:343 2444 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

20:41:38:406 2444 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys

20:41:38:453 2444 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys

20:41:38:500 2444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:41:38:546 2444 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:41:38:656 2444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:41:38:703 2444 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

20:41:38:765 2444 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:41:38:796 2444 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:41:38:859 2444 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:41:38:906 2444 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

20:41:38:953 2444 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

20:41:39:015 2444 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

20:41:39:078 2444 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

20:41:39:156 2444 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

20:41:39:203 2444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:41:39:312 2444 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

20:41:39:390 2444 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys

20:41:39:437 2444 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

20:41:39:531 2444 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

20:41:39:593 2444 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:41:39:640 2444 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

20:41:39:765 2444 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

20:41:39:812 2444 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

20:41:39:843 2444 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:41:39:890 2444 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

20:41:39:937 2444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:41:39:968 2444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:41:40:000 2444 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:41:40:062 2444 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

20:41:40:093 2444 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:41:40:171 2444 hpdskflt (9f620e11b80b74f4dab50a81a5df357f) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys

20:41:40:406 2444 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys

20:41:40:500 2444 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

20:41:40:562 2444 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:41:40:593 2444 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

20:41:40:656 2444 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:41:40:687 2444 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:41:40:734 2444 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

20:41:40:843 2444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:41:40:890 2444 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:41:40:921 2444 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:41:40:984 2444 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:41:41:015 2444 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:41:41:062 2444 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:41:41:093 2444 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:41:41:140 2444 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:41:41:187 2444 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys

20:41:41:218 2444 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

20:41:41:265 2444 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

20:41:41:312 2444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:41:41:343 2444 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

20:41:41:406 2444 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:41:41:421 2444 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

20:41:41:468 2444 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys

20:41:41:578 2444 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:41:41:625 2444 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:41:41:687 2444 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

20:41:41:718 2444 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:41:41:750 2444 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:41:41:781 2444 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

20:41:41:812 2444 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:41:41:859 2444 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

20:41:41:875 2444 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

20:41:41:906 2444 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:41:42:015 2444 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100703.003\naveng.sys

20:41:42:062 2444 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100703.003\navex15.sys

20:41:42:187 2444 NDIS (aa898f84d2b59129fb92e143a2c73434) C:\WINDOWS\system32\drivers\NDIS.sys

20:41:42:234 2444 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:41:42:281 2444 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:41:42:328 2444 Ndisuio (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:41:42:343 2444 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:41:42:375 2444 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

20:41:42:421 2444 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:41:42:468 2444 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:41:42:500 2444 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:41:42:546 2444 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys

20:41:42:562 2444 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys

20:41:42:593 2444 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

20:41:42:625 2444 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

20:41:42:718 2444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:41:42:765 2444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:41:42:796 2444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:41:42:812 2444 ohci1394 (197ddf60b254a84d8656850397b5f923) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:41:42:859 2444 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

20:41:42:875 2444 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

20:41:42:906 2444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:41:42:953 2444 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

20:41:42:968 2444 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

20:41:43:000 2444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:41:43:031 2444 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:41:43:093 2444 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:41:43:156 2444 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

20:41:43:171 2444 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

20:41:43:203 2444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:41:43:265 2444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:41:43:296 2444 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

20:41:43:328 2444 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:41:43:406 2444 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:41:43:437 2444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:41:43:468 2444 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:41:43:500 2444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:41:43:515 2444 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:41:43:562 2444 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

20:41:43:609 2444 redbook (7babb669731fc537e50d707a6d16e848) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:41:43:656 2444 RMCAST (d18208ed6c768663b08c972eaa7a8b60) C:\WINDOWS\system32\drivers\RMCast.sys

20:41:43:687 2444 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

20:41:43:703 2444 RsvLock (07b7213ba5d87f19bc9f1dd3dd2619f2) C:\WINDOWS\system32\drivers\RsvLock.sys

20:41:43:734 2444 SafeBoot (fbd8bfd3faf7691f1f1053270af176d6) C:\WINDOWS\system32\drivers\SafeBoot.sys

20:41:43:734 2444 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: fbd8bfd3faf7691f1f1053270af176d6

20:41:43:796 2444 SAVRT (2861c841b03def48402e63277d9cac22) C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys

20:41:43:859 2444 SAVRTPEL (54484c13e4d9b268c66d59e9ccb570e6) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys

20:41:43:937 2444 SbAlg (7852168088eb0022a37d0217788ab639) C:\WINDOWS\system32\drivers\SbAlg.sys

20:41:44:000 2444 SbFsLock (f80c0ce3d911b35d6ffe0bd8af608ce6) C:\WINDOWS\system32\drivers\SbFsLock.sys

20:41:44:062 2444 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:41:44:125 2444 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:41:44:140 2444 Serial (d4c04ddc151290e749eb83c3d123fdb2) C:\WINDOWS\system32\DRIVERS\serial.sys

20:41:44:140 2444 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: d4c04ddc151290e749eb83c3d123fdb2, Fake md5: cd9404d115a00d249f70a371b46d5a26

20:41:44:140 2444 File "C:\WINDOWS\system32\DRIVERS\serial.sys" infected by TDSS rootkit ... 20:41:46:171 2444 Backup copy found, using it..

20:41:46:203 2444 will be cured on next reboot

20:41:46:359 2444 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys

20:41:46:406 2444 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:41:46:468 2444 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:41:46:500 2444 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

20:41:46:578 2444 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

20:41:46:687 2444 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

20:41:46:828 2444 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

20:41:46:843 2444 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

20:41:46:890 2444 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

20:41:46:937 2444 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:41:46:968 2444 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:41:47:000 2444 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

20:41:47:046 2444 SYMDNS (a2aded37cee0dbe61eb63b9a71717b96) C:\WINDOWS\System32\Drivers\SYMDNS.SYS

20:41:47:093 2444 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

20:41:47:140 2444 SYMFW (e831a68aaab821800ea60271472701c6) C:\WINDOWS\System32\Drivers\SYMFW.SYS

20:41:47:203 2444 SYMIDS (49a3583f21f6e76ae31da745fab77563) C:\WINDOWS\System32\Drivers\SYMIDS.SYS

20:41:47:343 2444 SYMIDSCO (14316306984f8ae6b6090b29a5f097b6) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20100630.002\symidsco.sys

20:41:47:484 2444 SYMNDIS (2b7224f4ad9c9b8c6025af8934130652) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS

20:41:47:531 2444 SYMREDRV (5f9055055dc4900f74fb690b61448be4) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

20:41:47:578 2444 SYMTDI (5561a9d2d1b6529a95cbbffaed7791c1) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

20:41:47:656 2444 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys

20:41:47:718 2444 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

20:41:47:781 2444 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:41:47:828 2444 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:41:47:875 2444 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

20:41:47:984 2444 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:41:48:031 2444 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

20:41:48:093 2444 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

20:41:48:156 2444 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

20:41:48:218 2444 usbehci (4ffaea1bd071a72dfb76519f5b1da956) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:41:48:265 2444 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:41:48:296 2444 usbohci (cf6a92832cefec2118d5913816acbf44) C:\WINDOWS\system32\DRIVERS\usbohci.sys

20:41:48:359 2444 usbser (6c0d0803102808d528ab9d38747c6f73) C:\WINDOWS\system32\drivers\usbser.sys

20:41:48:406 2444 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

20:41:48:437 2444 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:41:48:500 2444 usbuhci (1590742573fcafdd9c837478eb1846a4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:41:48:531 2444 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

20:41:48:562 2444 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

20:41:48:656 2444 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

20:41:48:750 2444 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

20:41:48:859 2444 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:41:48:937 2444 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

20:41:49:078 2444 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

20:41:49:140 2444 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

20:41:49:187 2444 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

20:41:49:234 2444 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:41:49:281 2444 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:41:49:343 2444 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:41:49:375 2444 Reboot required for cure complete..

20:41:49:750 2444 Cure on reboot scheduled successfully

20:41:49:750 2444

20:41:49:750 2444 Completed

20:41:49:750 2444

20:41:49:750 2444 Results:

20:41:49:750 2444 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

20:41:49:750 2444 File objects infected / cured / cured on reboot: 1 / 0 / 1

20:41:49:750 2444

20:41:49:765 2444 KLMD(ARK) unloaded successfully

********************************************************************************

**************************************

**************************************************** SYScut ***********************************************************

File SySCut.dat received on 2010.07.03 15:32:58 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: ___.

Estimated start time is between ___ and ___ .

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

a-squared 5.0.0.31 2010.07.03 -

AhnLab-V3 2010.07.03.00 2010.07.03 -

AntiVir 8.2.4.2 2010.07.02 -

Antiy-AVL 2.0.3.7 2010.07.02 -

Authentium 5.2.0.5 2010.07.03 -

Avast 4.8.1351.0 2010.07.03 -

Avast5 5.0.332.0 2010.07.03 -

AVG 9.0.0.836 2010.07.03 -

BitDefender 7.2 2010.07.03 -

CAT-QuickHeal 11.00 2010.06.30 -

ClamAV 0.96.0.3-git 2010.07.03 -

Comodo 5302 2010.07.03 -

DrWeb 5.0.2.03300 2010.07.03 -

eSafe 7.0.17.0 2010.06.30 -

eTrust-Vet 36.1.7684 2010.07.03 -

F-Prot 4.6.1.107 2010.07.02 -

F-Secure 9.0.15370.0 2010.07.03 -

Fortinet 4.1.133.0 2010.07.03 -

GData 21 2010.07.03 -

Ikarus T3.1.1.84.0 2010.07.03 -

Jiangmin 13.0.900 2010.07.03 -

Kaspersky 7.0.0.125 2010.07.03 -

McAfee 5.400.0.1158 2010.07.03 -

McAfee-GW-Edition 2010.1 2010.07.02 -

Microsoft 1.5902 2010.07.03 -

NOD32 5248 2010.07.03 -

Norman 6.05.10 2010.07.03 -

nProtect 2010-07-03.02 2010.07.03 -

Panda 10.0.2.7 2010.07.03 -

Prevx 3.0 2010.07.03 -

Rising 22.54.04.04 2010.07.02 -

Sophos 4.54.0 2010.07.03 -

Sunbelt 6540 2010.07.03 -

Symantec 20101.1.0.89 2010.07.03 -

TheHacker 6.5.2.1.307 2010.07.01 -

TrendMicro 9.120.0.1004 2010.07.03 -

TrendMicro-HouseCall 9.120.0.1004 2010.07.03 -

VBA32 3.12.12.5 2010.07.02 -

ViRobot 2010.7.3.3920 2010.07.03 -

VirusBuster 5.0.27.0 2010.07.02 -

Additional information

File size: 5 bytes

MD5...: 2cdcbccac92b353969bb2e447ce47fef

SHA1..: a5836d8a2228bb61a297c32ab3150d31efcd83b8

SHA256: b45482224b439a3d548c65378929b7dcc16a42288530b7b20d5c8103cc879d10

ssdeep: 3:T:T

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

********************************************************************************

**********************************

********************************************************* affv11300p2now *******************************************

File affv11300p2now.sys received on 2010.07.03 15:57:58 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/41 (0%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 40 and 57 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

a-squared 5.0.0.31 2010.07.03 -

AhnLab-V3 2010.07.03.00 2010.07.03 -

AntiVir 8.2.4.2 2010.07.02 -

Antiy-AVL 2.0.3.7 2010.07.02 -

Authentium 5.2.0.5 2010.07.03 -

Avast 4.8.1351.0 2010.07.03 -

Avast5 5.0.332.0 2010.07.03 -

AVG 9.0.0.836 2010.07.03 -

BitDefender 7.2 2010.07.03 -

CAT-QuickHeal 11.00 2010.06.30 -

ClamAV 0.96.0.3-git 2010.07.03 -

Comodo 5303 2010.07.03 -

DrWeb 5.0.2.03300 2010.07.03 -

eSafe 7.0.17.0 2010.06.30 -

eTrust-Vet 36.1.7684 2010.07.03 -

F-Prot 4.6.1.107 2010.07.02 -

F-Secure 9.0.15370.0 2010.07.03 -

Fortinet 4.1.133.0 2010.07.03 -

GData 21 2010.07.03 -

Ikarus T3.1.1.84.0 2010.07.03 -

Jiangmin 13.0.900 2010.07.03 -

Kaspersky 7.0.0.125 2010.07.03 -

McAfee 5.400.0.1158 2010.07.03 -

McAfee-GW-Edition 2010.1 2010.07.02 -

Microsoft 1.5902 2010.07.03 -

NOD32 5248 2010.07.03 -

Norman 6.05.10 2010.07.03 -

nProtect 2010-07-03.02 2010.07.03 -

Panda 10.0.2.7 2010.07.03 -

PCTools 7.0.3.5 2010.07.02 -

Prevx 3.0 2010.07.03 -

Rising 22.54.04.04 2010.07.02 -

Sophos 4.54.0 2010.07.03 -

Sunbelt 6540 2010.07.03 -

Symantec 20101.1.0.89 2010.07.03 -

TheHacker 6.5.2.1.307 2010.07.01 -

TrendMicro 9.120.0.1004 2010.07.03 -

TrendMicro-HouseCall 9.120.0.1004 2010.07.03 -

VBA32 3.12.12.5 2010.07.02 -

ViRobot 2010.7.3.3920 2010.07.03 -

VirusBuster 5.0.27.0 2010.07.02 -

Additional information

File size: 3082 bytes

MD5...: cfd258adfebca0daa581f5dcddeb8dfa

SHA1..: 5aa5dd557d0ea0fc83d2866db4927c2d908f1679

SHA256: 21760a8f682dab6088bc6b221f4308c02f6f280665b379a7da112c2f646deb1c

ssdeep: 3:g/llN1KJS4QiLd9ETMCOEx+DJWAXK:gCc4QiZErx+FWy

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

trid..: OpenGL object (32.1%)

Lotus 123 Worksheet (generic) (16.1%)

Game Music Creator Music (9.0%)

MacBinary 1 header (8.2%)

Targa bitmap (Original TGA Format - No Image ID) (8.0%)

pdfid.: -

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

********************************************************************************

*************************************

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites
Dheena

Dheena

Posted
  • Author
Posted
Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Hi,

Please find the Logs.

***************************************** F-Secure Online Scanner *******************************************

Scanning Report

Monday, July 5, 2010 18:55:23 - 19:44:12

Computer name: CHNLDSELLAGO

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\ M:\ N:\

--------------------------------------------------------------------------------

11 malware found

TrackingCookie.Advertising (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Adtech (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Adbrite (spyware)

System (Disinfected)

TrackingCookie.Xiti (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

TrackingCookie.Mediaplex (spyware)

System (Disinfected)

TrackingCookie.Statcounter (spyware)

System (Disinfected)

TrackingCookie.Atwola (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 81152

System: 4552

Not scanned: 14

Actions:

Disinfected: 11

Renamed: 0

Deleted: 0

Not cleaned: 0

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\511A0F3F9E960FA97DE3D0B74ADFC574_F283576E-0471-42CE-8B95-169D98FB607B

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\949C6AE5506478ADE87D7537B287FACC_F283576E-0471-42CE-8B95-169D98FB607B

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\5400

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMINISTRATOR\2792

C:\7392FFF5775CCEBFB79731D6\UPDATE\UPDATE.EXE

C:\7392FFF5775CCEBFB79731D6\UPDATE\UPDSPAPI.DLL

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

********************************************************************************

***********************************

*******************************************************Checkup.txt ***************************************************

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HP Operations for UNIX Java Console

Java 6 Update 18

Java 2 Runtime Environment, SE v1.4.2_09

HP JavaCard for HP ProtectTools

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.1

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Symantec Client Security Symantec AntiVirus DefWatch.exe

Symantec Client Security Symantec AntiVirus Rtvscan.exe

ADMINI~1 LOCALS~1 Temp OnlineScanner\Anti-Virus\fsgk32.exe

ADMINI~1 LOCALS~1 Temp OnlineScanner\Anti-Virus\fssm32.exe

Symantec Client Security Symantec Client Firewall ISSVC.exe

Symantec Client Security Symantec Client Firewall SymSPort.exe

ADMINI~1 LOCALS~1 Temp fsonlinescanner.exe

````````````````````````````````

DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

********************************************************************************

***************************

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites
Dheena

Dheena

Posted
  • Author
Posted
Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi Dheena,

Glad to hear it.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.