Jump to content

malwarebytes didn't detect my google virus


Recommended Posts

I tried using Malwarebytes for removal of my "google" virus but unsuccessfully. When I try googling anything, the page gets redirected to some type of ad.

DDS:

S (Ver_10-10-10.03) - NTFSx86

Run by Zanna at 6:42:55.00 on Tue 10/19/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.354 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Documents and Settings\Zanna\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\FinePixViewerS\QuickDCF2.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Documents and Settings\Zanna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Zanna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Zanna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Zanna\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Zanna\My Documents\Downloads\Defogger.exe

C:\Documents and Settings\Zanna\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uSearch Bar =

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\zanna\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malbites\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: umn.edu\www1.webvista

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

IFEO: image file execution options - svchost.exe

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-26 102448]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\naveng.sys [2010-10-18 86064]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\navex15.sys [2010-10-18 1371184]

R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-26 822424]

RUnknown szkg5;szkg5; [x]

RUnknown szkgfs;szkgfs; [x]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

UnknownUnknown is3srv;is3srv; [x]

=============== Created Last 30 ================

2010-10-19 01:52:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard

2010-10-19 01:51:34 -------- d-----w- c:\program files\common files\iS3

2010-10-19 01:51:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-10-18 03:16:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 03:16:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 03:16:18 -------- d-----w- c:\program files\malbites

2010-10-12 23:42:43 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-12 23:42:43 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-12 23:42:43 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-12 23:42:05 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-10 10:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-08-10 10:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 6:43:32.35 ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4877

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

10/19/2010 12:00:30 AM

mbam-log-2010-10-19 (00-00-30).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 216123

Time elapsed: 1 hour(s), 8 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you anyone for your help!

ark.zip

Attach.zip

Link to post
Share on other sites

:)

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Download TDSSKiller and save it to your Desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
  • Reboot your machine and see if the infection is gone
  • Please post the contents of that log TDSSKiller and GooredFix log.

Please use Copy/Paste to post the logs, DO NOT attach them

Link to post
Share on other sites

Thank you for your help. By the way, I use google chrome as my browser - I am not sure if it is a relevant information.

Log from GooredFix:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 08:55 on 19/10/2010 (Zanna)

Firefox version [unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [04:13 08/11/2007]

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [15:50 15/03/2010]

C:\Documents and Settings\Zanna\Application Data\Mozilla\Firefox\Profiles\dh6bary7.default\extensions\

moveplayer@movenetworks.com [07:23 14/06/2008]

{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [04:02 13/05/2010]

{20a82645-c095-46ed-80e3-08825760534b} [02:24 08/09/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:49 09/08/2009]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:50 15/03/2010]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [21:06 28/03/2010]

---------- Old Logs ----------

GooredFix[13.48.56_19-10-2010].txt

-=E.O.F=-

TDSKiller scan did not find anything, its log:

2010/10/19 08:51:56.0468 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/19 08:51:56.0468 ================================================================================

2010/10/19 08:51:56.0468 SystemInfo:

2010/10/19 08:51:56.0468

2010/10/19 08:51:56.0468 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/19 08:51:56.0468 Product type: Workstation

2010/10/19 08:51:56.0468 ComputerName: A

2010/10/19 08:51:56.0468 UserName: Zanna

2010/10/19 08:51:56.0468 Windows directory: C:\WINDOWS

2010/10/19 08:51:56.0468 System windows directory: C:\WINDOWS

2010/10/19 08:51:56.0468 Processor architecture: Intel x86

2010/10/19 08:51:56.0468 Number of processors: 2

2010/10/19 08:51:56.0468 Page size: 0x1000

2010/10/19 08:51:56.0468 Boot type: Normal boot

2010/10/19 08:51:56.0468 ================================================================================

2010/10/19 08:51:56.0859 Initialize success

2010/10/19 08:52:01.0343 ================================================================================

2010/10/19 08:52:01.0343 Scan started

2010/10/19 08:52:01.0343 Mode: Manual;

2010/10/19 08:52:01.0343 ================================================================================

2010/10/19 08:52:03.0390 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/19 08:52:03.0484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/19 08:52:03.0500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/19 08:52:03.0609 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/19 08:52:03.0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/19 08:52:03.0703 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/19 08:52:03.0765 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/19 08:52:03.0796 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/19 08:52:03.0828 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/19 08:52:03.0890 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/19 08:52:03.0921 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/19 08:52:03.0968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/19 08:52:04.0015 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/19 08:52:04.0046 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/19 08:52:04.0078 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/19 08:52:04.0140 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2010/10/19 08:52:04.0187 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/19 08:52:04.0234 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/19 08:52:04.0265 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/19 08:52:04.0343 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/19 08:52:04.0406 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/19 08:52:04.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/19 08:52:04.0515 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/19 08:52:04.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/19 08:52:04.0562 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2010/10/19 08:52:04.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/19 08:52:04.0656 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/19 08:52:04.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/19 08:52:04.0718 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/19 08:52:04.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/19 08:52:04.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/19 08:52:04.0843 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/19 08:52:04.0906 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/19 08:52:04.0937 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/19 08:52:04.0984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/19 08:52:05.0046 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/19 08:52:05.0109 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2010/10/19 08:52:05.0140 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/19 08:52:05.0187 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/19 08:52:05.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/19 08:52:05.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/19 08:52:05.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/19 08:52:05.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/19 08:52:05.0453 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/19 08:52:05.0515 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/19 08:52:05.0546 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/19 08:52:05.0609 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/10/19 08:52:05.0750 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/10/19 08:52:05.0796 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/10/19 08:52:05.0890 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/19 08:52:05.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/19 08:52:06.0015 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/19 08:52:06.0062 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/19 08:52:06.0109 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/19 08:52:06.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/19 08:52:06.0203 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/19 08:52:06.0250 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/19 08:52:06.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/19 08:52:06.0296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/19 08:52:06.0343 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/19 08:52:06.0390 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/19 08:52:06.0437 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/10/19 08:52:06.0468 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/10/19 08:52:06.0500 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/10/19 08:52:06.0593 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2010/10/19 08:52:06.0703 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2010/10/19 08:52:06.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/19 08:52:06.0828 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/19 08:52:06.0859 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/19 08:52:06.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/19 08:52:06.0984 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/10/19 08:52:07.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/19 08:52:07.0171 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/19 08:52:07.0203 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/19 08:52:07.0250 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/19 08:52:07.0296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/19 08:52:07.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/19 08:52:07.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/19 08:52:08.0031 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/19 08:52:08.0093 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/19 08:52:08.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/19 08:52:08.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/19 08:52:08.0218 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/19 08:52:08.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/19 08:52:08.0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/19 08:52:08.0406 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/19 08:52:08.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/19 08:52:08.0500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/19 08:52:08.0531 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/19 08:52:08.0562 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/19 08:52:08.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/19 08:52:08.0656 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/19 08:52:08.0687 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/19 08:52:08.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/19 08:52:08.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/19 08:52:08.0875 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/19 08:52:08.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/19 08:52:08.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/19 08:52:09.0000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/19 08:52:09.0031 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/19 08:52:09.0234 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\naveng.sys

2010/10/19 08:52:09.0468 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\navex15.sys

2010/10/19 08:52:09.0843 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/19 08:52:09.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/19 08:52:09.0953 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/19 08:52:09.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/19 08:52:10.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/19 08:52:10.0031 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/19 08:52:10.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/19 08:52:10.0203 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

2010/10/19 08:52:10.0406 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2010/10/19 08:52:10.0718 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

2010/10/19 08:52:11.0203 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/19 08:52:11.0234 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/19 08:52:11.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/19 08:52:11.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/19 08:52:11.0515 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/19 08:52:11.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/19 08:52:11.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/19 08:52:11.0750 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/19 08:52:11.0796 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/10/19 08:52:11.0906 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/19 08:52:11.0937 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/19 08:52:11.0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/19 08:52:12.0031 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/19 08:52:12.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/19 08:52:12.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/19 08:52:12.0281 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/19 08:52:12.0312 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/19 08:52:12.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/19 08:52:12.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/19 08:52:12.0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/19 08:52:12.0531 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/19 08:52:12.0562 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/19 08:52:12.0593 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/19 08:52:12.0609 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/19 08:52:12.0640 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/19 08:52:12.0671 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/19 08:52:12.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/19 08:52:12.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/19 08:52:12.0781 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/19 08:52:12.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/19 08:52:12.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/19 08:52:12.0890 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/19 08:52:12.0937 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/19 08:52:12.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/19 08:52:13.0031 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/19 08:52:13.0078 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/10/19 08:52:13.0093 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2010/10/19 08:52:13.0156 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2010/10/19 08:52:13.0296 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys

2010/10/19 08:52:13.0328 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2010/10/19 08:52:13.0375 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/10/19 08:52:13.0437 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/19 08:52:13.0500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/19 08:52:13.0546 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/19 08:52:13.0609 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/19 08:52:13.0765 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/19 08:52:13.0828 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/19 08:52:13.0921 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/10/19 08:52:14.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/19 08:52:14.0031 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/19 08:52:14.0109 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/19 08:52:14.0203 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys

2010/10/19 08:52:14.0312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/19 08:52:14.0343 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/19 08:52:14.0406 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/19 08:52:14.0437 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/19 08:52:14.0531 SymEvent (3c6790d26d03fe5163e2bec490e51a7e) C:\Program Files\Symantec\SYMEVENT.SYS

2010/10/19 08:52:14.0656 symlcbrd (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys

2010/10/19 08:52:14.0718 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2010/10/19 08:52:14.0765 SymSnap (3ce7bf283c3e43d6be0191423482069d) C:\WINDOWS\system32\drivers\SymSnap.sys

2010/10/19 08:52:14.0812 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2010/10/19 08:52:14.0875 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/19 08:52:14.0890 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/19 08:52:14.0937 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/10/19 08:52:14.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/19 08:52:15.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/19 08:52:15.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/19 08:52:15.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/19 08:52:15.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/19 08:52:15.0281 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/19 08:52:15.0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/19 08:52:15.0359 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/19 08:52:15.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/19 08:52:15.0500 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/19 08:52:15.0546 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/19 08:52:15.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/19 08:52:15.0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/19 08:52:15.0671 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/19 08:52:15.0703 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/19 08:52:15.0781 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/19 08:52:15.0843 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/19 08:52:15.0875 V2IMount (618796b1d9a98da9cf71b2894ae18ef2) C:\WINDOWS\system32\drivers\V2IMount.sys

2010/10/19 08:52:15.0906 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/19 08:52:15.0953 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/19 08:52:16.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/19 08:52:16.0062 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/19 08:52:16.0187 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2010/10/19 08:52:16.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/19 08:52:16.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/19 08:52:16.0484 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2010/10/19 08:52:16.0578 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/19 08:52:16.0656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/19 08:52:16.0703 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/19 08:52:16.0781 ================================================================================

2010/10/19 08:52:16.0781 Scan finished

2010/10/19 08:52:16.0781 ================================================================================

thank you so much for your help!

Link to post
Share on other sites

No RootKit found :)

DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

It seems that ComboFix found some viruses, here is the log:

ComboFix 10-10-18.05 - Zanna 10/19/2010 10:11:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.318 [GMT -5:00]

Running from: c:\documents and settings\Zanna\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\762ed8d

c:\documents and settings\All Users\Application Data\762ed8d\24.mof

c:\documents and settings\All Users\Application Data\762ed8d\BackUp\Acrobat Assistant.lnk

c:\documents and settings\All Users\Application Data\762ed8d\BackUp\Digital Line Detect.lnk

c:\documents and settings\All Users\Application Data\762ed8d\BackUp\Exif Launcher S.lnk

c:\documents and settings\All Users\Application Data\762ed8d\BackUp\HOTSYNCSHORTCUTNAME.lnk

c:\documents and settings\All Users\Application Data\762ed8d\CUA.ico

c:\documents and settings\All Users\Application Data\762ed8d\CUASys\vd952342.bd

c:\documents and settings\All Users\Application Data\762ed8d\mozcrt19.dll

c:\documents and settings\All Users\Application Data\762ed8d\sqlite3.dll

c:\documents and settings\Zanna\Recent\ANTIGEN.exe

c:\documents and settings\Zanna\Recent\cid.exe

c:\documents and settings\Zanna\Recent\eb.dll

c:\documents and settings\Zanna\Recent\energy.exe

c:\documents and settings\Zanna\Recent\energy.tmp

c:\documents and settings\Zanna\Recent\exec.drv

c:\documents and settings\Zanna\Recent\fix.drv

c:\documents and settings\Zanna\Recent\FS.tmp

c:\documents and settings\Zanna\Recent\PE.drv

c:\documents and settings\Zanna\Recent\PE.exe

c:\documents and settings\Zanna\Recent\PE.sys

c:\documents and settings\Zanna\Recent\ppal.dll

c:\documents and settings\Zanna\Recent\ppal.drv

c:\documents and settings\Zanna\Recent\SICKBOY.exe

c:\documents and settings\Zanna\Recent\SM.exe

c:\documents and settings\Zanna\Recent\SM.tmp

c:\documents and settings\Zanna\Recent\std.sys

c:\documents and settings\Zanna\Recent\tjd.exe

c:\documents and settings\Zanna\Recent\tjd.tmp

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))

.

2010-10-19 01:52 . 2010-10-19 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2010-10-19 01:51 . 2010-10-19 01:51 -------- d-----w- c:\program files\Common Files\iS3

2010-10-19 01:51 . 2010-10-19 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-10-18 03:16 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 03:16 . 2010-10-19 03:50 -------- d-----w- c:\program files\malbites

2010-10-18 03:16 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-12 23:42 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2010-10-12 23:42 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2010-10-12 23:42 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-12 23:42 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Zanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-24 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]

Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-12-5 303104]

Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphver05.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaws.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Zanna\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/26/2010 10:10 PM 102448]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3606365402-2771746004-1348138301-1008Core.job

- c:\documents and settings\Zanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 02:56]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3606365402-2771746004-1348138301-1008UA.job

- c:\documents and settings\Zanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 02:56]

2010-10-19 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-08-10 04:55]

2010-10-13 c:\windows\Tasks\Norton Security Scan for Zanna.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]

2010-10-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3606365402-2771746004-1348138301-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3606365402-2771746004-1348138301-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-19 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: umn.edu\www1.webvista

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3606365402-2771746004-1348138301-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38B94A89-8AB0-16B7-2EB2-82CA688C1142}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="BD140438C24C15AE564A225C111E315285F72E0E3C114CA0BCCAAE87AC346EE0A353D1A1395

1456F7182F1378B4DF8C456F737CE8EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CF

E

BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FE

B

C9E127BECC74CBA7FD869164D67949892D3354A3B9112C32D5F80AA9B00DCD47ED8D3587FF004F3C

7

D7614082F3C148191157F4179C86DFA5604181A13BEDDDA89F7E7FA6D5B605D2CC4B867FFA560AD0

0

B5466A86615365DDEE0B81B6ABCDCE35184B7B53656A4AF52EC6DBB61FC14B274AE30DBD0B47AD57

3

B36EC8E562A4DC0DADCB687E3E61D4A91F8E8DC5F0521D576FD7BD51A596F50B93359398BCBAA0C3

4

37D9F310FFB98EABCF56CDDB364D00D25D68172E6A686E6DF9584827056253D93FD5DE0A96DB9FEA

7

A47474099EF3C6DC1C7C533D7BB61C7809CCB46167C09071F7CB37375ED6A6BF906865F7878E872F

0

AA7253398999243FEBCD9B90F2E2D348734EEA02FF4736F21AC244E5B8EA831F5A2AE9538A408AA5

B

4E2AE8A20DD4B63A09D897707C4CA13648339A08C5D38229AD4AF445338B1C741A76A02BE19C5616

D

BD80E69B8EBC51EEA2D3233E90B42E3AF6527E1030388155FA156E6136FF69267E83A95DBE1CF1F6

4

BEAC3413A09456B284C46037A765FB0222C346EC09FD1C051318A1F910387129AA6694C03B23A6E2

3

BAB4B5406AE5D8785E9EF9DFC579235F867728BAD78C352440095D2591BEE9435FBDE477DDEDF9BE

8

073D3A30F0499CCE2B9B6BC591B51DF55C2B0EC8AB3E3CB09B895DC57A9E0D80253C385DBD8903DC

2

96ADAB6875C6B3D247A9D2F8A15747F34F2C8640527CE938B2DF312358E547F6EDB7EB3E1C03F2BC

4

610E02EFEB7A09B1F01F3888FDF87DC885ACAE50089FA5C8A2DF422B60C3E46C6ED08E982A30C5C5

9

25C71141BC3AC30EF86EA0F1A99D44C26E8BE742C452311E53B73C5AE1CC566965E1438E78F2557C

9

87CEF2DD9925CF7F6C57518835B3E93E8626BACB682ACA7167FA8A4360FE18A39CB983DD1D43ED7E

9

C8E58CF27F7F1A350ECC047E12A724C1ED02580DAE291C3935BCA1BC16F862514BBA4CD5665EBF41

A

6425DB7A0E1D048C97A4E74C132424A13CD70A4C7C3C2A4D88D7C39D055AC649FB3837C8374FA822

2

32CB222E1F770DC343D91A554F6772AF595E77D7385DFA6F74EF98795D37F2F9D60906E35750D417

1

120F58F260AC6E5483611D62F8BB61EE40BB9230B77E6B026BA46A894C0DACF5F0CF95E7691B42CB

C

E4EC319878A88CE6B87EDA14A5572227B866F6EED3BE497771B2FD8C3C9B2D5A63FDEEC42AF13552

F

583E96A2E340A3C0407C079094908049279FFB6773AF43BEB9FECE82C25A9670224CD398BC39FDF0

5

2B48A2E4B3AAC8C21812010860D35"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4008)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\documents and settings\Zanna\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

c:\windows\system32\msiexec.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-10-19 10:31:56 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-19 15:31

Pre-Run: 1,495,076,864 bytes free

Post-Run: 1,522,348,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D7EE5D508F2CBE310DF1423E40459EF9

Does this mean I am virus-free now?

Link to post
Share on other sites

That looks good.

How's it running?

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

To be on the safe side, I would also change all my passwords.

Here's my usual all clean post

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.

    • Next press the Apply button and then the OK to exit the Internet Properties page.
    • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
      (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
      Without a firewall your computer is succeptible to being hacked and taken over.
      I am very serious about this and see it happen almost every day with my clients.
      Simply using a Firewall in its default configuration can lower your risk greatly.
    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
      This will ensure your computer has always the latest security updates available installed on your computer.
      If there are new updates to install, install them immediately, reboot your computer, and revisit the site
      until there are no more critical updates.
    • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
      Without regular updates you WILL NOT be protected when new malicious programs are released.

    Only run one Anti-Virus and Firewall program.

    I would suggest you read How to Prevent Malware:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.