Jump to content

Malwaebytes Screen could not be opened


hkw
 Share

Recommended Posts

Days before, I tried to open above screen but in vain. Three error messages appear as follows:

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_EXPANDING_VARIABLES(0,48)

There is an error occurred with remarks 'please inform this error code to our support group'

MBAM_ERROR_MISSING_FILE(3,0,mbamswissarmy.sys)

System cannot find the appointed path.

[OpenEvent]fails to carry out required operation.

Error Code:2

From that onwards, each time when the system boots up, above error messages appear.

Firefox suggests to uninstall MBAM at Control Panel but in vain.

Uninstall of MBAM is impossible at Control Panel with error message encountered.

'Runtime Error(at-1:0):Cannot Import dll:C:\Program Files\Malwarebytes'AntiMalware\mbam.dll

Firefox said "If you are having issues with Malwarebytes, installing or removing, it is possible that you may have an infection preventing you from doing what you need to do."

After checking I found KIS has detected :

Hack.Tool.Win32.Kiser.ok

at location C:\System Volume Information\_restore{7ab7f0fd.......

which have been deleted as recommended by KIS.

Firefox quoted "As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have."

Link to post
Share on other sites

Hi,

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Gammo: Hi, it's nice to hear from you!

Followings are the scan reports result for your reference:

Attach.txt :

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2010/4/21 ?? 12:11:27

System Uptime: 2010/12/4 ?? 12:24:26 (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S8X

Processor: Intel® Celeron® CPU 2.00GHz | PGA 478 | 2000/100mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 59 GiB total, 43.175 GiB free.

D: is FIXED (NTFS) - 90 GiB total, 51.802 GiB free.

E: is FIXED (NTFS) - 39 GiB total, 0.648 GiB free.

F: is FIXED (NTFS) - 18 GiB total, 5.703 GiB free.

G: is CDROM ()

H: is CDROM ()

J: is CDROM ()

K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP29: 2010/11/4 ?? 01:42:34 - Software Distribution Service 3.0

RP30: 2010/11/4 ?? 02:10:18 - Software Distribution Service 3.0

RP31: 2010/11/4 ?? 02:18:23 - ??? Java 6 Update 22

RP32: 2010/11/4 ?? 03:33:44 - Software Distribution Service 3.0

RP33: 2010/11/4 ?? 03:59:04 - Software Distribution Service 3.0

RP34: 2010/11/4 ?? 09:10:54 - Software Distribution Service 3.0

RP35: 2010/11/4 ?? 09:29:00 - avast! Internet Security Setup

RP36: 2010/11/4 ?? 09:37:43 - Installed Kaspersky Internet Security 2011.

RP37: 2010/11/5 ?? 03:07:22 - Software Distribution Service 3.0

RP38: 2010/11/5 ?? 06:54:18 - Software Distribution Service 3.0

RP39: 2010/11/5 ?? 07:52:51 - Software Distribution Service 3.0

RP40: 2010/11/5 ?? 09:07:41 - Software Distribution Service 3.0

RP41: 2010/11/6 ?? 10:42:29 - ?????

RP42: 2010/11/7 ?? 12:03:34 - Installed Rapidshare Auto Downloader 4.1

RP43: 2010/11/7 ?? 10:02:44 - Removed Rapidshare Auto Downloader 4.1

RP44: 2010/11/8 ?? 05:08:24 - ?????

RP45: 2010/11/8 ?? 08:00:19 - ??? ??

RP46: 2010/11/9 ?? 09:04:00 - ?????

RP47: 2010/11/10 ?? 05:35:06 - Software Distribution Service 3.0

RP48: 2010/11/11 ?? 05:59:54 - ?????

RP49: 2010/11/12 ?? 06:17:27 - ?????

RP50: 2010/11/12 ?? 09:57:26 - ??? ??

RP51: 2010/11/12 ?? 10:07:46 - ??? ??

RP52: 2010/11/14 ?? 11:10:37 - ?????

RP53: 2010/11/14 ?? 11:32:47 - ????

RP54: 2010/11/14 ?? 06:59:03 - Software Distribution Service 3.0

RP55: 2010/11/15 ?? 07:16:31 - ?????

RP56: 2010/11/16 ?? 07:30:04 - ?????

RP57: 2010/11/17 ?? 08:25:32 - ?????

RP58: 2010/11/18 ?? 08:34:40 - ?????

RP59: 2010/11/19 ?? 09:22:34 - ?????

RP60: 2010/11/23 ?? 04:23:57 - ?????

RP61: 2010/11/24 ?? 05:40:16 - ?????

RP62: 2010/11/29 ?? 07:54:30 - ?????

RP63: 2010/11/30 ?? 08:07:11 - ?????

RP64: 2010/12/1 ?? 08:26:44 - ?????

RP65: 2010/12/2 ?? 09:10:08 - ?????

RP66: 2010/12/4 ?? 02:24:05 - ?????

==== Installed Programs ======================

Adobe Anchor Service CS4

Adobe CMaps CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Recommended Settings CS4

Adobe Color NA Extra Settings CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI others

Adobe Flash CS4 Professional

Adobe Flash CS4 STI-other

Adobe Flash Player 10 Plugin

Adobe Linguistics CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Reader 9.4.1 - Chinese Traditional

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advertising Center

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

C-Media WDM Audio Driver

Combined Community Codec Pack 2009-09-09

Connect

DolbyFiles

DVDFab 8.0.2.1 (30/09/2010)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

HP LaserJet 1000

ImageMixer VCD2

ImagXpress

iTunes

Java Auto Updater

Java 6 Update 22

K-Lite Mega Codec Pack 6.5.0

Kaspersky Internet Security 2011

kuler

Malwarebytes' Anti-Malware

MediaMonkey 3.2

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Templates - Starter Kit

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Trial

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero DiscSpeed

Nero DriveSpeed

Nero InfoTool

Nero Installer

Nero PhotoSnap

Nero Recode

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero Vision

Nero WaveEditor

NeroBurningROM

NeroExpress

neroxml

PDF Settings CS4

Photoshop Camera Raw

Picture Package

Pixel Bender Toolkit

QuickTime

Real Alternative 2.0.2

RealPlayer

RealUpgrade 1.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Sony USB Driver

SoundTrax

Suite Shared Configuration CS4

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

WebFldrs XP

Windows Internet Explorer 8

Windows Internet Explorer 8 ????? (KB2360131)

Windows Internet Explorer 8 ????? (KB971961)

Windows Internet Explorer 8 ????? (KB981332)

Windows Internet Explorer 8 ?? (KB976662)

Windows Internet Explorer 8 ?? (KB980182)

Windows Internet Explorer 8 ?? (KB980302)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11 Hotfix (KB939683)

Windows Media Player 11 ????? (KB954154)

Windows Media Player ????? (KB2378111)

Windows Media Player ????? (KB952069)

Windows Media Player ????? (KB954155)

Windows Media Player ????? (KB968816)

Windows Media Player ????? (KB973540)

Windows Media Player ????? (KB975558)

Windows Media Player ????? (KB978695)

Windows XP Hotfix (KB2158563)

Windows XP Hotfix (KB952287)

Windows XP Hotfix (KB961118)

Windows XP Hotfix (KB979306)

Windows XP ????? (KB2079403)

Windows XP ????? (KB2115168)

Windows XP ????? (KB2121546)

Windows XP ????? (KB2229593)

Windows XP ????? (KB2259922)

Windows XP ????? (KB2279986)

Windows XP ????? (KB2286198)

Windows XP ????? (KB2296011)

Windows XP ????? (KB2347290)

Windows XP ????? (KB2360937)

Windows XP ????? (KB2387149)

Windows XP ????? (KB923561)

Windows XP ????? (KB941569)

Windows XP ????? (KB946648)

Windows XP ????? (KB950760)

Windows XP ????? (KB950762)

Windows XP ????? (KB950974)

Windows XP ????? (KB951066)

Windows XP ????? (KB951376-v2)

Windows XP ????? (KB951748)

Windows XP ????? (KB952004)

Windows XP ????? (KB952954)

Windows XP ????? (KB954459)

Windows XP ????? (KB955069)

Windows XP ????? (KB956572)

Windows XP ????? (KB956744)

Windows XP ????? (KB956802)

Windows XP ????? (KB956803)

Windows XP ????? (KB956844)

Windows XP ????? (KB958644)

Windows XP ????? (KB958869)

Windows XP ????? (KB959426)

Windows XP ????? (KB960225)

Windows XP ????? (KB960803)

Windows XP ????? (KB960859)

Windows XP ????? (KB961501)

Windows XP ????? (KB969059)

Windows XP ????? (KB969947)

Windows XP ????? (KB970238)

Windows XP ????? (KB970430)

Windows XP ????? (KB971468)

Windows XP ????? (KB971657)

Windows XP ????? (KB972270)

Windows XP ????? (KB973354)

Windows XP ????? (KB973507)

Windows XP ????? (KB973869)

Windows XP ????? (KB973904)

Windows XP ????? (KB974112)

Windows XP ????? (KB974318)

Windows XP ????? (KB974392)

Windows XP ????? (KB974571)

Windows XP ????? (KB975025)

Windows XP ????? (KB975467)

Windows XP ????? (KB975560)

Windows XP ????? (KB975561)

Windows XP ????? (KB975562)

Windows XP ????? (KB975713)

Windows XP ????? (KB977816)

Windows XP ????? (KB977914)

Windows XP ????? (KB978037)

Windows XP ????? (KB978262)

Windows XP ????? (KB978338)

Windows XP ????? (KB978542)

Windows XP ????? (KB978601)

Windows XP ????? (KB978706)

Windows XP ????? (KB979309)

Windows XP ????? (KB979482)

Windows XP ????? (KB979683)

Windows XP ????? (KB979687)

Windows XP ????? (KB980195)

Windows XP ????? (KB980232)

Windows XP ????? (KB980436)

Windows XP ????? (KB981322)

Windows XP ????? (KB981852)

Windows XP ????? (KB981957)

Windows XP ????? (KB981997)

Windows XP ????? (KB982132)

Windows XP ????? (KB982214)

Windows XP ????? (KB982665)

Windows XP ?? (KB2141007)

Windows XP ?? (KB2345886)

Windows XP ?? (KB898461)

Windows XP ?? (KB951978)

Windows XP ?? (KB955759)

Windows XP ?? (KB967715)

Windows XP ?? (KB968389)

Windows XP ?? (KB971737)

Windows XP ?? (KB973687)

Windows XP ?? (KB973815)

WinRAR ????

==== End Of File ===========================

DDS.txt:

DDS (Ver_10-11-27.01) - NTFSx86

Run by david at 2:55:18.57 on 2010/12/04 ???

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.1024.604 [GMT 8:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\WINDOWS\system32\zstatus.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\david\??\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://hk.yahoo.com/

BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\documents and settings\david\??\thunder_v5.9.24.1506\comdlls\TDMediaDetector5.9.24.1506.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\documents and settings\david\??\thunder_v5.9.24.1506\comdlls\xunleiBHO_Now.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync

mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [hp 1000 firmware] c:\program files\hp laserjet 1000\fwdl.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\???~1\???\??\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe

StartupFolder: c:\docume~1\alluse~1\???~1\???\??\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe

IE: ?????? - c:\documents and settings\david\??\thunder_v5.9.24.1506\program\geturl.htm

IE: ?????????? - c:\documents and settings\david\??\thunder_v5.9.24.1506\program\getallurl.htm

IE: ??? Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-4 475736]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-5 20952]

S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-5 304464]

S3 cpuz132;cpuz132;\??\c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\david\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

=============== Created Last 30 ================

2010-12-02 23:28:22 -------- d-----w- c:\program files\SlySoft

2010-11-30 20:43:26 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2010-11-25 18:29:05 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

2010-11-17 10:36:59 -------- d-----w- c:\program files\iPod

2010-11-17 10:36:51 -------- d-----w- c:\program files\iTunes

2010-11-14 10:41:36 -------- d-----w- c:\program files\common files\xing shared

2010-11-14 10:39:27 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-14 10:39:27 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-14 03:36:20 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-11-14 03:36:20 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-08 03:23:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\f-secure

2010-11-06 16:04:52 -------- d-----w- C:\Downloads

2010-11-06 03:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2010-11-05 11:45:33 -------- d-----w- c:\docume~1\david\locals~1\applic~1\PCHealth

2010-11-05 09:28:30 -------- d-----w- c:\docume~1\david\locals~1\applic~1\Thunder Network

2010-11-05 09:18:57 -------- d-----w- c:\program files\common files\Thunder Network

2010-11-05 08:52:57 -------- d-----w- c:\program files\Combined Community Codec Pack

2010-11-05 08:50:48 909312 ----a-w- c:\windows\system32\VSFilter.dll

2010-11-05 08:48:41 -------- d-----w- c:\program files\Real Alternative

2010-11-05 08:45:09 232448 ----a-w- c:\windows\system32\mp3fhg.acm

2010-11-05 08:45:08 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-11-05 08:45:07 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-11-05 08:45:07 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-11-05 08:45:07 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-11-05 08:45:06 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-11-05 08:44:58 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-11-05 07:09:14 -------- d-----w- c:\program files\MSXML 4.0

2010-11-05 05:00:57 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-05 04:46:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-05 04:46:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-05 04:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-05 04:12:33 -------- d-----w- c:\docume~1\david\applic~1\Malwarebytes

2010-11-05 04:12:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-04 15:20:48 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll

2010-11-04 13:40:44 97545 ----a-w- c:\windows\system32\drivers\klick.dat

2010-11-04 13:40:44 115465 ----a-w- c:\windows\system32\drivers\klin.dat

2010-11-04 13:38:14 -------- d-----w- c:\program files\Kaspersky Lab

2010-11-04 13:38:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

2010-11-04 13:35:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2010-11-04 08:43:48 -------- d-----w- c:\program files\DVDFab 8

2010-11-04 08:07:28 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-11-04 07:43:15 -------- d-----w- c:\windows\system32\XPSViewer

2010-11-04 07:42:30 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-11-04 07:42:11 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-11-04 07:42:11 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-11-04 07:42:11 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-11-04 07:42:11 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-11-04 07:42:11 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-11-04 07:42:11 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-11-04 07:42:11 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-11-04 07:42:11 117760 ------w- c:\windows\system32\prntvpt.dll

2010-11-04 06:33:57 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin6.dll

2010-11-04 06:33:57 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin5.dll

2010-11-04 06:33:57 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin4.dll

2010-11-04 06:33:57 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin3.dll

2010-11-04 06:33:57 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin2.dll

2010-11-04 06:33:57 159744 ----a-w- c:\program files\internet explorer\????\npqtplugin.dll

2010-11-04 06:28:14 -------- d-----w- c:\program files\Bonjour

2010-11-04 05:57:07 269568 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-11-04 05:57:07 269568 ------w- c:\windows\system32\drivers\bthport.sys

2010-11-04 05:56:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-11-04 05:52:19 2189824 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-11-04 05:52:15 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-11-04 05:52:14 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-11-04 05:42:43 -------- d-----w- c:\windows\system32\PreInstall

==================== Find3M ====================

2010-11-04 08:44:15 87608 ----a-w- c:\docume~1\david\applic~1\inst.exe

2010-11-04 08:44:15 47360 ----a-w- c:\docume~1\david\applic~1\pcouffin.sys

2010-09-18 06:52:56 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:52:56 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:52:56 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 04:22:58 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-14 18:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:48:54 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:48:47 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:48:47 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-08 03:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 03:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 2:56:45.35 ===============

RKU Report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xF71C9000 kl1.sys 5382144 bytes (Kaspersky Lab ZAO, Kaspersky Unified Driver)

0x804D8000 C:\WINDOWS\system32\ntoskrnl.exe 2189824 bytes (Microsoft Corporation, NT Kernel & System)

0x804D8000 PnpManager 2189824 bytes

0x804D8000 RAW 2189824 bytes

0x804D8000 WMIxWDM 2189824 bytes

0xBF080000 C:\WINDOWS\System32\ati3duag.dll 1892352 bytes (ATI Technologies Inc. , ati3duag.dll)

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF677C000 C:\WINDOWS\system32\drivers\cmuda.sys 1376256 bytes (C-Media Inc, C-Media Audio WDM Driver)

0xF70C9000 PCI_PNP2048 1048576 bytes

0xF70C9000 sptd 1048576 bytes

0xF70C9000 spxt.sys 1048576 bytes

0xF6930000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 815104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xF6F3F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xBF24E000 C:\WINDOWS\System32\ativvaxx.dll 520192 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xAA759000 C:\WINDOWS\system32\DRIVERS\klif.sys 520192 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wnet_x86])

0xAA5C0000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF6569000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xAA6A5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xA9B32000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xA9759000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF048000 C:\WINDOWS\System32\ati2cqag.dll 229376 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xF66BF000 C:\WINDOWS\System32\Drivers\a4ee1cww.SYS 221184 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 221184 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xF65C7000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF7083000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xA9C52000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF6F12000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xA8F33000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xAA630000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xAA67D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF702D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xAA59A000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF6758000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6734000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF68CC000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xAA65B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806EF000 ACPI_HAL 131840 bytes

0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF6FF5000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7053000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF6EF8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF68EF000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 102400 bytes (SlySoft, Inc., AnyDVD Filter Driver)

0xF7015000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xAA4BA000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF70B1000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF6FCC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF66A8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xAA0BD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6908000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF691C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xAA6FE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF6FE3000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7072000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6697000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF794C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF778C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF77CC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF793C000 C:\WINDOWS\system32\DRIVERS\serial.sys 61440 bytes (Microsoft Corporation, Serial Device Driver)

0xF792C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF78BC000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF77AC000 C:\WINDOWS\system32\DRIVERS\redbook.sys 57344 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xF774C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF77EC000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF795C000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 49152 bytes (Microsoft Corporation, i8042 Port Driver)

0xF783C000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)

0xF780C000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF772C000 VolSnap.sys 49152 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF78DC000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF797C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF771C000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF77FC000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF790C000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 40960 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)

0xF791C000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)

0xF77DC000 C:\WINDOWS\system32\DRIVERS\klim5.sys 40960 bytes (Kaspersky Lab ZAO, Kaspersky Lab Intermediate Network Driver)

0xF785C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF784C000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF773C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF770C000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF796C000 C:\WINDOWS\system32\DRIVERS\klmouflt.sys 36864 bytes (Kaspersky Lab, KLMOUFLT Mouse Device Filter [fre_wnet_x86])

0xF781C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF78CC000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xA90AE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF78EC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7ADC000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7A14000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)

0xF7A0C000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF79E4000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7A1C000 C:\DOCUME~1\david\LOCALS~1\Temp\mbr.sys 28672 bytes

0xF798C000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF79FC000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF79EC000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7AE4000 C:\WINDOWS\system32\DRIVERS\kl2.sys 24576 bytes (Kaspersky Lab ZAO, Kaspersky Unified Driver)

0xF79F4000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7ACC000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7A9C000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF7AD4000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7994000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7A84000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7A8C000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7A7C000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7A04000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF7AF4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7BF4000 C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS 16384 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)

0xAA49A000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xF6A17000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xAA372000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7BEC000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7B1C000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7BE8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF6ECC000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)

0xF7BF0000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)

0xA9BAE000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)

0xF6EC8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF6565000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7C52000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7C10000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF7C76000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7C50000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7C0C000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7C54000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7C82000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7C56000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7C34000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7C4E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7C0E000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7D04000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7D4C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7CF7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7CD4000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x86F881F8 unknown_irp_handler 3592 bytes

0x86DAB1F8 unknown_irp_handler 3592 bytes

0x86C9C1F8 unknown_irp_handler 3592 bytes

0x86D1C1F8 unknown_irp_handler 3592 bytes

0x86B1B1F8 unknown_irp_handler 3592 bytes

0x86D1D1F8 unknown_irp_handler 3592 bytes

0x86DE31F8 unknown_irp_handler 3592 bytes

0x86F8D3F8 unknown_irp_handler 3080 bytes

0x86F89500 unknown_irp_handler 2816 bytes

0x86B0C500 unknown_irp_handler 2816 bytes

==============================================

>Stealth

==============================================

WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!!=)

This morning error message appears with "Javaw.exe encountered a problem!

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

ComboFix.txt log as follows:

ComboFix 10-12-03.03 - david /12/05 ??? 2:15.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.1024.679 [GMT 8:00]

????: c:\documents and settings\david\??\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

* ????????

.

((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\david\Application Data\inst.exe

c:\windows\system32\spool\prtprocs\w32x86\pcldll6l.dll

c:\windows\system32\spool\prtprocs\w32x86\zpp.dll

.

((((((((((((((((((((((((( 2010-11-04 ? 2010-12-04 ????? )))))))))))))))))))))))))))))))

.

2010-12-02 23:28 . 2010-12-02 23:28 -------- d-----w- c:\program files\SlySoft

2010-11-30 20:43 . 2010-11-30 20:43 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

2010-11-24 09:44 . 2010-11-24 09:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2010-11-17 10:36 . 2010-11-17 10:36 -------- d-----w- c:\program files\iPod

2010-11-17 10:36 . 2010-11-17 10:46 -------- d-----w- c:\program files\iTunes

2010-11-14 10:41 . 2010-11-14 10:41 -------- d-----w- c:\program files\Common Files\xing shared

2010-11-14 10:39 . 2010-11-14 10:39 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-14 10:39 . 2010-11-14 10:39 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-14 10:38 . 2010-11-14 10:42 -------- d-----w- c:\program files\Real

2010-11-14 03:36 . 2010-11-14 03:36 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-08 03:23 . 2010-11-08 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure

2010-11-06 16:04 . 2010-11-06 16:04 -------- d-----w- C:\Downloads

2010-11-06 03:37 . 2010-11-06 03:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2010-11-06 02:19 . 2010-11-06 02:19 -------- d-----w- c:\windows\Sun

2010-11-05 11:45 . 2010-11-05 11:45 -------- d-----w- c:\documents and settings\david\Local Settings\Application Data\PCHealth

2010-11-05 09:28 . 2010-11-05 09:28 -------- d-----w- c:\documents and settings\david\Local Settings\Application Data\Thunder Network

2010-11-05 09:18 . 2010-11-05 09:19 -------- d-----w- c:\program files\Common Files\Thunder Network

2010-11-05 08:52 . 2010-11-05 08:53 -------- d-----w- c:\program files\Combined Community Codec Pack

2010-11-05 08:50 . 2005-11-25 20:58 909312 ----a-w- c:\windows\system32\VSFilter.dll

2010-11-05 08:48 . 2010-11-05 08:48 -------- d-----w- c:\program files\Real Alternative

2010-11-05 08:45 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm

2010-11-05 08:45 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-11-05 08:45 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-11-05 08:45 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-11-05 08:45 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-11-05 08:45 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-11-05 08:44 . 2010-11-06 00:48 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-11-05 07:09 . 2010-11-05 07:09 -------- d-----w- c:\program files\MSXML 4.0

2010-11-05 05:00 . 2010-09-10 05:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-11-05 04:46 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-05 04:46 . 2010-11-05 04:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-05 04:46 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-05 04:12 . 2010-11-05 04:12 -------- d-----w- c:\documents and settings\david\Application Data\Malwarebytes

2010-11-05 04:12 . 2010-11-05 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-04 08:44 . 2010-04-21 10:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-11-04 08:44 . 2010-04-21 10:17 47360 ----a-w- c:\documents and settings\david\Application Data\pcouffin.sys

2010-09-18 06:52 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:52 . 2008-04-15 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:52 . 2008-04-15 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 04:22 . 2008-04-15 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-14 20:50 . 2010-04-23 15:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-14 18:29 . 2010-04-23 15:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2010-09-10 05:48 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:48 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:48 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-08 03:17 . 2010-09-08 03:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 03:17 . 2010-09-08 03:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 1791B79392B2C5681F220423E7B14DCA . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-15 . 241D706AC46BC7D59B25C58BF1B08F13 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-01 4713032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]

"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]

"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-04 352976]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-11-14 202256]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\???????\???\??\

Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2010-4-21 151552]

Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2010-4-21 106496]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]

IME File REG_SZ MSTCICJA.IME

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.85\\ThunderService.exe"=

"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.85\\XLBugReport.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010/4/21 ?? 03:50 717296]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010/6/9 ?? 05:43 11352]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010/5/7 ?? 12:06 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009/11/2 ?? 08:27 19472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010/11/5 ?? 12:46 20952]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010/11/5 ?? 12:46 304464]

.

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you still can't run MBAM, just skip this step.

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

MBAM still cannot be opened with error message :

[Open Event] fails to carry out required operation. Error code : 2

After EsetScan, 6 threats were found as below:

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP58\A0017954.exe Win32/Toolbar.AskSBar application

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP60\A0020066.exe Win32/Spy.Zbot.WM trojan

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP60\A0020069.exe Win32/Spy.Zbot.WM trojan

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP60\A0020070.exe multiple threats

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP60\A0020071.exe multiple threats

C:\System Volume Information\_restore{7AB7F0FD-EA11-498F-B6F7-5AB95BAF1E4F}\RP65\A0022620.exe probably unknown NewHeur_PE virus

Link to post
Share on other sites

Hi,

Your problem is not malware related. I suggest you start a new topic about the issue in the General Malwarebytes' Anti-Malware Forum.

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ;)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

  • 2 months later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.