Jump to content

csrss.exe and Antivirus Scan


Recommended Posts

Hi there. Recently I started getting a Google redirect problem and ran MBAM which told me I had a trojan csrss.exe. I asked MBAM to remove it however after asking me to reboot to finish the task, the program was closed and a pop-up told me there was a problem with it. I tried three times to make sure it wasn't a fluke, however each time MBAM was disabled and not allowed to boot.

Yesterday I was searching on Google to find some way to get rid of the csrss.exe problem and I got a pop-up from a programme calling itself 'Antivirus Scan'. That is now stopping me from running MBAM and other antivirus software in normal mode. I tried to follow the forum's stickied instructions and downloaded Avira however upon installation I get an error message telling me installation has failed, poosibly due to a Windows update running in parallel.

I'm not particularly good with computers, so I'd really appreciate someone's help.

Thanks!

Link to post
Share on other sites

:rolleyes:

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Sorry, I forgot to tell you in my last post: At the moment the computer is a little slow when first loading the desktop and MBAM is blocked as a starting program. Other than this, the google redirects and the 'antivirus scan' malware are the only noticeable problems.

2010/12/18 19:08:18.0800 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/18 19:08:18.0800 ================================================================================

2010/12/18 19:08:18.0800 SystemInfo:

2010/12/18 19:08:18.0800

2010/12/18 19:08:18.0800 OS Version: 6.0.6000 ServicePack: 0.0

2010/12/18 19:08:18.0800 Product type: Workstation

2010/12/18 19:08:18.0800 ComputerName: BLAKES-PC

2010/12/18 19:08:18.0800 UserName: Blake

2010/12/18 19:08:18.0800 Windows directory: C:\Windows

2010/12/18 19:08:18.0800 System windows directory: C:\Windows

2010/12/18 19:08:18.0800 Processor architecture: Intel x86

2010/12/18 19:08:18.0800 Number of processors: 2

2010/12/18 19:08:18.0800 Page size: 0x1000

2010/12/18 19:08:18.0800 Boot type: Safe boot with network

2010/12/18 19:08:18.0800 ================================================================================

2010/12/18 19:08:19.0440 Initialize success

2010/12/18 19:08:44.0197 ================================================================================

2010/12/18 19:08:44.0197 Scan started

2010/12/18 19:08:44.0197 Mode: Manual;

2010/12/18 19:08:44.0197 ================================================================================

2010/12/18 19:08:46.0506 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2010/12/18 19:08:46.0662 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2010/12/18 19:08:46.0880 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2010/12/18 19:08:46.0943 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2010/12/18 19:08:47.0021 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2010/12/18 19:08:47.0161 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2010/12/18 19:08:47.0301 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2010/12/18 19:08:47.0395 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/12/18 19:08:47.0473 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2010/12/18 19:08:47.0551 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2010/12/18 19:08:47.0645 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2010/12/18 19:08:47.0723 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2010/12/18 19:08:47.0769 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2010/12/18 19:08:47.0910 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2010/12/18 19:08:48.0035 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2010/12/18 19:08:48.0113 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/18 19:08:48.0191 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

2010/12/18 19:08:48.0300 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2010/12/18 19:08:48.0534 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/18 19:08:48.0596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/12/18 19:08:48.0690 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/12/18 19:08:48.0799 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/12/18 19:08:48.0893 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/12/18 19:08:48.0955 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/12/18 19:08:49.0033 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/12/18 19:08:49.0111 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/12/18 19:08:49.0189 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/18 19:08:49.0267 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/18 19:08:49.0376 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2010/12/18 19:08:49.0423 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2010/12/18 19:08:49.0532 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/18 19:08:49.0595 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2010/12/18 19:08:49.0657 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/18 19:08:49.0751 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2010/12/18 19:08:49.0797 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2010/12/18 19:08:49.0891 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2010/12/18 19:08:49.0969 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2010/12/18 19:08:50.0078 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2010/12/18 19:08:50.0172 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/18 19:08:50.0250 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/12/18 19:08:50.0328 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2010/12/18 19:08:50.0453 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2010/12/18 19:08:50.0609 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2010/12/18 19:08:50.0671 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/18 19:08:50.0749 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2010/12/18 19:08:50.0796 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2010/12/18 19:08:50.0858 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/18 19:08:50.0936 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2010/12/18 19:08:51.0030 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/18 19:08:51.0077 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2010/12/18 19:08:51.0186 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/12/18 19:08:51.0279 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/12/18 19:08:51.0373 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/18 19:08:51.0467 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/12/18 19:08:51.0513 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/12/18 19:08:51.0576 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/18 19:08:51.0654 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2010/12/18 19:08:51.0732 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2010/12/18 19:08:51.0794 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2010/12/18 19:08:51.0903 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/18 19:08:51.0997 ialm (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/12/18 19:08:52.0122 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys

2010/12/18 19:08:52.0184 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2010/12/18 19:08:52.0356 igfx (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/12/18 19:08:52.0418 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/12/18 19:08:52.0574 IntcAzAudAddService (67e40fa2e4f2b70e8b3c8597a38f3a49) C:\Windows\system32\drivers\RTKVHDA.sys

2010/12/18 19:08:52.0730 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys

2010/12/18 19:08:52.0824 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/18 19:08:52.0886 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/18 19:08:53.0011 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2010/12/18 19:08:53.0089 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2010/12/18 19:08:53.0167 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2010/12/18 19:08:53.0229 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2010/12/18 19:08:53.0339 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/18 19:08:53.0417 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/12/18 19:08:53.0479 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/12/18 19:08:53.0573 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/18 19:08:53.0635 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2010/12/18 19:08:53.0760 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/18 19:08:53.0869 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/18 19:08:53.0963 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2010/12/18 19:08:54.0041 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2010/12/18 19:08:54.0119 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2010/12/18 19:08:54.0197 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2010/12/18 19:08:54.0259 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2010/12/18 19:08:54.0353 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2010/12/18 19:08:54.0431 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/18 19:08:54.0524 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/18 19:08:54.0602 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/18 19:08:54.0665 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2010/12/18 19:08:54.0758 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2010/12/18 19:08:54.0836 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/18 19:08:54.0914 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/12/18 19:08:54.0992 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2010/12/18 19:08:55.0086 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/18 19:08:55.0179 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/18 19:08:55.0226 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/18 19:08:55.0304 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2010/12/18 19:08:55.0398 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2010/12/18 19:08:55.0476 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2010/12/18 19:08:55.0538 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

2010/12/18 19:08:55.0616 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/18 19:08:55.0663 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/18 19:08:55.0741 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2010/12/18 19:08:55.0850 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2010/12/18 19:08:55.0897 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/18 19:08:55.0959 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2010/12/18 19:08:56.0022 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2010/12/18 19:08:56.0115 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/18 19:08:56.0287 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2010/12/18 19:08:56.0349 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/18 19:08:56.0412 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/18 19:08:56.0459 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/18 19:08:56.0505 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2010/12/18 19:08:56.0630 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/18 19:08:56.0677 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/18 19:08:56.0849 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys

2010/12/18 19:08:56.0973 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/12/18 19:08:57.0036 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2010/12/18 19:08:57.0161 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/18 19:08:57.0270 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2010/12/18 19:08:57.0363 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/12/18 19:08:57.0410 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2010/12/18 19:08:57.0488 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys

2010/12/18 19:08:57.0597 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys

2010/12/18 19:08:57.0644 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2010/12/18 19:08:57.0707 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2010/12/18 19:08:57.0863 O2MDRDR (a874f4e22d116bf5701db6dd8bcb1d27) C:\Windows\system32\DRIVERS\o2media.sys

2010/12/18 19:08:57.0956 O2SDRDR (55153f3f852c4bc0e050a65f5d914c01) C:\Windows\system32\DRIVERS\o2sd.sys

2010/12/18 19:08:58.0019 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/18 19:08:58.0128 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/12/18 19:08:58.0175 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2010/12/18 19:08:58.0221 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/12/18 19:08:58.0331 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

2010/12/18 19:08:58.0377 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2010/12/18 19:08:58.0440 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/12/18 19:08:58.0549 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/12/18 19:08:58.0705 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/18 19:08:58.0752 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2010/12/18 19:08:58.0908 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/18 19:08:59.0017 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2010/12/18 19:08:59.0111 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/12/18 19:08:59.0157 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/18 19:08:59.0189 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/18 19:08:59.0251 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/18 19:08:59.0329 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/18 19:08:59.0345 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/18 19:08:59.0376 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/18 19:08:59.0454 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2010/12/18 19:08:59.0532 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/18 19:08:59.0610 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2010/12/18 19:08:59.0688 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/18 19:08:59.0828 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys

2010/12/18 19:08:59.0875 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/12/18 19:08:59.0969 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys

2010/12/18 19:09:00.0047 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/12/18 19:09:00.0109 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/12/18 19:09:00.0171 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/12/18 19:09:00.0265 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2010/12/18 19:09:00.0359 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2010/12/18 19:09:00.0405 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2010/12/18 19:09:00.0468 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2010/12/18 19:09:00.0530 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/12/18 19:09:00.0593 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2010/12/18 19:09:00.0702 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys

2010/12/18 19:09:00.0780 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2010/12/18 19:09:00.0873 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2010/12/18 19:09:00.0967 smserial (3850aba97b31094f93bcbe94d6abbe22) C:\Windows\system32\DRIVERS\smserial.sys

2010/12/18 19:09:01.0107 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2010/12/18 19:09:01.0201 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2010/12/18 19:09:01.0295 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/18 19:09:01.0373 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/18 19:09:01.0513 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys

2010/12/18 19:09:01.0653 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/18 19:09:01.0716 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/12/18 19:09:01.0763 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/12/18 19:09:01.0825 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/12/18 19:09:01.0981 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2010/12/18 19:09:02.0090 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/18 19:09:02.0184 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/18 19:09:02.0231 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2010/12/18 19:09:02.0293 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2010/12/18 19:09:02.0340 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/18 19:09:02.0418 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/18 19:09:02.0527 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/18 19:09:02.0589 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2010/12/18 19:09:02.0683 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/18 19:09:02.0745 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2010/12/18 19:09:02.0823 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/18 19:09:02.0933 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2010/12/18 19:09:03.0011 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2010/12/18 19:09:03.0104 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/12/18 19:09:03.0213 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/12/18 19:09:03.0276 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/18 19:09:03.0369 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys

2010/12/18 19:09:03.0447 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/12/18 19:09:03.0525 usbehci (15be5995d255f4067be57831d7a019e0) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/18 19:09:03.0603 usbhub (3af9f47f37b44ca50de50732c6a52c38) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/18 19:09:03.0697 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/12/18 19:09:03.0759 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2010/12/18 19:09:03.0822 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/18 19:09:03.0869 usbuhci (6319543440ce8c180a12603d37934ff6) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/18 19:09:03.0931 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/18 19:09:03.0962 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2010/12/18 19:09:04.0009 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2010/12/18 19:09:04.0040 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2010/12/18 19:09:04.0087 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2010/12/18 19:09:04.0149 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys

2010/12/18 19:09:04.0243 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

2010/12/18 19:09:04.0321 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2010/12/18 19:09:04.0399 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2010/12/18 19:09:04.0446 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2010/12/18 19:09:04.0539 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/12/18 19:09:04.0633 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/18 19:09:04.0664 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/18 19:09:04.0742 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2010/12/18 19:09:04.0836 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/18 19:09:05.0070 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2010/12/18 19:09:05.0195 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/18 19:09:05.0304 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/18 19:09:05.0382 ================================================================================

2010/12/18 19:09:05.0382 Scan finished

2010/12/18 19:09:05.0382 ================================================================================

Link to post
Share on other sites

First we need to uninstall the MBAM you have now.

To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read Carefully

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !
  • Download and run mbam-clean.exe from Here

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from Here

Windows Vista and Windows 7:

  • Click on the Start button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !

Next:

  • Please download Malwarebytes' Anti-Malware from here
    If you are unable to do this from the infected computer directly, transfer the file from another computer.
  • Download the mbam-setup.exe to your desktop.
  • Now make sure extensions are shown. To do this, please look here
  • Then rename the mbam-setup.exe: mbamsetupexe.png to explorer.exe: mbamsetupexplorer.png
  • Then launch explorer.exe in order to install Malwarebytes' Anti-malware
  • Once Malwarebytes' Anti-Malware is installed, navigate to your Program Files\Malwarebytes' Anti-Malware folder and locate the mbam.exe in there:
    mbamexe.png
    rename it to iexplore.exe:
    rename.png
  • Now doubleclick iexplore.exe to launch Malwarebytes' Anti-malware.
  • Click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart, so please allow MBAM to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Please don't attach the scans / logs, use "copy/paste".

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I'm getting the same pop-up as I did trying to run ATF Cleaner, when trying to run explorer.exe. 'explorer.exe is not a valid Win32 application'.

Would this have anything to do with the following? When i first noticed the antivirus scan malware, I tried the forum advice of using defogger. After disabling the the CD emulation drivers using defogger I was asked to reboot, this was unsuccessful (presumably because I had tried in normal mode) so I re-enabled the drivers.

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hey sorry it's taken so long to get back to you. After the scan completed I removed the infected files. However sometime during the scan I lost connection with the internet and I'm currently unable to access internet explorer. My network connection is working as I can use messenger, however upon opening IE I'm greeted with the generic 'cannot display the webpage' page. I'm borrowing another laptop so I can paste the results of the scan:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=5e2c5eabce378848b336b9bc37ddbeee

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-12-18 09:57:32

# local_time=2010-12-18 09:57:32 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=6.0.6000 NT

# compatibility_mode=1024 16777215 100 0 25215319 25215319 0 0

# compatibility_mode=5892 16776574 100 100 85867 130239403 0 0

# compatibility_mode=8192 67108863 100 0 405 405 0 0

# scanned=128575

# found=6

# cleaned=6

# scan_time=2777

C:\Users\Blake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6DWNFECK\dlyzcrbmjnxqeuy1[2].pdf PDF/Exploit.Pidief.PDS.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Blake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9TM4ZGJ\ysywboilcrgs[1].pdf PDF/Exploit.Pidief.PDS.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Blake\AppData\Local\Temp\csrss.exe a variant of Win32/Kryptik.IZN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Blake\AppData\Local\Temp\txaduekeg\wouycklaffm.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Blake\AppData\Roaming\dwm.exe a variant of Win32/Kryptik.IXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Blake\AppData\Roaming\Microsoft\conhost.exe a variant of Win32/Kryptik.IZN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Next:

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

Note:

If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.

Be sure to download any updates.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Fantastic! That's fixed the IE problem, back on my own laptop in normal mode! The laptop is now a little speedier again, google redirect seems to have gone after a couple of quick searches using it. Antivirus scan has also disappeared for now.

Combofix log was as follows:

ComboFix 10-12-18.01 - Blake 19/12/2010 0:01.1.2 - x86

Microsoft

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :rolleyes:

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Thank you very much for all your time and patience! It's great to know there are decent people like yourself helping to fix damage done by malicious jerks.

As for defogger;

I did run it before I started this thread and got one of the error logs as it didn't deactive the drivers. I then tried to renable the drivers and got a second log. I didn't think they meant anything so I deleted them at the time. Will this have any negative effect?

Thanks again :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.