Jump to content

Recommended Posts

Hello,

About a week ago, I opened a program that I knew that I should not have opened, now whenever I perform a Google search in Firefox and click on a link, I am redirected to a different random site. Also, the Windows Security center is disabled. I try to set the service back to Automatic, but it keeps disabling itself. Here is the latest MalwareBytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6500

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

5/3/2011 2:42:13 PM

mbam-log-2011-05-03 (14-42-13).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 293798

Time elapsed: 30 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the latest DDS log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Jared at 14:45:55.54 on Tue 05/03/2011

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2515 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Lenovo\HaloLighting\HaloLighting.exe

C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\WUDFHost.exe

C:\Users\Jared\Desktop\dds.com

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HaloLighting] C:\Program Files (x86)\Lenovo\HaloLighting\HaloLighting.exe

mRun: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe

mRun: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

mRun-x64: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

mRun-x64: [iAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\j89ut3rb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-26 600920]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-4-26 287064]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-4-26 22360]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-4-26 64344]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-26 42184]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2010-12-21 21992]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

R3 ICOLOR;Lenovo icolor Controller Driver;C:\Windows\System32\drivers\setool.sys [2007-10-30 9728]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-19 136176]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-21 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-6 1255736]

.

=============== Created Last 30 ================

.

2011-05-03 17:56:09 -------- d-----w- C:\Windows\System32\appmgmt

2011-05-03 17:55:29 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-03 15:33:17 98816 ----a-w- C:\Windows\sed.exe

2011-05-03 15:33:17 89088 ----a-w- C:\Windows\MBR.exe

2011-05-03 15:33:17 256512 ----a-w- C:\Windows\PEV.exe

2011-05-03 15:33:17 161792 ----a-w- C:\Windows\SWREG.exe

2011-05-03 15:02:26 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-05-03 15:02:25 -------- d-----w- C:\Program Files\Hitman Pro 3.5

2011-05-03 15:01:45 -------- d-----w- C:\PROGRA~3\Hitman Pro

2011-04-29 10:44:13 -------- d-----w- C:\Users\Jared\AppData\Roaming\Malwarebytes

2011-04-29 10:44:07 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-29 10:44:06 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-04-29 10:44:02 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-29 10:44:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-04-26 22:45:53 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-04-26 22:45:53 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-04-26 22:42:34 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-04-26 22:42:33 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-04-26 22:42:26 40112 ----a-w- C:\Windows\avastSS.scr

2011-04-26 22:42:07 -------- d-----w- C:\Program Files\AVAST Software

2011-04-26 22:42:07 -------- d-----w- C:\PROGRA~3\AVAST Software

2011-04-26 21:03:23 -------- d-----w- C:\Program Files\CCleaner

2011-04-26 20:56:34 -------- d-----w- C:\Program Files\Motorola Inc

2011-04-26 20:56:33 -------- d-----w- C:\Program Files\Common Files\Motorola Shared

2011-04-26 20:56:24 -------- d-----w- C:\Program Files (x86)\Motorola

2011-04-26 20:56:24 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-04-25 14:28:39 -------- d-----w- C:\PROGRA~3\IObit

2011-04-25 14:28:35 -------- d-----w- C:\Program Files (x86)\IObit

2011-04-24 00:12:22 98304 --sha-r- C:\Windows\SysWow64\KBDTIPRC7.dll

2011-04-21 18:22:14 -------- d-----w- C:\Windows\System32\SPReview

2011-04-21 18:21:38 -------- d-----w- C:\Windows\System32\EventProviders

2011-04-21 18:16:12 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-04-21 18:16:12 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-04-21 18:14:59 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-04-21 18:13:59 512000 ----a-w- C:\Windows\System32\rpcss.dll

2011-04-21 18:12:59 254464 ----a-w- C:\Windows\SysWow64\dhcpcore.dll

2011-04-21 18:11:59 78848 ----a-w- C:\Windows\System32\hbaapi.dll

2011-04-21 18:10:59 80896 ----a-w- C:\Windows\SysWow64\QUTIL.DLL

2011-04-21 18:09:47 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe

2011-04-21 18:09:47 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll

2011-04-21 18:09:34 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-04-21 18:09:34 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-04-21 18:09:27 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-04-21 18:09:27 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-04-21 18:07:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-04-21 18:07:32 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-04-21 18:07:32 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-04-21 18:07:21 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-04-21 18:07:14 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-04-21 18:06:47 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-04-21 18:06:46 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-04-21 02:34:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-04-21 02:24:08 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-04-14 23:29:48 -------- d-----w- C:\Garmin

2011-04-14 23:07:32 -------- d-----w- C:\Users\Jared\AppData\Roaming\GARMIN

2011-04-14 23:07:32 -------- d-----w- C:\Users\Jared\AppData\Local\GARMIN_Corp

2011-04-14 23:07:32 -------- d-----w- C:\PROGRA~3\GARMIN

2011-04-14 23:06:53 -------- d-----w- C:\Program Files (x86)\Garmin

2011-04-13 20:56:58 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-04-13 19:04:38 45432 ----a-w- C:\Windows\System32\drivers\point64.sys

2011-04-13 19:04:38 23960 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys

2011-04-13 19:04:38 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll

2011-04-12 19:47:07 4283672 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-04-12 19:45:45 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-04-09 03:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll

2011-04-09 03:00:20 47616 ----a-w- C:\Windows\System32\drivers\dc3d.sys

2011-04-05 10:01:15 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-04-05 10:01:15 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-04-05 10:01:15 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-04-05 10:01:15 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

.

==================== Find3M ====================

.

2011-04-21 18:35:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-04-21 18:35:32 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-04-21 02:34:59 49664 ----a-w- C:\Windows\System32\imgutil.dll

2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe

2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe

2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe

2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 14:46:58.12 ===============

The other DDS log and the ARK log are attached in the compressed file. Thanks.

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for getting back to me. Here is the latest Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6540

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

5/9/2011 4:21:44 PM

mbam-log-2011-05-09 (16-21-44).txt

Scan type: Quick scan

Objects scanned: 170774

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the ComboFix log:

ComboFix 11-05-09.01 - Jared 05/09/2011 16:29:42.3.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2614 [GMT -4:00]

Running from: e:\downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))

.

.

2011-05-09 20:38 . 2011-05-09 20:38 -------- d-----w- c:\users\Mcx1-JARED-PC\AppData\Local\temp

2011-05-09 20:38 . 2011-05-09 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-03 17:56 . 2011-05-03 17:56 -------- d-----w- c:\windows\system32\appmgmt

2011-05-03 15:02 . 2011-05-03 15:02 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-05-03 15:02 . 2011-05-03 15:02 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-05-03 15:01 . 2011-05-03 15:01 -------- d-----w- c:\programdata\Hitman Pro

2011-04-29 10:44 . 2011-04-29 10:44 -------- d-----w- c:\users\Jared\AppData\Roaming\Malwarebytes

2011-04-29 10:44 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-29 10:44 . 2011-04-29 10:44 -------- d-----w- c:\programdata\Malwarebytes

2011-04-29 10:44 . 2011-04-29 10:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-29 10:44 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-26 22:45 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-26 22:45 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-04-26 22:42 . 2011-04-18 17:18 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-04-26 22:42 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-04-26 22:42 . 2011-04-18 17:16 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-04-26 22:42 . 2011-04-18 17:13 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-04-26 22:42 . 2011-04-18 17:13 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-26 22:42 . 2011-04-18 17:25 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-04-26 22:42 . 2011-04-18 17:13 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-04-26 22:42 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr

2011-04-26 22:42 . 2011-04-18 17:25 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-04-26 22:42 . 2011-04-26 22:42 -------- d-----w- c:\programdata\AVAST Software

2011-04-26 22:42 . 2011-04-26 22:42 -------- d-----w- c:\program files\AVAST Software

2011-04-26 21:03 . 2011-04-26 21:03 -------- d-----w- c:\program files\CCleaner

2011-04-26 20:56 . 2011-04-26 20:56 -------- d-----w- c:\program files\Motorola Inc

2011-04-26 20:56 . 2011-04-26 20:56 -------- d-----w- c:\program files\Common Files\Motorola Shared

2011-04-26 20:56 . 2011-04-26 20:56 -------- d-----w- c:\program files (x86)\Motorola

2011-04-25 14:28 . 2011-04-25 14:28 -------- d-----w- c:\programdata\IObit

2011-04-25 14:28 . 2011-04-25 14:28 -------- d-----w- c:\program files (x86)\IObit

2011-04-24 00:12 . 2011-04-24 00:12 98304 --sha-r- c:\windows\SysWow64\KBDTIPRC7.dll

2011-04-21 18:22 . 2011-04-21 18:22 -------- d-----w- c:\windows\system32\SPReview

2011-04-21 18:21 . 2011-04-21 18:21 -------- d-----w- c:\windows\system32\EventProviders

2011-04-21 18:16 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-04-21 18:16 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-04-21 18:14 . 2010-11-20 13:27 2223616 ----a-w- c:\windows\system32\mssrch.dll

2011-04-21 18:13 . 2010-11-20 13:27 1900544 ----a-w- c:\windows\system32\setupapi.dll

2011-04-21 18:12 . 2010-11-20 12:21 172544 ----a-w- c:\windows\SysWow64\spp.dll

2011-04-21 18:10 . 2010-11-20 13:27 215040 ----a-w- c:\windows\system32\wpdwcn.dll

2011-04-21 18:09 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll

2011-04-21 18:09 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe

2011-04-21 18:09 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-04-21 18:09 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-04-21 18:09 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-04-21 18:09 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-04-21 18:07 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-04-21 18:07 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-04-21 18:07 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-04-21 18:07 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-04-21 18:07 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-04-21 18:06 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-04-21 18:06 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-04-21 02:34 . 2011-04-21 02:34 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-04-21 02:24 . 2011-04-21 02:24 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-04-15 19:38 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-14 23:29 . 2011-04-14 23:29 -------- d-----w- C:\Garmin

2011-04-14 23:07 . 2011-04-14 23:07 -------- d-----w- c:\users\Jared\AppData\Roaming\GARMIN

2011-04-14 23:07 . 2011-04-14 23:07 -------- d-----w- c:\programdata\GARMIN

2011-04-14 23:07 . 2011-04-14 23:07 -------- d-----w- c:\users\Jared\AppData\Local\GARMIN_Corp

2011-04-14 23:06 . 2011-04-14 23:06 -------- d-----w- c:\program files\DIFX

2011-04-14 23:06 . 2011-05-03 17:56 -------- d-----w- c:\program files (x86)\Garmin

2011-04-13 20:56 . 2011-04-13 20:56 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys

2011-04-13 19:04 . 2011-04-13 19:04 23960 ----a-w- c:\windows\system32\drivers\nuidfltr.sys

2011-04-13 19:04 . 2011-04-13 19:04 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2011-04-12 19:47 . 2011-04-12 19:47 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-04-12 19:45 . 2011-04-12 19:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-21 18:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-04-21 18:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll

2011-04-09 03:00 . 2011-04-09 03:00 47616 ----a-w- c:\windows\system32\drivers\dc3d.sys

2011-03-04 06:19 . 2011-04-26 22:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-26 22:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-02-19 12:05 . 2011-03-08 23:27 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 12:04 . 2011-03-08 23:27 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 12:04 . 2011-03-08 23:27 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 06:30 . 2011-03-08 23:27 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-19 06:30 . 2011-03-08 23:27 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-05-03_15.37.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2011-05-09 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-05-03 15:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-05-03 15:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-09 19:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-05-03 15:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-09 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-06 23:18 . 2011-05-04 19:31 22072 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-05-04 19:31 42826 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:30 . 2011-05-03 17:56 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2011-04-27 01:09 86016 c:\windows\system32\DriverStore\infpub.dat

- 2010-12-07 01:28 . 2011-04-28 21:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-07 01:28 . 2011-05-04 01:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-07 01:28 . 2011-05-04 01:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-07 01:28 . 2011-04-28 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-04 01:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-04-28 21:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-06 22:38 . 2011-05-04 19:31 6078 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-449560704-3954956922-226564882-1001_UserData.bin

+ 2011-05-04 19:14 . 2011-05-04 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-05-03 15:30 . 2011-05-03 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-05-04 19:14 . 2011-05-04 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-05-03 15:30 . 2011-05-03 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-12-07 00:59 . 2011-05-09 19:37 302344 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-05-03 15:03 624178 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-05-04 19:18 624178 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-05-04 19:18 106522 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-05-03 15:03 106522 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:30 . 2011-05-03 17:56 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-04-27 01:09 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-05-03 17:56 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2011-04-27 01:09 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:01 . 2011-05-04 11:05 388608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-05-03 15:29 388608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-05 10:02 . 2011-05-04 11:05 7324598 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-449560704-3954956922-226564882-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

"HaloLighting"="c:\program files (x86)\Lenovo\HaloLighting\HaloLighting.exe" [2007-12-10 1421312]

"EnergyUtility"="c:\program files (x86)\Lenovo\EnergyCut\utilty.exe" [2007-04-28 1581056]

"EnergyCut"="c:\program files (x86)\Lenovo\EnergyCut\EnergyCut.exe" [2007-03-10 1167360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 ICOLOR;Lenovo icolor Controller Driver;c:\windows\system32\DRIVERS\setool.sys [x]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 01:06]

.

2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 01:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\j89ut3rb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Secunia PSI - c:\program files (x86)\Secunia\PSI\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-09 16:43:30

ComboFix-quarantined-files.txt 2011-05-09 20:43

ComboFix2.txt 2011-05-03 17:54

ComboFix3.txt 2011-05-03 15:39

.

Pre-Run: 7,886,548,992 bytes free

Post-Run: 7,836,663,808 bytes free

.

- - End Of File - - EDB98ADAA92468BB5DB111FD070906D6

I have attached the two DDS logs in the compressed folder "Attach"

Thanks for your help.

Attach.zip

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Sorry it took me so long to get back. I ran the ESET check and it did not find any threats. It also did not save a log file in the specified folder. I am still experiencing the same issues. When I preform a google search and attempt to click on the search result link, I am redirected to a random site. I am also unable to turn on Windows Security Center. When I go into Services.msc and enable the security center and turn it on, a few moments later, it gets turned off. When I check back at services.msc, security center is disabled again.

Here is the log from your security check:

Results of screen317's Security Check version 0.99.11

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.2.159.1

Adobe Reader X (10.0.1)

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

Here is a HijackThis log as well.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:45:39 AM, on 5/17/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Lenovo\HaloLighting\HaloLighting.exe

C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Jared\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HaloLighting] C:\Program Files (x86)\Lenovo\HaloLighting\HaloLighting.exe

O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe

O4 - HKLM\..\Run: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 6605 bytes

Link to post
Share on other sites

As I have been troubleshooting, I have found that only links in a Google search are redirected when I click on them. I checked Bing and clicking on search results were redirected from there as well. However, when I boot into safe mode, I can click on the links and they take me to the correct page. I hope this helps in the diagnosis.

Link to post
Share on other sites

  • Staff

Hi,

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Link to post
Share on other sites

Here is the log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-22 21:08:54

-----------------------------

21:08:54.777 OS Version: Windows x64 6.1.7601 Service Pack 1

21:08:54.778 Number of processors: 2 586 0xF0D

21:08:54.781 ComputerName: JARED-PC UserName: Jared

21:08:55.249 Initialize success

21:09:02.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

21:09:02.623 Disk 0 Vendor: OCZ-VERT 1.6_ Size: 30533MB BusType: 3

21:09:02.631 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1

21:09:02.637 Disk 1 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3

21:09:02.648 Disk 0 MBR read successfully

21:09:02.656 Disk 0 MBR scan

21:09:02.663 Disk 0 Windows 7 default MBR code

21:09:02.672 Service scanning

21:09:03.598 Disk 0 trace - called modules:

21:09:03.610 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

21:09:03.620 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003fcb2f0]

21:09:03.631 3 CLASSPNP.SYS[fffff88001ba443f] -> nt!IofCallDriver -> [0xfffffa8003ea8e40]

21:09:03.644 5 ACPI.sys[fffff88000f6b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8003ea7050]

21:09:03.657 Scan finished successfully

21:09:18.992 Disk 0 MBR has been saved successfully to "C:\Users\Jared\Desktop\MBR.dat"

21:09:19.009 The log file has been saved successfully to "C:\Users\Jared\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

The redirects occur in Firefox, IE, and Chrome. They happened when I used major search engine sites (I tried Google and Bing). I was not redirected when I clicked on a link from IE's default homepage, msn search, but I only tried that once. Also, when I boot into safe mode, I am not redirected.

Link to post
Share on other sites

  • Staff

Hi,

Since the redirects don't occur in Safe Mode, then something loading in Normal Mode is causing the redirects.

Click Start and type in msconfig.exe

Right click the file msconfig.exe that will appear, and select Run as Admin...

Click the Startup tab, then click Disable all...

Click OK.

Restart your computer and use it normally for a bit, and let me know if the redirects persist. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.

Let me know how it goes.

-screen317

Link to post
Share on other sites

  • Staff

Thanks for letting us know.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.