Jump to content

Recommended Posts

Hi

My girlfriend's laptop has been playing up recently and each time I run a Malwarebytes can it seems to find something. I delete it everytime, but the laptop is still not performing properly (keeping getting Google redirects). I've followed the instructions and attach the logs/results:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6694

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/27/2011 10:35:49 PM

mbam-log-2011-05-27 (22-35-49).txt

Scan type: Full scan (C:\|)

Objects scanned: 252603

Time elapsed: 1 hour(s), 32 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Lyndsay Aitken at 23:17:35 on 2011-05-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.130 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: Norton Internet Worm Protection *Disabled*

.

============== Running Processes ===============

.

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Lyndsay Aitken\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bbc.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://vaio-online.sony.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary

mRun: [biomenu] "c:\program files\protector suite ql\menusw.exe"

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN

StartupFolder: c:\docume~1\lyndsa~1\startm~1\programs\startup\vaiola~1.lnk - c:\program files\sony\vaio launcher\Launcher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: psfus - fusstub.dll

Notify: VESWinlogon - VESWinlogon.dll

LSA: Notification Packages = scecli fusstub

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\lyndsay aitken\application data\mozilla\firefox\profiles\rndgqnxl.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb76d5b&v=7.004.022.004&i=23&tp=ab&iy=&ychte=uk&lng=en-US&q=

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-8-11 9216]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]

R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-10 689464]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-12 1251720]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-8-11 36352]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-8-11 30080]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-8-11 71961]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-11 226304]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-9 947528]

S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]

S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]

.

=============== Created Last 30 ================

.

2011-05-27 20:07:57 388096 ----a-r- c:\documents and settings\lyndsay aitken\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-27 20:07:56 -------- d-----w- c:\program files\Trend Micro

2011-05-17 19:56:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-10 21:25:32 -------- d-----w- c:\program files\Virgin Media

2011-05-08 20:44:51 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-08 20:44:50 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-08 20:44:50 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-08 20:44:50 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-08 20:44:50 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-08 20:44:49 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-08 20:44:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-08 20:44:48 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-08 15:16:46 -------- d-----w- c:\documents and settings\lyndsay aitken\application data\Tatior

2011-05-08 15:16:46 -------- d-----w- c:\documents and settings\lyndsay aitken\application data\Paopo

2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-04 23:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-03-16 15:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK1234GSX rev.AH001A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86ED3730]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86ed9a10]; MOV EAX, [0x86ed9a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F2A9C0]

3 CLASSPNP[0xF7550FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008a[0x86F319E8]

5 ACPI[0xF73C7620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F30940]

\Driver\atapi[0x86FCCEE0] -> IRP_MJ_CREATE -> 0x86ED3730

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86ED357B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 23:19:35.14 ===============

Thanks in advance for the assistance.

Regards

Oliver

attach.zip

Link to post
Share on other sites

Hello COliver and welcome to Malwarebytes !

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

-------------

Please download ATF Cleaner

Save it to your Desktop.

Please locate ATF

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.

If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
In your next reply, please include:
  • TDSSKiller_log.txt
  • C:\ComboFix.txt

How is your computer running now?

Link to post
Share on other sites

Hi

Many thanks for the reply. Please find attached the logs:

TDSS

2011/05/29 10:39:44.0875 6020 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/29 10:39:44.0968 6020 ================================================================================

2011/05/29 10:39:44.0968 6020 SystemInfo:

2011/05/29 10:39:44.0968 6020

2011/05/29 10:39:44.0968 6020 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/29 10:39:44.0968 6020 Product type: Workstation

2011/05/29 10:39:44.0968 6020 ComputerName: LYNDSAY

2011/05/29 10:39:44.0968 6020 UserName: Lyndsay Aitken

2011/05/29 10:39:44.0968 6020 Windows directory: C:\WINDOWS

2011/05/29 10:39:44.0968 6020 System windows directory: C:\WINDOWS

2011/05/29 10:39:44.0968 6020 Processor architecture: Intel x86

2011/05/29 10:39:44.0968 6020 Number of processors: 2

2011/05/29 10:39:44.0968 6020 Page size: 0x1000

2011/05/29 10:39:44.0968 6020 Boot type: Normal boot

2011/05/29 10:39:44.0968 6020 ================================================================================

2011/05/29 10:39:47.0562 6020 Initialize success

2011/05/29 10:39:51.0078 4824 ================================================================================

2011/05/29 10:39:51.0078 4824 Scan started

2011/05/29 10:39:51.0078 4824 Mode: Manual;

2011/05/29 10:39:51.0078 4824 ================================================================================

2011/05/29 10:39:54.0203 4824 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/29 10:39:54.0250 4824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/05/29 10:39:54.0312 4824 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/29 10:39:54.0359 4824 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/05/29 10:39:54.0421 4824 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/29 10:39:54.0609 4824 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/05/29 10:39:54.0718 4824 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/29 10:39:54.0843 4824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/29 10:39:54.0875 4824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/29 10:39:54.0937 4824 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/29 10:39:55.0000 4824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/29 10:39:55.0046 4824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/29 10:39:55.0109 4824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/29 10:39:55.0140 4824 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/29 10:39:55.0234 4824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/29 10:39:55.0296 4824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/29 10:39:55.0343 4824 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/29 10:39:55.0406 4824 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/29 10:39:55.0468 4824 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/29 10:39:55.0593 4824 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/29 10:39:55.0656 4824 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/29 10:39:55.0734 4824 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/05/29 10:39:55.0843 4824 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/29 10:39:55.0875 4824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/29 10:39:55.0921 4824 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/29 10:39:55.0984 4824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/29 10:39:56.0031 4824 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

2011/05/29 10:39:56.0109 4824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/29 10:39:56.0156 4824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/29 10:39:56.0250 4824 FdRedir (59558c6547d0362afb639ac682a9fcc3) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys

2011/05/29 10:39:56.0281 4824 FileDisk2 (30967822edd32fb37f8209500724ae6c) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys

2011/05/29 10:39:56.0406 4824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/29 10:39:56.0421 4824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/29 10:39:56.0484 4824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/29 10:39:56.0531 4824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/29 10:39:56.0578 4824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/29 10:39:56.0640 4824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/29 10:39:56.0703 4824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/29 10:39:56.0734 4824 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/29 10:39:56.0906 4824 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/05/29 10:39:56.0984 4824 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/05/29 10:39:57.0062 4824 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/29 10:39:57.0187 4824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/29 10:39:57.0296 4824 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/05/29 10:39:57.0453 4824 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

2011/05/29 10:39:57.0515 4824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/29 10:39:57.0640 4824 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/29 10:39:57.0687 4824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/29 10:39:57.0734 4824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/29 10:39:57.0781 4824 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/29 10:39:57.0812 4824 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/29 10:39:57.0875 4824 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/29 10:39:57.0968 4824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/29 10:39:58.0015 4824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/29 10:39:58.0062 4824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/29 10:39:58.0093 4824 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/29 10:39:58.0140 4824 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/29 10:39:58.0265 4824 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/05/29 10:39:58.0328 4824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/29 10:39:58.0390 4824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/29 10:39:58.0421 4824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/29 10:39:58.0468 4824 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/29 10:39:58.0593 4824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/29 10:39:58.0656 4824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/29 10:39:58.0718 4824 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/29 10:39:58.0781 4824 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/29 10:39:58.0828 4824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/29 10:39:58.0859 4824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/29 10:39:58.0890 4824 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/29 10:39:58.0953 4824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/29 10:39:58.0984 4824 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/29 10:39:59.0093 4824 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/29 10:39:59.0187 4824 Mvc25U870_VID_1262&PID_25FD (e88e7e9aa0ab34b6c664a4a43cea6316) C:\WINDOWS\system32\Drivers\Mvc25U870.sys

2011/05/29 10:39:59.0515 4824 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/29 10:39:59.0750 4824 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/29 10:39:59.0875 4824 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/29 10:39:59.0921 4824 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/29 10:39:59.0953 4824 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/29 10:39:59.0984 4824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/29 10:40:00.0093 4824 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/29 10:40:00.0218 4824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/29 10:40:00.0265 4824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/29 10:40:00.0343 4824 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/29 10:40:00.0390 4824 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/29 10:40:00.0453 4824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/29 10:40:00.0593 4824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/29 10:40:00.0796 4824 nv (6866504ee1570ef783309abfb56f87e5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/29 10:40:01.0000 4824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/29 10:40:01.0046 4824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/29 10:40:01.0093 4824 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/29 10:40:01.0156 4824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/05/29 10:40:01.0171 4824 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/29 10:40:01.0203 4824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/29 10:40:01.0234 4824 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/29 10:40:01.0281 4824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/29 10:40:01.0328 4824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/05/29 10:40:01.0500 4824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/29 10:40:01.0578 4824 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/29 10:40:01.0625 4824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/29 10:40:01.0640 4824 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/05/29 10:40:01.0875 4824 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys

2011/05/29 10:40:01.0953 4824 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

2011/05/29 10:40:02.0046 4824 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2011/05/29 10:40:02.0078 4824 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

2011/05/29 10:40:02.0140 4824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/29 10:40:02.0187 4824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/29 10:40:02.0203 4824 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/29 10:40:02.0265 4824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/29 10:40:02.0312 4824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/29 10:40:02.0359 4824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/29 10:40:02.0406 4824 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/29 10:40:02.0468 4824 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/29 10:40:02.0500 4824 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/29 10:40:02.0593 4824 s24trans (078eba5670fdaa041552cd86b984f2de) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/05/29 10:40:02.0656 4824 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/29 10:40:02.0703 4824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/05/29 10:40:02.0718 4824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/29 10:40:02.0781 4824 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys

2011/05/29 10:40:02.0828 4824 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/29 10:40:02.0875 4824 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

2011/05/29 10:40:02.0937 4824 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys

2011/05/29 10:40:02.0968 4824 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys

2011/05/29 10:40:03.0000 4824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/29 10:40:03.0046 4824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/29 10:40:03.0109 4824 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/29 10:40:03.0218 4824 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys

2011/05/29 10:40:03.0375 4824 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/29 10:40:03.0406 4824 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/29 10:40:03.0437 4824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/29 10:40:03.0531 4824 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/05/29 10:40:03.0593 4824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/29 10:40:03.0671 4824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/29 10:40:03.0734 4824 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

2011/05/29 10:40:03.0812 4824 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/29 10:40:03.0843 4824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/29 10:40:03.0890 4824 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/29 10:40:03.0953 4824 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys

2011/05/29 10:40:04.0015 4824 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

2011/05/29 10:40:04.0062 4824 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2011/05/29 10:40:04.0093 4824 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2011/05/29 10:40:04.0140 4824 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2011/05/29 10:40:04.0187 4824 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2011/05/29 10:40:04.0234 4824 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2011/05/29 10:40:04.0250 4824 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2011/05/29 10:40:04.0312 4824 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys

2011/05/29 10:40:04.0359 4824 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2011/05/29 10:40:04.0421 4824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/29 10:40:04.0500 4824 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/29 10:40:04.0562 4824 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/29 10:40:04.0625 4824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/29 10:40:04.0687 4824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/29 10:40:04.0703 4824 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/29 10:40:04.0718 4824 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/29 10:40:04.0765 4824 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/29 10:40:04.0828 4824 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/29 10:40:04.0890 4824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/29 10:40:04.0937 4824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/29 10:40:05.0062 4824 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/05/29 10:40:05.0156 4824 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/29 10:40:05.0218 4824 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/29 10:40:05.0343 4824 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/05/29 10:40:05.0437 4824 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/29 10:40:05.0515 4824 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

2011/05/29 10:40:05.0578 4824 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/05/29 10:40:05.0578 4824 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/29 10:40:05.0578 4824 ================================================================================

2011/05/29 10:40:05.0578 4824 Scan finished

2011/05/29 10:40:05.0578 4824 ================================================================================

2011/05/29 10:40:05.0593 4624 Detected object count: 1

2011/05/29 10:40:05.0593 4624 Actual detected object count: 1

2011/05/29 10:40:11.0953 4624 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/29 10:40:11.0953 4624 \Device\Harddisk0\DR0 - ok

2011/05/29 10:40:11.0953 4624 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/05/29 10:40:18.0937 6016 Deinitialize success

Combofix

ComboFix 11-05-30.04 - Lyndsay Aitken 05/30/2011 18:34:18.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.395 [GMT 1:00]

Running from: c:\documents and settings\Lyndsay Aitken\Desktop\ComboFix.exe

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Lyndsay Aitken\Application Data\Paopo

c:\documents and settings\Lyndsay Aitken\Application Data\Paopo\louz.abu

c:\documents and settings\Lyndsay Aitken\Desktop\install_flash_player.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))

.

.

2011-05-28 15:49 . 2011-05-28 18:10 -------- d-----w- c:\program files\Championship Manager 01-02

2011-05-28 15:44 . 2011-05-28 15:44 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-05-28 15:44 . 2011-05-28 15:44 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-05-28 15:43 . 2011-05-28 15:48 -------- d-----w- c:\documents and settings\Lyndsay Aitken\Application Data\DAEMON Tools Lite

2011-05-28 15:43 . 2011-05-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2011-05-27 20:07 . 2011-05-27 20:07 388096 ----a-r- c:\documents and settings\Lyndsay Aitken\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-27 20:07 . 2011-05-27 20:07 -------- d-----w- c:\program files\Trend Micro

2011-05-17 19:56 . 2011-05-17 19:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-10 21:25 . 2011-05-10 21:25 -------- d-----w- c:\program files\Virgin Media

2011-05-08 20:44 . 2011-05-08 20:44 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-08 20:44 . 2011-05-08 20:44 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-05-08 20:44 . 2011-05-08 20:44 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-05-08 20:44 . 2011-05-08 20:44 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-08 20:44 . 2011-05-08 20:44 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-08 20:44 . 2011-05-08 20:44 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-08 20:44 . 2011-05-08 20:44 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-08 20:44 . 2011-05-08 20:44 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-08 15:16 . 2011-05-08 17:20 -------- d-----w- c:\documents and settings\Lyndsay Aitken\Application Data\Tatior

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-03-07 05:33 . 2006-08-11 19:48 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2006-08-11 03:37 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2006-08-11 03:37 1857920 ----a-w- c:\windows\system32\win32k.sys

2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-05-08 20:44 . 2011-05-08 20:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2006-05-31 151552]

"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-8-12 491520]

.

c:\documents and settings\Lyndsay Aitken\Start Menu\Programs\Startup\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2010-3-23 778240]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2006-8-12 491520]

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2010-3-23 778240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-02-22 18:11 39936 ----a-w- c:\windows\system32\fusstub.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=

.

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [8/11/2006 4:38 AM 9216]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/28/2011 4:44 PM 218688]

R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [5/2/2011 2:02 PM 57144]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [4/28/2011 2:34 PM 66360]

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 7:13 PM 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 7:13 PM 33024]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [4/28/2011 2:34 PM 870200]

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [5/10/2011 10:25 PM 689464]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/11/2006 4:38 AM 36352]

R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys [4/21/2011 10:25 PM 18872]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [8/11/2006 4:38 AM 30080]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [8/11/2006 4:38 AM 71961]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/11/2006 4:38 AM 226304]

S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [4/28/2011 2:34 PM 53816]

S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [4/28/2011 2:34 PM 158904]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RAPPORTIASO

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bbc.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://vaio-online.sony.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\documents and settings\Lyndsay Aitken\Application Data\Mozilla\Firefox\Profiles\rndgqnxl.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb76d5b&v=7.004.022.004&i=23&tp=ab&iy=&ychte=uk&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-30 18:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1152)

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\passport.dll

c:\program files\Protector Suite QL\config.dll

c:\program files\Protector Suite QL\BhTcAll.dll

c:\program files\Protector Suite QL\BhDevTfm.dll

c:\program files\Protector Suite QL\AlgVer.dll

c:\program files\Protector Suite QL\TCBioLib.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\VESWinlogon.dll

c:\program files\Protector Suite QL\mysafe.dll

.

- - - - - - - > 'explorer.exe'(2152)

c:\windows\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Trusteer\Rapport\bin\RapportService.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

c:\windows\system32\wscntfy.exe

c:\program files\Apoint\Apntex.exe

c:\windows\system32\ICO.EXE

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Symantec\LiveUpdate\AUpdate.exe

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

.

**************************************************************************

.

Completion time: 2011-05-30 18:45:48 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-30 17:45

.

Pre-Run: 25,598,468,096 bytes free

Post-Run: 25,475,358,720 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - B5D9D6C0EF46FEEAD574604DD89B98B4

Link to post
Share on other sites

Hello again. :) Are you still experiencing any redirects?

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Do you recognize this folder? (in bold):

c:\documents and settings\Lyndsay Aitken\Application Data\Tatior\

-------------

Please download DeFogger to your Desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running Defogger, please post the log defogger_disable which will appear on your Desktop.
Do not re-enable these drivers until otherwise instructed.
-------------
Please run TDSSKiller.exe once more, and post the newly created log.
-------------
Please Launch Malwarebytes' Anti-Malware.
  • Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller_log.txt
  • Malwarebytes log
  • SecurityCheck checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hi

No, I don't recognise the "Tatior" folder; not sure what that is. The laptop doesn't seem to be experiencing redirects anymore and seems to be running a lot smoother now. The requested logs are as follows:

MBAM:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6736

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/31/2011 10:58:50 PM

mbam-log-2011-05-31 (22-58-50).txt

Scan type: Full scan (C:\|)

Objects scanned: 230969

Time elapsed: 41 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

TDSS:

2011/05/31 22:13:17.0546 2020 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/31 22:13:17.0656 2020 ================================================================================

2011/05/31 22:13:17.0656 2020 SystemInfo:

2011/05/31 22:13:17.0656 2020

2011/05/31 22:13:17.0656 2020 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/31 22:13:17.0656 2020 Product type: Workstation

2011/05/31 22:13:17.0656 2020 ComputerName: LYNDSAY

2011/05/31 22:13:17.0656 2020 UserName: Lyndsay Aitken

2011/05/31 22:13:17.0656 2020 Windows directory: C:\WINDOWS

2011/05/31 22:13:17.0656 2020 System windows directory: C:\WINDOWS

2011/05/31 22:13:17.0656 2020 Processor architecture: Intel x86

2011/05/31 22:13:17.0656 2020 Number of processors: 2

2011/05/31 22:13:17.0656 2020 Page size: 0x1000

2011/05/31 22:13:17.0656 2020 Boot type: Normal boot

2011/05/31 22:13:17.0656 2020 ================================================================================

2011/05/31 22:13:19.0203 2020 Initialize success

2011/05/31 22:13:22.0125 3680 ================================================================================

2011/05/31 22:13:22.0125 3680 Scan started

2011/05/31 22:13:22.0125 3680 Mode: Manual;

2011/05/31 22:13:22.0125 3680 ================================================================================

2011/05/31 22:13:23.0187 3680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/31 22:13:23.0234 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/05/31 22:13:23.0312 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/31 22:13:23.0375 3680 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/05/31 22:13:23.0453 3680 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/31 22:13:23.0687 3680 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/05/31 22:13:23.0750 3680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/31 22:13:24.0109 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/31 22:13:24.0171 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/31 22:13:24.0250 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/31 22:13:24.0296 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/31 22:13:24.0375 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/31 22:13:24.0468 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/31 22:13:24.0546 3680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/31 22:13:24.0625 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/31 22:13:24.0703 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/31 22:13:24.0734 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/31 22:13:24.0828 3680 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/05/31 22:13:24.0875 3680 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/05/31 22:13:25.0015 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/31 22:13:25.0093 3680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/31 22:13:25.0203 3680 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/05/31 22:13:25.0234 3680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/31 22:13:25.0281 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/31 22:13:25.0343 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/31 22:13:25.0406 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/31 22:13:25.0453 3680 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

2011/05/31 22:13:25.0515 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/31 22:13:25.0609 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/31 22:13:25.0703 3680 FdRedir (59558c6547d0362afb639ac682a9fcc3) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys

2011/05/31 22:13:25.0718 3680 FileDisk2 (30967822edd32fb37f8209500724ae6c) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys

2011/05/31 22:13:25.0781 3680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/31 22:13:25.0812 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/31 22:13:25.0875 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/31 22:13:25.0921 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/31 22:13:25.0953 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/31 22:13:26.0015 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/31 22:13:26.0125 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/31 22:13:26.0187 3680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/05/31 22:13:26.0312 3680 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/05/31 22:13:26.0375 3680 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/05/31 22:13:26.0468 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/31 22:13:26.0656 3680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/31 22:13:26.0765 3680 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/05/31 22:13:26.0859 3680 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

2011/05/31 22:13:26.0984 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/31 22:13:27.0125 3680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/31 22:13:27.0156 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/31 22:13:27.0218 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/31 22:13:27.0250 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/31 22:13:27.0296 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/31 22:13:27.0343 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/31 22:13:27.0453 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/31 22:13:27.0500 3680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/31 22:13:27.0546 3680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/31 22:13:27.0578 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/31 22:13:27.0625 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/31 22:13:27.0750 3680 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/05/31 22:13:27.0796 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/31 22:13:27.0843 3680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/31 22:13:27.0859 3680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/31 22:13:27.0906 3680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/31 22:13:28.0015 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/31 22:13:28.0078 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/31 22:13:28.0156 3680 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/31 22:13:28.0187 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/31 22:13:28.0234 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/31 22:13:28.0265 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/31 22:13:28.0281 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/31 22:13:28.0328 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/31 22:13:28.0359 3680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/31 22:13:28.0468 3680 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/31 22:13:28.0531 3680 Mvc25U870_VID_1262&PID_25FD (e88e7e9aa0ab34b6c664a4a43cea6316) C:\WINDOWS\system32\Drivers\Mvc25U870.sys

2011/05/31 22:13:28.0562 3680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/31 22:13:28.0609 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/31 22:13:28.0656 3680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/31 22:13:28.0687 3680 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/31 22:13:28.0734 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/31 22:13:28.0750 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/31 22:13:28.0812 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/31 22:13:28.0921 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/31 22:13:28.0984 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/31 22:13:29.0046 3680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/31 22:13:29.0078 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/31 22:13:29.0140 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/31 22:13:29.0218 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/31 22:13:29.0421 3680 nv (6866504ee1570ef783309abfb56f87e5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/31 22:13:29.0593 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/31 22:13:29.0625 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/31 22:13:29.0687 3680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/31 22:13:29.0734 3680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/05/31 22:13:29.0750 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/31 22:13:29.0796 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/31 22:13:29.0812 3680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/31 22:13:29.0859 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/31 22:13:29.0906 3680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/05/31 22:13:30.0062 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/31 22:13:30.0140 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/31 22:13:30.0171 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/31 22:13:30.0203 3680 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/05/31 22:13:30.0421 3680 RapportCerberus_26169 (df1f468a6016c4950cfc169ae77d84cd) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys

2011/05/31 22:13:30.0500 3680 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

2011/05/31 22:13:30.0593 3680 RapportIaso (8ef46da83462e865f9070b03edf740d4) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\24413\RapportIaso.sys

2011/05/31 22:13:30.0703 3680 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2011/05/31 22:13:30.0750 3680 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

2011/05/31 22:13:30.0796 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/31 22:13:30.0859 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/31 22:13:30.0890 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/31 22:13:30.0937 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/31 22:13:30.0984 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/31 22:13:31.0078 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/31 22:13:31.0109 3680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/31 22:13:31.0140 3680 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/31 22:13:31.0187 3680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/31 22:13:31.0265 3680 s24trans (078eba5670fdaa041552cd86b984f2de) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/05/31 22:13:31.0343 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/31 22:13:31.0375 3680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/05/31 22:13:31.0421 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/31 22:13:31.0468 3680 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys

2011/05/31 22:13:31.0531 3680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/31 22:13:31.0625 3680 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

2011/05/31 22:13:31.0656 3680 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys

2011/05/31 22:13:31.0703 3680 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys

2011/05/31 22:13:31.0734 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/31 22:13:31.0796 3680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/31 22:13:31.0859 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/31 22:13:31.0984 3680 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys

2011/05/31 22:13:32.0078 3680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/31 22:13:32.0109 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/31 22:13:32.0140 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/31 22:13:32.0250 3680 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/05/31 22:13:32.0312 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/31 22:13:32.0390 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/31 22:13:32.0453 3680 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

2011/05/31 22:13:32.0562 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/31 22:13:32.0593 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/31 22:13:32.0640 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/31 22:13:32.0703 3680 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys

2011/05/31 22:13:32.0750 3680 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

2011/05/31 22:13:32.0812 3680 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2011/05/31 22:13:32.0859 3680 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2011/05/31 22:13:32.0875 3680 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2011/05/31 22:13:32.0921 3680 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2011/05/31 22:13:32.0984 3680 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2011/05/31 22:13:33.0000 3680 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2011/05/31 22:13:33.0062 3680 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys

2011/05/31 22:13:33.0109 3680 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2011/05/31 22:13:33.0156 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/31 22:13:33.0250 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/31 22:13:33.0328 3680 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/31 22:13:33.0375 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/31 22:13:33.0453 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/31 22:13:33.0500 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/31 22:13:33.0531 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/31 22:13:33.0578 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/31 22:13:33.0625 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/31 22:13:33.0671 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/31 22:13:33.0734 3680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/31 22:13:33.0859 3680 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/05/31 22:13:34.0000 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/31 22:13:34.0046 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/31 22:13:34.0140 3680 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/05/31 22:13:34.0234 3680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/31 22:13:34.0281 3680 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

2011/05/31 22:13:34.0343 3680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/05/31 22:13:34.0531 3680 ================================================================================

2011/05/31 22:13:34.0531 3680 Scan finished

2011/05/31 22:13:34.0531 3680 ================================================================================

2011/05/31 22:13:34.0546 2008 Detected object count: 0

2011/05/31 22:13:34.0546 2008 Actual detected object count: 0

Security check:

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

SonicStage Mastering Studio Audio Filter Custom Preset

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 20

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Adobe Reader 9.4.4

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

``````````End of Log````````````

Thanks again for your continued assistance.

Link to post
Share on other sites

Hello again. I am glad to hear that your redirections have stopped, and your logs are looking much better! ;)

However, there is much more that remains.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-------------

In your next reply, please include:

  • ESET logfile

How is your computer running now?

Link to post
Share on other sites

Hi, apologies for the delay, have not had access to the laptop for a few days. Here is the latest log file:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=9c5902ce5bbced47bf8b7a3e79ae77d8

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-05 10:00:26

# local_time=2011-06-05 11:00:26 (+0000, GMT Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 781636 781636 0 0

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 330 330 0 0

# scanned=81188

# found=0

# cleaned=0

# scan_time=2714

Link to post
Share on other sites

Hello again. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

You may now reinstall AVG Antivirus.

-------------

Please perform the following program updates:

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, click the "Accept License Agreement" button
  • If you are running a 32-bit version of Windows click the link to download the file for Windows x86 Offline (jre-6u25-windows-i586.exe) and save to your Desktop.
    - Note: If you are running an x64 (64-bit) version of Windows, you need to install both the Windows (x86) and Windows x64 version.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your Desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version (the x64 version is jre-6u25-windows-x64.exe).

    - Note: If you are running Vista, you may need to right-click on the installation file and select Run as Administrator.

-------------

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

-------------

Please let me know how the program updates went, as failed updates can inidicate additional malware.

Link to post
Share on other sites

Hello again.

Good to hear that the updates went well!

Is there anything else I should do?

I will provide you with some suggestions for security-related programs. ;)

Thanks for all your help!

No problem!

Please continue with the following:

-----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall AVG Anti-Virus.

-----------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

You have NO antivirus program installed !

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.