Jump to content

Google redirect virus removal log files


Recommended Posts

hoping someone can help me from here:

(thanks in advance for your time)

MALWAREBYTES LOG FILE:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6901

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

6/26/2011 7:53:21 AM

mbam-log-2011-06-26 (07-53-21).txt

Scan type: Full scan (C:\|D:\|I:\|)

Objects scanned: 337794

Time elapsed: 1 hour(s), 45 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Mary\local settings\Temp\0.1168971942803152.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

**************************************************

DDS FILE:

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17

Run by Mary at 8:35:17 on 2011-06-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.472 [GMT -4:00]

.

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgfws.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\AVG\AVG10\avgcmgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.shockwave.com/gamelanding/jigsawpuzzles.jsp

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Tcitokonipucovo] rundll32.exe "c:\windows\wusbdtc.dll",Startup

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\mary\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{A124A34C-5EAB-4C0D-B121-0EC2FE61EED9} : DhcpNameServer = 192.168.254.254

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mary\application data\mozilla\firefox\profiles\6e8sezch.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.9wsyr.com/default.aspx|http://www.npr.org/|https://email.1and1.com/ox.html

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcc7de4&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\mary\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\mary\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-27 1691480]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-9 947528]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-19 39984]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

.

============= FINISH: 8:36:01.73 ===============

********************************************************************

ATTACH.ZIP

ARK.ZIP

attached

ark.zip

attach.zip

Link to post
Share on other sites

Hello irisgal and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

TDSSKiller:

2011/06/27 19:38:16.0328 1724 TDSS rootkit removing tool 2.5.6.0 Jun 27 2011 15:22:52

2011/06/27 19:38:18.0375 1724 ================================================================================

2011/06/27 19:38:18.0375 1724 SystemInfo:

2011/06/27 19:38:18.0375 1724

2011/06/27 19:38:18.0375 1724 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/27 19:38:18.0375 1724 Product type: Workstation

2011/06/27 19:38:18.0375 1724 ComputerName: MARYDESKTOP

2011/06/27 19:38:18.0375 1724 UserName: Mary

2011/06/27 19:38:18.0375 1724 Windows directory: C:\WINDOWS

2011/06/27 19:38:18.0375 1724 System windows directory: C:\WINDOWS

2011/06/27 19:38:18.0375 1724 Processor architecture: Intel x86

2011/06/27 19:38:18.0375 1724 Number of processors: 2

2011/06/27 19:38:18.0375 1724 Page size: 0x1000

2011/06/27 19:38:18.0375 1724 Boot type: Normal boot

2011/06/27 19:38:18.0375 1724 ================================================================================

2011/06/27 19:38:20.0437 1724 Initialize success

2011/06/27 19:38:24.0687 4056 ================================================================================

2011/06/27 19:38:24.0687 4056 Scan started

2011/06/27 19:38:24.0687 4056 Mode: Manual;

2011/06/27 19:38:24.0687 4056 ================================================================================

2011/06/27 19:38:26.0156 4056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/27 19:38:26.0203 4056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/27 19:38:26.0265 4056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/27 19:38:26.0343 4056 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/06/27 19:38:26.0625 4056 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/06/27 19:38:26.0750 4056 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys

2011/06/27 19:38:26.0843 4056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/06/27 19:38:27.0171 4056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/27 19:38:27.0234 4056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/27 19:38:27.0375 4056 ati2mtag (cd5c874245435c9ce7e347e28cf3c6b5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/06/27 19:38:27.0500 4056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/27 19:38:27.0546 4056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/27 19:38:27.0609 4056 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/06/27 19:38:27.0625 4056 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

2011/06/27 19:38:27.0734 4056 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/06/27 19:38:27.0765 4056 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/06/27 19:38:27.0796 4056 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/06/27 19:38:27.0828 4056 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/06/27 19:38:27.0859 4056 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/06/27 19:38:27.0921 4056 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/06/27 19:38:27.0953 4056 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/06/27 19:38:28.0000 4056 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/06/27 19:38:28.0062 4056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/27 19:38:28.0125 4056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/27 19:38:28.0171 4056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/27 19:38:28.0250 4056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/27 19:38:28.0312 4056 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/27 19:38:28.0531 4056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/27 19:38:28.0609 4056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/27 19:38:28.0703 4056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/27 19:38:28.0734 4056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/27 19:38:28.0781 4056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/27 19:38:28.0843 4056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/27 19:38:28.0890 4056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/27 19:38:28.0937 4056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/27 19:38:29.0031 4056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/27 19:38:29.0062 4056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/27 19:38:29.0109 4056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/06/27 19:38:29.0156 4056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/27 19:38:29.0234 4056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/27 19:38:29.0281 4056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/06/27 19:38:29.0328 4056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/27 19:38:29.0390 4056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/27 19:38:29.0453 4056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/27 19:38:29.0546 4056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/27 19:38:29.0687 4056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/27 19:38:29.0750 4056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/27 19:38:30.0031 4056 IntcAzAudAddService (6806443ba8a66f63866f50e81ef685aa) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/06/27 19:38:30.0375 4056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/06/27 19:38:30.0406 4056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/27 19:38:30.0421 4056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/27 19:38:30.0468 4056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/27 19:38:30.0515 4056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/27 19:38:30.0546 4056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/27 19:38:30.0625 4056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/27 19:38:30.0671 4056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/27 19:38:30.0703 4056 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/27 19:38:30.0750 4056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/27 19:38:30.0828 4056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/27 19:38:30.0921 4056 MASPINT (98312c9eab656053be1aca3a8a5912b3) C:\WINDOWS\system32\drivers\MASPINT.sys

2011/06/27 19:38:31.0000 4056 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/06/27 19:38:31.0062 4056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/27 19:38:31.0156 4056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/27 19:38:31.0234 4056 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/06/27 19:38:31.0328 4056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/27 19:38:31.0375 4056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/27 19:38:31.0421 4056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/27 19:38:31.0500 4056 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/06/27 19:38:31.0593 4056 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/06/27 19:38:31.0734 4056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/27 19:38:31.0812 4056 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/27 19:38:31.0859 4056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/27 19:38:31.0906 4056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/27 19:38:31.0984 4056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/27 19:38:32.0000 4056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/27 19:38:32.0046 4056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/27 19:38:32.0078 4056 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/27 19:38:32.0109 4056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/27 19:38:32.0171 4056 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/27 19:38:32.0203 4056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/27 19:38:32.0234 4056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/27 19:38:32.0281 4056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/27 19:38:32.0328 4056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/27 19:38:32.0359 4056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/27 19:38:32.0468 4056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/06/27 19:38:32.0500 4056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/27 19:38:32.0546 4056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/27 19:38:32.0625 4056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/27 19:38:32.0656 4056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/27 19:38:32.0671 4056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/27 19:38:32.0718 4056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/06/27 19:38:32.0812 4056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/27 19:38:32.0843 4056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/27 19:38:32.0890 4056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/27 19:38:32.0921 4056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/27 19:38:33.0015 4056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/27 19:38:33.0062 4056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/27 19:38:33.0265 4056 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

2011/06/27 19:38:33.0468 4056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/27 19:38:33.0515 4056 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/06/27 19:38:33.0578 4056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/27 19:38:33.0609 4056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/27 19:38:33.0765 4056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/27 19:38:33.0796 4056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/27 19:38:33.0828 4056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/27 19:38:33.0859 4056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/27 19:38:33.0890 4056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/27 19:38:33.0937 4056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/27 19:38:34.0000 4056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/27 19:38:34.0062 4056 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/27 19:38:34.0093 4056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/27 19:38:34.0156 4056 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/06/27 19:38:34.0265 4056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/27 19:38:34.0328 4056 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/27 19:38:34.0359 4056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/27 19:38:34.0453 4056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/06/27 19:38:34.0578 4056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/27 19:38:34.0625 4056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/27 19:38:34.0703 4056 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/27 19:38:34.0765 4056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/27 19:38:34.0796 4056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/27 19:38:34.0921 4056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/27 19:38:34.0984 4056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/27 19:38:35.0031 4056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/27 19:38:35.0078 4056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/27 19:38:35.0109 4056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/27 19:38:35.0218 4056 ubohci (9dd333fa5746c222bbb58ab704c78ba5) C:\WINDOWS\system32\DRIVERS\ubohci.sys

2011/06/27 19:38:35.0281 4056 ubsbm (1bd61b9ac6756c58fd88fc74dcf1bd85) C:\WINDOWS\system32\DRIVERS\ubsbm.sys

2011/06/27 19:38:35.0343 4056 ubumapi (64461004a7e6a59f222b45d74a164556) C:\WINDOWS\system32\DRIVERS\ubumapi.sys

2011/06/27 19:38:35.0406 4056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/27 19:38:35.0578 4056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/27 19:38:35.0640 4056 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/06/27 19:38:35.0718 4056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/27 19:38:35.0765 4056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/27 19:38:35.0796 4056 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/06/27 19:38:35.0843 4056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/27 19:38:35.0890 4056 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/27 19:38:35.0906 4056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/27 19:38:35.0968 4056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/27 19:38:36.0046 4056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/27 19:38:36.0109 4056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/27 19:38:36.0234 4056 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/06/27 19:38:36.0312 4056 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/27 19:38:36.0343 4056 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/27 19:38:36.0453 4056 yukonwxp (2b77c863552ea9cdb989d484143ed016) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

2011/06/27 19:38:36.0515 4056 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/06/27 19:38:36.0781 4056 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4

2011/06/27 19:38:37.0343 4056 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR8

2011/06/27 19:38:37.0375 4056 Boot (0x1200) (705e5426e024e6f5ca8a540e4676274d) \Device\Harddisk0\DR0\Partition0

2011/06/27 19:38:37.0390 4056 Boot (0x1200) (f5a0d27be2ea3e6baa7b70a1aeed8ade) \Device\Harddisk0\DR0\Partition1

2011/06/27 19:38:37.0421 4056 Boot (0x1200) (ab189e37e898efa7a5fc18dbbf2e315c) \Device\Harddisk1\DR4\Partition0

2011/06/27 19:38:37.0437 4056 Boot (0x1200) (ea28e0d76782cd826912c6868e9ab1d1) \Device\Harddisk5\DR8\Partition0

2011/06/27 19:38:37.0453 4056 ================================================================================

2011/06/27 19:38:37.0453 4056 Scan finished

2011/06/27 19:38:37.0453 4056 ================================================================================

2011/06/27 19:38:37.0484 3752 Detected object count: 0

2011/06/27 19:38:37.0484 3752 Actual detected object count: 0

*****************************************************************

Security Check checkup.txt

Results of screen317's Security Check version 0.99.16

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

AVG 2011

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 17

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

AVG avgwdsvc.exe

AVG avgtray.exe

``````````End of Log````````````

******************************************************

can't run ComboFix without uninstalling AVG and I didn't know if I should do that.

Thanks for your time

Link to post
Share on other sites

can't run ComboFix without uninstalling AVG and I didn't know if I should do that.

Yes, please do. I included a warning about this at the top of my first post ;):

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

Hope this helps.

Link to post
Share on other sites

Sorry, I missed that

AVG uninstalled, here's the ComboFix.txt

ComboFix 11-06-27.01 - Mary 06/27/2011 22:07:42.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.622 [GMT -4:00]

Running from: c:\documents and settings\Mary\Desktop\ComboFix.exe

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Mary\Local Settings\Application Data\{40A083A2-133B-4F07-B8A4-DB2A5761B988}

c:\documents and settings\Mary\Local Settings\Application Data\{40A083A2-133B-4F07-B8A4-DB2A5761B988}\chrome.manifest

c:\documents and settings\Mary\Local Settings\Application Data\{40A083A2-133B-4F07-B8A4-DB2A5761B988}\chrome\content\_cfg.js

c:\documents and settings\Mary\Local Settings\Application Data\{40A083A2-133B-4F07-B8A4-DB2A5761B988}\chrome\content\overlay.xul

c:\documents and settings\Mary\Local Settings\Application Data\{40A083A2-133B-4F07-B8A4-DB2A5761B988}\install.rdf

c:\documents and settings\Mary\WINDOWS

c:\windows\system\VB40032.DLL

c:\windows\system\WING32.DLL

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))

.

.

2011-06-05 19:31 . 2011-06-05 22:05 -------- d-----w- c:\documents and settings\Mary\Application Data\U3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-03-19 23:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2011-03-19 23:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-05-07 09:34 . 2011-05-07 09:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-01 149280]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-11 273544]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^AutoMailer.lnk]

path=c:\documents and settings\Mary\Start Menu\Programs\Startup\AutoMailer.lnk

backup=c:\windows\pss\AutoMailer.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^Jacquie Lawson Advent Calendar.lnk]

path=c:\documents and settings\Mary\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk

backup=c:\windows\pss\Jacquie Lawson Advent Calendar.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-01-27 02:09 135664 ----atw- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 06:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-12-10 23:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 20:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-02-11 20:24 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

.

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/27/2009 1:54 AM 1691480]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/19/2011 7:28 PM 39984]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-343818398-1801674531-1003Core.job

- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 02:09]

.

2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-343818398-1801674531-1003UA.job

- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 02:09]

.

2011-06-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-343818398-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]

.

2011-06-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-343818398-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.shockwave.com/gamelanding/jigsawpuzzles.jsp

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.254.254

FF - ProfilePath - c:\documents and settings\Mary\Application Data\Mozilla\Firefox\Profiles\6e8sezch.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.9wsyr.com/default.aspx|http://www.npr.org/|https://email.1and1.com/ox.html

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcc7de4&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-Tcitokonipucovo - c:\windows\wusbdtc.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-27 22:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-06-27 22:15:02

ComboFix-quarantined-files.txt 2011-06-28 02:15

.

Pre-Run: 89,701,658,624 bytes free

Post-Run: 89,970,655,232 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 541BF125D051099F20365E1B5F6FD870

Link to post
Share on other sites

We need to fully remove AVG. ;)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please follow these instructions for de-registering AVG:

**Note: Make sure you only delete AVG products.

  • Go Start > Run and copy/paste wbemtest into the Run box and click 'OK'.
  • Click 'Connect'.
  • Copy/paste root\securitycenter into the box and click 'Connect'.
  • Click 'Query'.
  • Copy/paste SELECT * FROM FirewallProduct under 'Enter Query' and click 'Apply'.
  • If there is more than one result, it means there is more than one Antivirus program registered.
  • Double-click on each result to view the properties for that Antivirus product.
  • Identify the product(s) registered by scrolling down to 'companyName' then click 'Close'.
  • In the 'Query Result' window, click 'Delete' for any Antivirus software that is no longer installed.
  • Click 'Close', then 'Exit'.

DO NOT use the WMI Tester in any way other than the one described above. If you cannot find AVG there to remove then just exit out of WMI Tester and let me know.

If there's any problems with the instructions I've given you then let me know. ;)

---------

I see that you have a P2P (Peer-to-Peer) file sharing program installed (Vuze). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?

Leak of congressional ethics document prompts calls for cybersecurity probe

Walter Reed suffers peer-to-peer data breach

Update: Seattle man arrested for p-to-p ID theft

More listed here:

Data Security Threats And Breaches

You should read the link at the bottom of that page:

Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

---------

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

c:\program files\REGSHAVE\REGSHAVE.EXE

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://www.virustotal.com,

---------

Please include the online file scan results in your next reply.

How is your computer running now? :)

Link to post
Share on other sites

AVG gone this time, I think???

VUZE also uninstalled (thank the teenagers in the house for that one...)

JOTTI shows:

Jotti's malware scan

This file has been scanned before. The results for this previous scan are listed below.

Filename: REGSHAVE.EXE

Status:

Scan finished. 0 out of 19 scanners reported malware.

Scan taken on: Mon 22 Nov 2010 18:16:43 (CET) Permalink

Additional info

File size: 53248 bytes

Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5: 552e9ca7b91120fb7d49cd5c10018dc3

SHA1: 8721197a942f6dcd274814687c20fd1a047e667d

Scanners

[ArcaVir]

2010-11-22 Found nothing

[F-Secure Anti-Virus]

2010-11-22 Found nothing

[Avast! antivirus]

2010-11-22 Found nothing

[G DATA]

2010-11-22 Found nothing

[Grisoft AVG Anti-Virus]

2010-11-21 Found nothing

[ikarus]

2010-11-22 Found nothing

[Avira AntiVir]

2010-11-22 Found nothing

[Kaspersky Anti-Virus]

2010-11-22 Found nothing

[softwin BitDefender]

2010-11-22 Found nothing

[ESET NOD32]

2010-11-22 Found nothing

[ClamAV]

2010-11-22 Found nothing

[Panda Antivirus]

2010-11-22 Found nothing

[CPsecure]

2010-11-22 Found nothing

[Quick Heal]

2010-11-22 Found nothing

[Dr.Web]

2010-11-22 Found nothing

[sophos]

2010-11-22 Found nothing

[Emsisoft Anti-Malware]

No result available

[VirusBlokAda VBA32]

2010-11-22 Found nothing

[Frisk F-Prot Antivirus]

2010-11-22 Found nothing

[VirusBuster]

2010-11-22 Found nothing

Link to post
Share on other sites

VUZE also uninstalled (thank the teenagers in the house for that one...)

:lol: hehehe

AVG gone this time, I think???

Let's run another ComboFix scan. This will also tell us if AVG has been successfully removed ;).

Please delete your current copy of ComboFix (found here: c:\documents and settings\Mary\Desktop\ComboFix.exe)

Please download a new copy of ComboFix from here., and save it to your Desktop.

Ensure all protection programs are disabled, and run the new ComboFix.exe.

A new log C:\ComboFix.txt will be produced. Please include that in your next reply. :)

How is your computer running now?

Link to post
Share on other sites

thanks so much for your help

new ComboFix log here:

ComboFix 11-06-27.03 - Mary 06/28/2011 4:58.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.714 [GMT -4:00]

Running from: c:\documents and settings\Mary\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))

.

.

2011-06-05 19:31 . 2011-06-05 22:05 -------- d-----w- c:\documents and settings\Mary\Application Data\U3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2011-03-19 23:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2011-03-19 23:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-05-07 09:34 . 2011-05-07 09:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-01 149280]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-11 273544]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^AutoMailer.lnk]

path=c:\documents and settings\Mary\Start Menu\Programs\Startup\AutoMailer.lnk

backup=c:\windows\pss\AutoMailer.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mary^Start Menu^Programs^Startup^Jacquie Lawson Advent Calendar.lnk]

path=c:\documents and settings\Mary\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk

backup=c:\windows\pss\Jacquie Lawson Advent Calendar.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-01-27 02:09 135664 ----atw- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

2002-02-05 06:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-12-10 23:00 18789920 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 20:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-02-11 20:24 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

.

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/27/2009 1:54 AM 1691480]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/19/2011 7:28 PM 39984]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-343818398-1801674531-1003Core.job

- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 02:09]

.

2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-343818398-1801674531-1003UA.job

- c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 02:09]

.

2011-06-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-343818398-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]

.

2011-06-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-343818398-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.shockwave.com/gamelanding/jigsawpuzzles.jsp

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.254.254

FF - ProfilePath - c:\documents and settings\Mary\Application Data\Mozilla\Firefox\Profiles\6e8sezch.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.9wsyr.com/default.aspx|http://www.npr.org/|https://email.1and1.com/ox.html

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcc7de4&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-28 05:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1660)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-06-28 05:05:53

ComboFix-quarantined-files.txt 2011-06-28 09:05

ComboFix2.txt 2011-06-28 02:15

.

Pre-Run: 90,307,641,344 bytes free

Post-Run: 90,317,041,664 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 26D50B396DE7932CD6CC82AF64132D50

Link to post
Share on other sites

thanks so much for your help

You're welcome :).

Looks like AVG is gone ;).

Let's run an online scan to confirm you're clean:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

4 threats found and cleaned, it says

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=4d9b457e9a0475429f9c3efbaf2e24fc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-29 12:17:05

# local_time=2011-06-28 08:17:05 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777215 100 0 20527400 20527400 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=160515

# found=4

# cleaned=4

# scan_time=5272

C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-26f86bec a variant of Java/Exploit.CVE-2010-4452.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\47\32e44eaf-76f3cd04 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-1e26f4ba a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Mary\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-2cf3d1af a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Let's run another just to make sure there's not any traces left that ESET might have missed.

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Tue Jun 28 20:48:55 2011

Machine ID: 248238AC

No infection found.

-------------------

Processes

---------

Adobe Reader and Acrobat Manager 576 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

ArcSoft Connect 1020 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

ArcSoft Connect 1852 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

ATI External Event Utility for Windows 1500 C:\WINDOWS\system32\ati2evxx.exe

ATI External Event Utility for Windows 936 C:\WINDOWS\system32\ati2evxx.exe

Bonjour 1892 C:\Program Files\Bonjour\mDNSResponder.exe

Firefox 1720 C:\Program Files\Mozilla Firefox\firefox.exe

Firefox 228 C:\Program Files\Mozilla Firefox\plugin-container.exe

iTunes 2608 C:\Program Files\iPod\bin\iPodService.exe

iTunes 1260 C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE 6 U17 3596 C:\Program Files\Java\jre6\bin\jucheck.exe

mcci+McciCMService 1964 C:\Program Files\Common Files\Motive\McciCMService.exe

Microsoft® Windows® Operating System 3688 C:\Program Files\Outlook Express\msimn.exe

Microsoft® Windows® Operating System 1476 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 948 C:\WINDOWS\system32\wscntfy.exe

MobileDeviceService 1864 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

OnlineCmdLineScanner.exe 3496 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

RealPlayer (32-bit) 856 C:\Program Files\Real\RealPlayer\Update\realsched.exe

Snood.exe 2836 C:\Program Files\Snood\Snood.exe

Windows® Internet Explorer 596 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Java Platform SE 6 U17 1940 C:\Program Files\Java\jre6\bin\jqs.exe

(verified) Java Platform SE 6 U17 996 C:\Program Files\Java\jre6\bin\jusched.exe

(verified) Microsoft® Windows® Operating System 1660 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 684 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 1228 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 488 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1328 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1024 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1820 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 952 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 832 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1220 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\winlogon.exe

Network activity

----------------

Process iexplore.exe (596) connected on port 80 (HTTP) --> 66.220.147.11

Process iexplore.exe (596) connected on port 80 (HTTP) --> 66.235.143.121

Process iexplore.exe (596) connected on port 80 (HTTP) --> 90.84.52.185

Process iexplore.exe (596) connected on port 80 (HTTP) --> 90.84.52.178

Process iexplore.exe (596) connected on port 80 (HTTP) --> 74.125.45.138

Process firefox.exe (1720) connected on port 80 (HTTP) --> 64.214.227.171

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.202.67.83

Process firefox.exe (1720) connected on port 80 (HTTP) --> 64.214.227.171

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.125.45.102

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.202.67.83

Process firefox.exe (1720) connected on port 80 (HTTP) --> 64.214.227.171

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.202.67.83

Process firefox.exe (1720) connected on port 443 (HTTP over SSL) --> 66.220.149.25

Process firefox.exe (1720) connected on port 80 (HTTP) --> 64.214.227.171

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.125.45.102

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.125.45.102

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.202.67.83

Process firefox.exe (1720) connected on port 80 (HTTP) --> 64.214.227.171

Process firefox.exe (1720) connected on port 80 (HTTP) --> 74.202.67.83

Process firefox.exe (1720) connected on port 80 (HTTP) --> 66.220.149.25

Process firefox.exe (1720) connected on port 80 (HTTP) --> 64.214.227.171

Process svchost.exe (1024) listens on ports: 135 (RPC)

Process svchost.exe (1328) listens on ports: 2869 (SSDP event notification, UPNP)

Autoruns and critical files

---------------------------

ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

ATI External Event Utility for Windows C:\WINDOWS\system32\Ati2evxx.dll

Flash® Player Installer/Uninstaller C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\ssmypics.scr

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\Update\realsched.exe

RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe

WgaLogon.dll C:\WINDOWS\system32\WgaLogon.dll

Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

(verified) Google Update C:\Documents and Settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

(verified) Java Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cmd.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

Browser plugins

---------------

2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

Facebook Plugin C:\Documents and Settings\Mary\Application Data\Facebook\npfbplugin_1_0_3.dll

Google Update C:\Documents and Settings\Mary\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

RealPlayer Download and Record Plugin C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

RealPlayer HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll

(verified) Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

(verified) Java Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U17 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

(verified) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

Scan

----

MD5: ebf7a37a029c4e06560b4ffb4981eff4 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

MD5: 4ca131ad540151b3074c58d72b53c470 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

MD5: c6ee769ceced772d83dd08ff65765452 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

MD5: ca86bbb6e22fef17a8a28055f3d44613 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

MD5: b1bdef36c5f53d0158e56b74148674b4 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

MD5: bd38bd81cf8ce830f26de8295f7b26aa C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

MD5: 1be4d00995fdd31b5b65e5d1cf0c5fe9 C:\Documents and Settings\Mary\Application Data\Facebook\npfbplugin_1_0_3.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Documents and Settings\Mary\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: 3a9f70479a886dcc8e5151326156472d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll

MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe

MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: ff575e76da89a3cede920bb71ee2f3c7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL

MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll

MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll

MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll

MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 7548c242d95cbff76908360ad629c09f C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll

MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

MD5: 29aeda015b78beda68e6e1fade78eb41 C:\Program Files\Common Files\Microsoft Shared\Proof\CSAPI3T1.DLL

MD5: 4f74184920b2d6e33024409b4c5c57c1 C:\Program Files\Common Files\Motive\McciCMService.exe

MD5: a0c2cb21f4b521429f033fdeb18d63d7 C:\Program Files\Common Files\System\directdb.dll

MD5: 165a968caa9734216ff0eb192f5fbd7f C:\Program Files\Common Files\System\wab32.dll

MD5: 9179353100db37ae37b4d703e3ff3387 C:\Program Files\Common Files\System\wab32res.dll

MD5: 10b7abf103e30e50e02f6c8d749eceb4 C:\Program Files\ESET\ESET Online Scanner\esets_apiW_a.dll

MD5: 36af5e8b91c2277ce16897e0936c6627 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx

MD5: 4884b678cd25744ea6fe3dd86837b76d C:\Program Files\Google\Picasa3\npPicasa3.dll

MD5: fd0cba527032d2d3d00e17c0f24a99d3 C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 091d358efc9d22901bd879ef37f0dac4 C:\Program Files\Internet Explorer\iexplore.exe

MD5: 667bafc4fbecc3900cab7c1bec33bf8b C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: e51bd095b2fdf56b17ee010bb794d6ed C:\Program Files\iPod\bin\iPodService.exe

MD5: 575f5312fa76cf33414e7c789f5494f7 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 80bbd9fc6c8e7a56822571b1dea57ce2 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: 14f224029d16ef25fa879e7c9f558b1f C:\Program Files\iTunes\iTunesHelper.dll

MD5: c0fd8553cecde061ad3e7c1cc80c7edb C:\Program Files\iTunes\iTunesHelper.exe

MD5: 6b1b7dfbe12d107d21cf1c9ae1c02cd7 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: ae3b42162f146441e92bfd163455d91e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 167235bfcb884d8b4d514767cb82fcef C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 63368d3e65aace7d26f69d8b29384243 C:\Program Files\Microsoft Office\Office12\msohevi.dll

MD5: 7e7bc43fdfdde4ca95be1513a9bdcd02 C:\Program Files\Mozilla Firefox\components\browsercomps.dll

MD5: e83508d9a0f0d0d8449317dc6a4c5e02 C:\Program Files\Mozilla Firefox\firefox.exe

MD5: 95b99d7c415449faeae642255f9f5a86 C:\Program Files\Mozilla Firefox\freebl3.dll

MD5: 9d9fdca1ea28ede048e99b99b7e0ef5d C:\Program Files\Mozilla Firefox\mozalloc.dll

MD5: 636d2f44e0724fadc4f711e5225615ae C:\Program Files\Mozilla Firefox\MOZCPP19.dll

MD5: abf1c2a7cf3b43e2d481c14019dfa41e C:\Program Files\Mozilla Firefox\MOZCRT19.dll

MD5: 5d7ffcc9deb5bb08417ceae51d2afed4 C:\Program Files\Mozilla Firefox\mozjs.dll

MD5: fb1d53fd3be9ba1ca856b46302896e8e C:\Program Files\Mozilla Firefox\mozsqlite3.dll

MD5: 64027d23eed51e74f695470622b7ba46 C:\Program Files\Mozilla Firefox\nspr4.dll

MD5: 10eb50bef8b826c10534b7540e67feac C:\Program Files\Mozilla Firefox\nss3.dll

MD5: 8b2f57de183b741f3ba3b0d0320a4c67 C:\Program Files\Mozilla Firefox\nssckbi.dll

MD5: a4964c95a9ceeb1f101a697e9e79c356 C:\Program Files\Mozilla Firefox\nssdbm3.dll

MD5: 2e60538b761ba2cb8b34c9833b3ea00e C:\Program Files\Mozilla Firefox\nssutil3.dll

MD5: 37a4f08d9c3553da583ca7ced1fddfe9 C:\Program Files\Mozilla Firefox\plc4.dll

MD5: 45ffabca094e6ed6e6214530a7ef9746 C:\Program Files\Mozilla Firefox\plds4.dll

MD5: 3b2cc09944488db5ed5dfdc315c9ab57 C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5: c62d44164113cd26378382747fd3ce78 C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

MD5: 39c4fddc44de555514bd765b567939e3 C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

MD5: 9a6101f29e2e9d41b99cbcc8f106e8fe C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

MD5: 667bafc4fbecc3900cab7c1bec33bf8b C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

MD5: 1a0fb18fe23a0265f84c6954b6ab64d3 C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 27746a1b97d283b31984300a58f9f934 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: 4f026ffd7c1577767566fd8153858d51 C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

MD5: 6a717df6573038773ea8e5cda02e8b4a C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

MD5: 29fe789054c24b4b87c9171435261ec5 C:\Program Files\Mozilla Firefox\smime3.dll

MD5: da3635c5f94f638eba72ea767348ce29 C:\Program Files\Mozilla Firefox\softokn3.dll

MD5: dc555cc963f13626672d6f4b4883a557 C:\Program Files\Mozilla Firefox\ssl3.dll

MD5: 007236381f7a2a0e20a2813f8b3c5bf7 C:\Program Files\Mozilla Firefox\xpcom.dll

MD5: 56b4b5181549f6e07672a498d3046674 C:\Program Files\Mozilla Firefox\xul.dll

MD5: 1eeae496a51f017d04dd41322935d2b9 C:\Program Files\Outlook Express\msimn.exe

MD5: 116aa2b169abd0b620961caff0aeac84 C:\Program Files\Outlook Express\msoeres.dll

MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 1a0fb18fe23a0265f84c6954b6ab64d3 C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

MD5: 4f026ffd7c1577767566fd8153858d51 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

MD5: 6a717df6573038773ea8e5cda02e8b4a C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

MD5: 4b4d7626e7330f091100bfc22230ecf0 C:\Program Files\Real\RealPlayer\Update\realsched.exe

MD5: 8fb92ef6740eb2e10429c542160a3f84 C:\Program Files\Real\RealUpgrade\realupgrade.exe

MD5: 9f4c74e9b1d26932e0a10cfa5a9155ef C:\Program Files\Snood\Snood.exe

MD5: 80b2ec735495823ae5771a5f603e73bd C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

MD5: 37d7c22f7e26da90e2d2d260e5d27846 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 9a2d686c89acc36e3aa7cde3d1c45c1a C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 59b9d1783b2f0d5098f6a83ffe3a663d C:\WINDOWS\system32\ADVPACK.DLL

MD5: dd07d50bc1b8448ce6a035a5f6a1b4fa C:\WINDOWS\system32\Ati2edxx.dll

MD5: e916093af8201dd8ff4bb6a8e2151678 C:\WINDOWS\system32\Ati2evxx.dll

MD5: 1ce690d5c4baf51b6cfb3ec9cb1a74f5 C:\WINDOWS\system32\ati2evxx.exe

MD5: fc9d544eed0b08fc265dbfb39e4fbc8e C:\WINDOWS\system32\atipdlxx.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 22ac83c60b815c1bbbf5cc08a3b5cf0b C:\WINDOWS\system32\corpol.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 5d3fde8fb2801a2041d1b965372c4928 C:\WINDOWS\system32\DNSAPI.dll

MD5: 6e58654cb25730b2579e45e1fd116a47 C:\WINDOWS\system32\DRIVERS\amdide.sys

MD5: cd5c874245435c9ce7e347e28cf3c6b5 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

MD5: 4b0a100eaf5c49ef3cca8c641431eacc C:\WINDOWS\system32\DRIVERS\cdrom.sys

MD5: b309912717c29fc67e1ba4730a82b6dd C:\WINDOWS\system32\drivers\mbamswissarmy.sys

MD5: 6c1618a07b49e3873582b6449e744088 C:\WINDOWS\system32\drivers\pfc.sys

MD5: 6806443ba8a66f63866f50e81ef685aa C:\WINDOWS\system32\drivers\RtkHDAud.sys

MD5: 0f6aefad3641a657e18081f52d0c15af C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 9dd333fa5746c222bbb58ab704c78ba5 C:\WINDOWS\system32\DRIVERS\ubohci.sys

MD5: 1bd61b9ac6756c58fd88fc74dcf1bd85 C:\WINDOWS\system32\DRIVERS\ubsbm.sys

MD5: 64461004a7e6a59f222b45d74a164556 C:\WINDOWS\system32\DRIVERS\ubumapi.sys

MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: 2b77c863552ea9cdb989d484143ed016 C:\WINDOWS\system32\DRIVERS\yk51x86.sys

MD5: 1849bab379fcd7b793af0b4afa5e2af7 C:\WINDOWS\system32\Dxtmsft.dll

MD5: 6c6127a382b9b852912c74c5cc26bc06 C:\WINDOWS\system32\Dxtrans.dll

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll

MD5: 336937ac45add5cb3d3df75b1237b609 C:\WINDOWS\system32\hpplm.dll

MD5: a6bb207cd58ada47a89b098bcba1781d C:\WINDOWS\system32\ieapfltr.dll

MD5: 44851a4cda33e120e4762232dc2e08a3 C:\WINDOWS\system32\IEFRAME.dll

MD5: 783d3f4e634c362316775a9515f14f6c C:\WINDOWS\system32\iepeers.dll

MD5: 9fd26a249106b32359df385496b21622 C:\WINDOWS\system32\iertutil.dll

MD5: 4e89bf45219bb2cf4f931201e2f5755e C:\WINDOWS\system32\IEUI.dll

MD5: 9c4d358e47fcb6fcfd792abb843edf9c C:\WINDOWS\system32\INETCOMM.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 685cb0023423d963fa467bc89cffd27d C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe

MD5: 5006b5dba7979cdc3481e24dd0c03802 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MD5: 6fbdfab3df839eb93248519681f3c2c9 C:\WINDOWS\system32\mshtml.dll

MD5: a7a57ec5ee1107ae723cbdb6ce644bf2 C:\WINDOWS\system32\mshtmled.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 85ac5f11d4759d13674b3e92eac3f140 C:\WINDOWS\system32\msident.dll

MD5: 7ed041c7f82a381417aa3f43ab55f95a C:\WINDOWS\system32\msidntld.dll

MD5: 832e4dd8964ab7acc880b2837cb1ed20 C:\WINDOWS\system32\mswsock.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 6f7218bea26ead30f59be2d0b074ed07 C:\WINDOWS\system32\pngfilt.dll

MD5: b2cf9f1f606dec23f70a40b01df3c396 C:\WINDOWS\system32\printui.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 741b6b597e8c99e1938809f64f7bf13c C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL

MD5: 3182f47a67f86b5dd991e0fb7659d0e3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 5e453cb99df0838226defc05f3484cdf C:\WINDOWS\system32\ssmypics.scr

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll

MD5: 215ee2b6ccb149f98a8068ddcb6c8ed1 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 9ba7044f7bc88fe5c03379e17c6f5391 C:\WINDOWS\system32\vbscript.dll

MD5: 92a4bb8828b931d335d3d2f79d24d068 C:\WINDOWS\system32\webcheck.dll

MD5: 8af3af9b462ac590bade6971676879e9 C:\WINDOWS\system32\WgaLogon.dll

MD5: 69ac2c73642c3faded461ca1a069fcf7 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.01 MB sent, 0.78 KB recvd

Scanned 610 files and modules - 30 seconds

==============================================================================

Link to post
Share on other sites

Your logs appear to be clean! :) Please take the time to install the following program udpates, as using outdated applications leaves you very vulnerable to getting infected again :):

You are using Internet Explorer version 7. The latest version is 8. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

-------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

-------

Please let me know how the updates went, as failed updates may indicate additional malware. :)

Link to post
Share on other sites

Glad to hear the updates went well! :D I will provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;) :

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall AVG AntiVirus if you haven't already. ;)

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

You have NO antivirus program installed !

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

I have installed AVG, Spybot, SpywareBlaster, and Outpost

I hope that's enough to keep out the hackers ;)

Seems inadequate to say thank you, you really walked me through this process very well. My faith in humanity is restored, and for all your time and expertise, I am truly grateful.

Link to post
Share on other sites

Glad to hear things went well. :D

Seems inadequate to say thank you, you really walked me through this process very well. My faith in humanity is restored, and for all your time and expertise, I am truly grateful.

You are welcome :)!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.