Jump to content

please help remove malware


Recommended Posts

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Linda at 10:28:33 on 2011-06-29

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.137 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Acer\ALaunch\ALaunchSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\Linda\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Users\Fallon\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Registry Mechanic\Alert.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://en.us.acer.yahoo.com

mDefault_Page_URL = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Acer Tour Reminder]

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"

mRun: [Acer Tour]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [eRecoveryService]

mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup

mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe

mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe

mRun: [setPanel] c:\acer\apanel\APanel.cmd

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [skytel] Skytel.exe

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

LSP: c:\windows\system32\wpclsp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab

DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{AE3C0EED-CF5E-481E-BFF7-0EEEDCC9A3BE} : DhcpNameServer = 192.168.1.1 68.238.64.12

TCP: Interfaces\{B5A6F3AD-88CD-452C-B0E8-E6FFCC8CE4B6} : DhcpNameServer = 192.168.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: eNetHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\linda\appdata\roaming\mozilla\firefox\profiles\j983f3bc.default\

.

============= SERVICES / DRIVERS ===============

.

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/10 11:11:27];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-23 39984]

.

=============== Created Last 30 ================

.

2011-06-28 15:37:16 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9247c8ae-45de-4ce9-909f-90a189cf660b}\mpengine.dll

2011-06-28 02:42:06 -------- d-----w- c:\program files\iPod

2011-06-28 02:02:32 -------- d-----w- c:\program files\Bonjour

2011-06-28 00:42:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-06-28 00:42:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-06-28 00:42:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-06-28 00:42:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-06-28 00:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-06-28 00:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-06-28 00:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-06-27 22:07:59 367104 ----a-w- c:\windows\system32\html.iec

2011-06-27 21:56:20 -------- d-----w- c:\program files\ESET

2011-06-23 19:34:13 -------- d-----w- c:\users\linda\appdata\roaming\Malwarebytes

2011-06-23 19:34:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-23 19:34:01 -------- d-----w- c:\programdata\Malwarebytes

2011-06-23 19:33:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-23 19:33:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-21 22:17:35 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-16 08:39:47 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 08:39:18 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 08:39:13 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 08:39:13 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 08:39:07 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 08:38:22 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 08:37:57 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 08:37:56 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 08:37:56 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 08:37:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-06-27 22:08:11 161792 ----a-w- c:\windows\system32\msls31.dll

2011-06-27 22:08:10 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-06-27 22:08:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-27 22:08:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-27 22:08:06 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-27 22:08:05 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-27 22:08:02 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 10:31:06.80 ===============

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6931

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

6/29/2011 10:21:00 AM

mbam-log-2011-06-29 (10-21-00).txt

Scan type: Quick scan

Objects scanned: 127464

Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 11

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bjbnketh (Rogue.AntivirusSuite.Gen) -> Value: bjbnketh -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Couldn't attach files for some reason "internal server error". I'll paste them here.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 11/27/2007 10:38:47 PM

System Uptime: 6/28/2011 3:21:20 AM (31 hours ago)

.

Motherboard: Acer | | Acadia

Processor: Intel® Celeron® CPU 540 @ 1.86GHz | uPGA-478 | 1862/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 19.798 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 69.426 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Tun Miniport Adapter

Device ID: ROOT\*TUNMP\0001

Manufacturer: Microsoft

Name: Microsoft Tun Miniport Adapter #2

PNP Device ID: ROOT\*TUNMP\0001

Service: tunmp

.

==== System Restore Points ===================

.

RP700: 6/21/2011 3:04:28 PM - Scheduled Checkpoint

RP701: 6/21/2011 3:16:37 PM - Windows Update

RP702: 6/22/2011 10:15:35 PM - Scheduled Checkpoint

RP704: 6/24/2011 1:55:26 PM - Windows Update

RP705: 6/25/2011 4:23:15 PM - Scheduled Checkpoint

RP706: 6/26/2011 4:07:54 PM - Scheduled Checkpoint

RP707: 6/27/2011 10:17:18 AM - Scheduled Checkpoint

RP708: 6/27/2011 2:57:22 PM - Windows Update

RP709: 6/27/2011 7:08:40 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers

RP710: 6/27/2011 7:12:49 PM - Device Driver Package Install: Apple Network adapters

RP711: 6/28/2011 8:35:36 AM - Windows Update

.

==== Installed Programs ======================

.

Acer Arcade

Acer Assist

Acer eDataSecurity Management

Acer eLock Management

Acer Empowering Technology

Acer eNet Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer GridVista

Acer Mobility Center Plug-In

Acer Registration

Acer ScreenSaver

Acer Tour

Activation Assistant for the 2007 Microsoft Office suites

Adobe Reader 8.1.0

Adobe Shockwave Player 11.5

Agere Systems HDA Modem

ALPS Touch Pad Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Big Kahuna Reef 2

Bonjour

Bricks of Egypt

CyberLink PowerDVD 9

Disney Toontown Online

Dynasty

Galapago

Google Toolbar for Internet Explorer

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

I SPY Spooky Mansion

Intel® Graphics Media Accelerator Driver

iTunes

Jewel Quest Solitaire

Launch Manager

LightScribe 1.4.142.1

LiveUpdate 3.3 (Symantec Corporation)

Luxor 2

MAGIX Ringtone Maker 2 e-version (US)

Malwarebytes' Anti-Malware version 1.51.0.1200

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Microsoft XML Parser

MobileMe Control Panel

Mozilla Firefox 5.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Rescue

Mystery Case Files - Prime Suspects

Mystery Case Files Ravenhearst

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

PowerProducer 3.72

QuickTime

Realtek High Definition Audio Driver

Registry Mechanic 10.0

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

SlingPlayer

Symantec Endpoint Protection

Treasures of the Deep

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VoiceOver Kit

Warcraft III

WebSlingPlayer ActiveX

WinRAR archiver

Yahoo! Toolbar

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

6/28/2011 11:59:35 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}. The error: "2" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe -Embedding

6/28/2011 10:27:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.69 for the Network Card with network address 001E4C653AB2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

6/27/2011 7:18:05 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/27/2011 7:04:59 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/26/2011 9:45:41 AM, Error: EventLog [6008] - The previous system shutdown at 9:44:06 AM on 6/26/2011 was unexpected.

6/26/2011 12:58:04 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

6/26/2011 12:52:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

6/26/2011 1:06:13 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

6/25/2011 12:11:42 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.

6/24/2011 11:29:29 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

6/24/2011 1:31:01 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/24/2011 1:30:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

6/24/2011 1:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

6/23/2011 8:56:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.72 for the Network Card with network address 001E4C653AB2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

6/23/2011 12:25:15 PM, Error: EventLog [6008] - The previous system shutdown at 12:23:06 PM on 6/23/2011 was unexpected.

6/22/2011 9:17:12 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

6/22/2011 8:48:59 PM, Error: EventLog [6008] - The previous system shutdown at 8:45:54 PM on 6/22/2011 was unexpected.

6/22/2011 4:36:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.

.

==== End Of File ===========================

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit scan 2011-06-29 11:36:04

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC31P

Running: s30n7pj0.exe; Driver: C:\Users\Linda\AppData\Local\Temp\fgrirkob.sys

---- System - GMER 1.0.15 ----

SSDT 859A6708 ZwAlertResumeThread

SSDT 859A67E8 ZwAlertThread

SSDT 85923B80 ZwAllocateVirtualMemory

SSDT 859A6458 ZwCreateMutant

SSDT 858FD920 ZwCreateThread

SSDT 859239A0 ZwFreeVirtualMemory

SSDT 859A6548 ZwImpersonateAnonymousToken

SSDT 859A6628 ZwImpersonateThread

SSDT 859238A0 ZwMapViewOfSection

SSDT 859A6378 ZwOpenEvent

SSDT 858FD840 ZwOpenProcessToken

SSDT 859A6CC0 ZwOpenThreadToken

SSDT 8599DB98 ZwResumeThread

SSDT 859A6BE0 ZwSetContextThread

SSDT 859A6DB0 ZwSetInformationProcess

SSDT 859A6AF0 ZwSetInformationThread

SSDT 859A6298 ZwSuspendProcess

SSDT 859A6930 ZwSuspendThread

SSDT 858FD5A8 ZwTerminateProcess

SSDT 859A6A10 ZwTerminateThread

SSDT 859A6EA0 ZwUnmapViewOfSection

SSDT 85923A90 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 30D 81CB3904 8 Bytes [08, 67, 9A, 85, E8, 67, 9A, ...]

.text ntoskrnl.exe!KeInsertQueue + 321 81CB3918 4 Bytes [80, 3B, 92, 85]

.text ntoskrnl.exe!KeInsertQueue + 3E5 81CB39DC 4 Bytes [58, 64, 9A, 85]

.text ntoskrnl.exe!KeInsertQueue + 411 81CB3A08 4 Bytes [20, D9, 8F, 85]

.text ntoskrnl.exe!KeInsertQueue + 525 81CB3B1C 4 Bytes [A0, 39, 92, 85]

.text ...

.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xB5008000, 0x2892, 0xE8000020]

.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xB502B050]

? C:\Users\Linda\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5}

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B]

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[2044] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5}

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B]

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[3364] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5}

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B]

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[3908] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5}

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B]

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[6724] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5}

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B]

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[8028] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello rysktkr and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

It's running a lot faster now! Here are the logs you requested.

ComboFix 11-06-30.01 - Linda 06/30/2011 7:19.1.1 - x86

Running from: c:\users\Linda\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))

.

.

2011-06-30 14:32 . 2011-06-30 14:32 -------- d-----w- c:\users\Fallon\AppData\Local\temp

2011-06-30 14:32 . 2011-06-30 14:34 -------- d-----w- c:\users\Linda\AppData\Local\temp

2011-06-30 14:32 . 2011-06-30 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-29 23:47 . 2011-06-29 23:47 -------- d-----w- c:\users\Linda\AppData\Roaming\PeerNetworking

2011-06-29 23:28 . 2011-06-29 23:28 -------- d-----w- c:\users\Linda\AppData\Local\Apps

2011-06-29 23:28 . 2011-06-29 23:30 -------- d-----w- c:\users\Linda\AppData\Local\Deployment

2011-06-29 11:44 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-28 15:37 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9247C8AE-45DE-4CE9-909F-90A189CF660B}\mpengine.dll

2011-06-28 02:49 . 2011-06-28 02:49 -------- d-----w- c:\program files\Apple Software Update

2011-06-28 02:42 . 2011-06-28 02:42 -------- d-----w- c:\program files\iPod

2011-06-28 02:02 . 2011-06-28 02:02 -------- d-----w- c:\program files\Bonjour

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-06-23 23:01 . 2011-06-23 23:01 -------- d-----w- c:\users\Fallon\AppData\Roaming\Malwarebytes

2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes

2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\programdata\Malwarebytes

2011-06-21 22:17 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-16 08:39 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 08:39 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 08:39 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 08:39 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 08:39 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 08:38 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 08:37 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 08:37 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 08:37 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 08:37 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-06-16 04:17 . 2011-06-27 21:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-22 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]

"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-31 75048]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-30 115560]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-31 535336]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/10 11:11];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-31 00:53 87536]

S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 80540847

*Deregistered* - 80540847

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-30 c:\windows\Tasks\RMSchedule.job

- c:\program files\Registry Mechanic\RegMech.exe [2010-11-25 16:46]

.

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{2ECAE152-400F-4AEE-B685-F140C8E3661A}.job

- c:\windows\system32\msfeedssync.exe [2011-06-27 22:07]

.

2011-04-03 c:\windows\Tasks\User_Feed_Synchronization-{307C4116-25B9-4330-930D-E68F9CA585BB}.job

- c:\windows\system32\msfeedssync.exe [2011-06-27 22:07]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.1.1 68.238.64.12

FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Acer Tour Reminder - (no file)

HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd

HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

HKU-Default-Run-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

SafeBoot-Symantec Antvirus

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-30 07:33

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\windows\system32\eNetHook.dll

.

- - - - - - - > 'lsass.exe'(640)

c:\windows\system32\eNetHook.dll

.

Completion time: 2011-06-30 07:49:26

ComboFix-quarantined-files.txt 2011-06-30 14:49

.

Pre-Run: 24,199,213,056 bytes free

Post-Run: 26,892,472,320 bytes free

.

- - End Of File - - 54BDD44E5C977329082977FC9D495DBD

2011/06/30 07:05:01.0380 4816 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/06/30 07:05:02.0815 4816 ================================================================================

2011/06/30 07:05:02.0815 4816 SystemInfo:

2011/06/30 07:05:02.0815 4816

2011/06/30 07:05:02.0815 4816 OS Version: 6.0.6002 ServicePack: 2.0

2011/06/30 07:05:02.0815 4816 Product type: Workstation

2011/06/30 07:05:02.0815 4816 ComputerName: FALLON-LAPTOP

2011/06/30 07:05:02.0815 4816 UserName: Linda

2011/06/30 07:05:02.0815 4816 Windows directory: C:\Windows

2011/06/30 07:05:02.0815 4816 System windows directory: C:\Windows

2011/06/30 07:05:02.0815 4816 Processor architecture: Intel x86

2011/06/30 07:05:02.0815 4816 Number of processors: 1

2011/06/30 07:05:02.0815 4816 Page size: 0x1000

2011/06/30 07:05:02.0815 4816 Boot type: Normal boot

2011/06/30 07:05:02.0815 4816 ================================================================================

2011/06/30 07:05:09.0102 4816 Initialize success

2011/06/30 07:05:17.0417 3768 ================================================================================

2011/06/30 07:05:17.0417 3768 Scan started

2011/06/30 07:05:17.0417 3768 Mode: Manual;

2011/06/30 07:05:17.0417 3768 ================================================================================

2011/06/30 07:05:39.0693 3768 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/06/30 07:05:40.0271 3768 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/06/30 07:05:41.0238 3768 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/06/30 07:05:41.0565 3768 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/06/30 07:05:41.0940 3768 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/06/30 07:05:42.0439 3768 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/06/30 07:05:42.0845 3768 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/06/30 07:05:43.0250 3768 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/06/30 07:05:43.0765 3768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/06/30 07:05:44.0015 3768 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/06/30 07:05:44.0264 3768 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/06/30 07:05:44.0529 3768 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/06/30 07:05:45.0138 3768 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/06/30 07:05:45.0419 3768 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/06/30 07:05:45.0777 3768 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/06/30 07:05:46.0027 3768 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/06/30 07:05:46.0448 3768 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/06/30 07:05:46.0791 3768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/30 07:05:46.0885 3768 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/06/30 07:05:47.0244 3768 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys

2011/06/30 07:05:47.0883 3768 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/06/30 07:05:48.0195 3768 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/06/30 07:05:48.0492 3768 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/30 07:05:48.0710 3768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/06/30 07:05:48.0788 3768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/06/30 07:05:48.0960 3768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/06/30 07:05:49.0053 3768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/06/30 07:05:49.0225 3768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/06/30 07:05:49.0365 3768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/06/30 07:05:49.0537 3768 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/06/30 07:05:49.0818 3768 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/30 07:05:49.0958 3768 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/30 07:05:50.0255 3768 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/06/30 07:05:50.0551 3768 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/06/30 07:05:50.0832 3768 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/30 07:05:51.0019 3768 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/06/30 07:05:51.0440 3768 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/30 07:05:51.0549 3768 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/06/30 07:05:51.0690 3768 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/06/30 07:05:52.0111 3768 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/06/30 07:05:52.0392 3768 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/06/30 07:05:52.0517 3768 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

2011/06/30 07:05:52.0719 3768 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

2011/06/30 07:05:52.0907 3768 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/06/30 07:05:52.0985 3768 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/30 07:05:53.0187 3768 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/06/30 07:05:53.0375 3768 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/06/30 07:05:53.0609 3768 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/06/30 07:05:53.0765 3768 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/06/30 07:05:54.0155 3768 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/06/30 07:05:54.0623 3768 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/06/30 07:05:54.0857 3768 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/06/30 07:05:54.0981 3768 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/30 07:05:55.0356 3768 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/06/30 07:05:55.0652 3768 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/06/30 07:05:55.0886 3768 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/30 07:05:56.0151 3768 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/06/30 07:05:56.0385 3768 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/30 07:05:56.0666 3768 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/06/30 07:05:56.0900 3768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/06/30 07:05:57.0290 3768 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/06/30 07:05:57.0649 3768 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/30 07:05:58.0023 3768 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/06/30 07:05:58.0304 3768 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/06/30 07:05:58.0413 3768 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/06/30 07:05:58.0803 3768 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/06/30 07:05:59.0381 3768 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/06/30 07:05:59.0989 3768 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/06/30 07:06:01.0097 3768 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/06/30 07:06:01.0736 3768 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys

2011/06/30 07:06:02.0828 3768 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/06/30 07:06:06.0135 3768 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/30 07:06:06.0978 3768 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/06/30 07:06:08.0460 3768 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/06/30 07:06:09.0224 3768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/06/30 07:06:09.0739 3768 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys

2011/06/30 07:06:10.0238 3768 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys

2011/06/30 07:06:11.0096 3768 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

2011/06/30 07:06:11.0174 3768 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/30 07:06:11.0408 3768 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/30 07:06:11.0985 3768 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/06/30 07:06:12.0453 3768 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/06/30 07:06:12.0719 3768 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/06/30 07:06:12.0812 3768 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/06/30 07:06:13.0467 3768 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/06/30 07:06:13.0701 3768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/06/30 07:06:14.0310 3768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/06/30 07:06:14.0825 3768 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/30 07:06:15.0371 3768 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/06/30 07:06:15.0542 3768 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/30 07:06:16.0166 3768 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/30 07:06:16.0509 3768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/06/30 07:06:17.0461 3768 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/06/30 07:06:17.0882 3768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/06/30 07:06:18.0350 3768 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/06/30 07:06:18.0818 3768 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/06/30 07:06:19.0302 3768 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/06/30 07:06:19.0895 3768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/06/30 07:06:20.0565 3768 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/30 07:06:21.0033 3768 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/30 07:06:21.0501 3768 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/30 07:06:22.0032 3768 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/06/30 07:06:22.0157 3768 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/06/30 07:06:22.0562 3768 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/30 07:06:22.0671 3768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/06/30 07:06:22.0952 3768 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/06/30 07:06:23.0015 3768 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/30 07:06:23.0373 3768 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/30 07:06:23.0639 3768 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/30 07:06:23.0748 3768 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

2011/06/30 07:06:23.0951 3768 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/06/30 07:06:24.0762 3768 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/06/30 07:06:25.0136 3768 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/06/30 07:06:25.0511 3768 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/30 07:06:26.0072 3768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/30 07:06:26.0462 3768 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/06/30 07:06:26.0821 3768 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/06/30 07:06:27.0227 3768 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/30 07:06:27.0663 3768 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/06/30 07:06:28.0116 3768 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/06/30 07:06:28.0319 3768 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/30 07:06:28.0787 3768 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110629.019\NAVENG.SYS

2011/06/30 07:06:29.0301 3768 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110629.019\NAVEX15.SYS

2011/06/30 07:06:30.0128 3768 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/06/30 07:06:30.0627 3768 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/30 07:06:30.0986 3768 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/30 07:06:31.0548 3768 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/30 07:06:33.0857 3768 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/06/30 07:06:34.0652 3768 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/30 07:06:35.0463 3768 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/30 07:06:36.0961 3768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/06/30 07:06:38.0162 3768 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/06/30 07:06:38.0693 3768 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/30 07:06:39.0239 3768 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/06/30 07:06:39.0707 3768 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2011/06/30 07:06:40.0627 3768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/06/30 07:06:41.0204 3768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/06/30 07:06:41.0891 3768 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/06/30 07:06:43.0170 3768 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/06/30 07:06:43.0575 3768 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/06/30 07:06:44.0324 3768 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/06/30 07:06:44.0667 3768 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/06/30 07:06:45.0245 3768 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/06/30 07:06:45.0557 3768 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/06/30 07:06:46.0071 3768 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/06/30 07:06:46.0586 3768 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys

2011/06/30 07:06:47.0195 3768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/06/30 07:06:48.0505 3768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/06/30 07:06:49.0051 3768 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/30 07:06:49.0550 3768 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/06/30 07:06:50.0112 3768 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/30 07:06:50.0268 3768 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys

2011/06/30 07:06:50.0611 3768 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys

2011/06/30 07:06:51.0313 3768 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys

2011/06/30 07:06:51.0968 3768 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/06/30 07:06:52.0577 3768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/06/30 07:06:53.0247 3768 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/30 07:06:53.0669 3768 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/30 07:06:54.0059 3768 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/30 07:06:54.0870 3768 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/30 07:06:55.0353 3768 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/30 07:06:55.0712 3768 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/30 07:06:56.0243 3768 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/30 07:06:57.0007 3768 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/06/30 07:06:57.0662 3768 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/30 07:06:58.0208 3768 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/06/30 07:06:58.0879 3768 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/30 07:06:59.0425 3768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/06/30 07:07:00.0767 3768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/06/30 07:07:01.0812 3768 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/06/30 07:07:02.0810 3768 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/06/30 07:07:03.0809 3768 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/06/30 07:07:04.0573 3768 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/06/30 07:07:05.0150 3768 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/06/30 07:07:05.0618 3768 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/06/30 07:07:06.0149 3768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/06/30 07:07:06.0492 3768 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/06/30 07:07:06.0897 3768 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/06/30 07:07:07.0485 3768 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/06/30 07:07:07.0985 3768 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/06/30 07:07:08.0635 3768 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2011/06/30 07:07:08.0985 3768 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/06/30 07:07:09.0520 3768 SRTSP (e217480cc878061d7603a8cdca06c188) C:\Windows\system32\Drivers\SRTSP.SYS

2011/06/30 07:07:10.0240 3768 SRTSPL (cae71704badde6b0d5818acce20673ca) C:\Windows\system32\Drivers\SRTSPL.SYS

2011/06/30 07:07:11.0060 3768 SRTSPX (be6f1ddde2ddab75225d83e6b03a2348) C:\Windows\system32\Drivers\SRTSPX.SYS

2011/06/30 07:07:11.0835 3768 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/06/30 07:07:12.0385 3768 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/30 07:07:13.0495 3768 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/30 07:07:14.0500 3768 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/30 07:07:16.0290 3768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/06/30 07:07:17.0175 3768 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/06/30 07:07:17.0540 3768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/06/30 07:07:18.0265 3768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/06/30 07:07:18.0750 3768 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/06/30 07:07:19.0450 3768 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/30 07:07:20.0290 3768 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/30 07:07:21.0065 3768 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/06/30 07:07:21.0410 3768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/06/30 07:07:21.0635 3768 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/30 07:07:21.0715 3768 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/30 07:07:22.0384 3768 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/30 07:07:22.0883 3768 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/06/30 07:07:23.0226 3768 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/30 07:07:23.0679 3768 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/06/30 07:07:25.0457 3768 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/30 07:07:26.0596 3768 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/06/30 07:07:27.0532 3768 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/06/30 07:07:28.0452 3768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/06/30 07:07:29.0326 3768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/06/30 07:07:30.0309 3768 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/30 07:07:31.0666 3768 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys

2011/06/30 07:07:32.0368 3768 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/30 07:07:33.0132 3768 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/06/30 07:07:33.0398 3768 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/30 07:07:33.0476 3768 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/30 07:07:34.0037 3768 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/06/30 07:07:34.0490 3768 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2011/06/30 07:07:36.0549 3768 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/06/30 07:07:37.0235 3768 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/30 07:07:38.0514 3768 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/06/30 07:07:39.0326 3768 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/30 07:07:39.0825 3768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/06/30 07:07:40.0293 3768 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/06/30 07:07:40.0776 3768 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/06/30 07:07:41.0291 3768 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/06/30 07:07:42.0290 3768 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/06/30 07:07:42.0882 3768 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/06/30 07:07:43.0522 3768 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/06/30 07:07:43.0974 3768 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/06/30 07:07:44.0598 3768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/06/30 07:07:45.0690 3768 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 07:07:45.0815 3768 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/30 07:07:46.0283 3768 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/06/30 07:07:47.0063 3768 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/30 07:07:47.0672 3768 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/06/30 07:07:48.0202 3768 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/06/30 07:07:48.0701 3768 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/30 07:07:49.0154 3768 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/30 07:07:49.0294 3768 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys

2011/06/30 07:07:49.0700 3768 {B154377D-700F-42cc-9474-23858FBDF4BD} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\CyberLink\PowerDVD9\000.fcl

2011/06/30 07:07:49.0778 3768 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0

2011/06/30 07:07:50.0511 3768 Boot (0x1200) (8891c83c018a88cc195004edb4fedbfa) \Device\Harddisk0\DR0\Partition0

2011/06/30 07:07:50.0542 3768 Boot (0x1200) (31720aec8301ffb60987ef933c75460f) \Device\Harddisk0\DR0\Partition1

2011/06/30 07:07:50.0573 3768 ================================================================================

2011/06/30 07:07:50.0573 3768 Scan finished

2011/06/30 07:07:50.0573 3768 ================================================================================

2011/06/30 07:07:50.0589 4740 Detected object count: 0

2011/06/30 07:07:50.0589 4740 Actual detected object count: 0

Results of screen317's Security Check version 0.99.17

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Symantec Endpoint Protection

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Windows Defender MSASCui.exe

Empowering Technology eSettings Service capuserv.exe

Windows Defender MSASCui.exe

``````````End of Log````````````

Link to post
Share on other sites

It's running a lot faster now!

I am glad to hear that! :D

We still have some more to do:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\windows\system32\drivers\80540847.sys

Driver::

80540847

Reglock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply.

How is your computer running now?

Link to post
Share on other sites

It's still running faster :).

ComboFix 11-06-30.03 - Linda 06/30/2011 11:31:31.2.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.267 [GMT -7:00]

Running from: c:\users\Linda\Desktop\ComboFix.exe

Command switches used :: c:\users\Linda\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\80540847.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_80540847

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))

.

.

2011-06-30 18:43 . 2011-06-30 18:49 -------- d-----w- c:\users\Linda\AppData\Local\temp

2011-06-30 18:43 . 2011-06-30 18:43 -------- d-----w- c:\users\Fallon\AppData\Local\temp

2011-06-29 23:47 . 2011-06-29 23:47 -------- d-----w- c:\users\Linda\AppData\Roaming\PeerNetworking

2011-06-29 23:28 . 2011-06-29 23:28 -------- d-----w- c:\users\Linda\AppData\Local\Apps

2011-06-29 23:28 . 2011-06-29 23:30 -------- d-----w- c:\users\Linda\AppData\Local\Deployment

2011-06-28 15:37 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9247C8AE-45DE-4CE9-909F-90A189CF660B}\mpengine.dll

2011-06-28 02:49 . 2011-06-28 02:49 -------- d-----w- c:\program files\Apple Software Update

2011-06-28 02:42 . 2011-06-28 02:42 -------- d-----w- c:\program files\iPod

2011-06-28 02:02 . 2011-06-28 02:02 -------- d-----w- c:\program files\Bonjour

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-06-23 23:01 . 2011-06-23 23:01 -------- d-----w- c:\users\Fallon\AppData\Roaming\Malwarebytes

2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes

2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\programdata\Malwarebytes

2011-06-21 22:17 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-16 08:39 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 08:39 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 08:39 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 08:39 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 08:39 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 08:38 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 08:37 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 08:37 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 08:37 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 08:37 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-27 22:08 . 2011-06-27 22:08 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-06-27 22:08 . 2011-06-27 22:08 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-27 22:08 . 2011-06-27 22:08 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-27 22:08 . 2011-06-27 22:08 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-06-27 22:07 . 2011-06-27 22:07 152064 ----a-w- c:\windows\system32\wextract.exe

2011-06-27 22:07 . 2011-06-27 22:07 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-04-29 15:59 . 2011-06-29 11:44 276992 ----a-w- c:\windows\system32\schannel.dll

2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-06-16 04:17 . 2011-06-27 21:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-30_14.34.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-11-02 13:02 . 2011-06-30 18:49 79234 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2011-06-30 15:07 . 2006-09-20 00:47 80744 c:\windows\System32\drivers\WSVD.sys

+ 2008-08-09 21:25 . 2011-06-30 18:49 6804 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1998233532-487228089-2655391932-1001_UserData.bin

- 2011-06-30 13:58 . 2011-06-30 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-30 18:46 . 2011-06-30 18:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-06-30 13:58 . 2011-06-30 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-30 18:46 . 2011-06-30 18:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-19 10:18 . 2011-06-30 18:44 308328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-03-19 10:18 . 2011-06-30 04:49 308328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-06-29 22:44 . 2011-06-30 14:02 1070100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1998233532-487228089-2655391932-1001-4096.dat

+ 2011-06-29 22:44 . 2011-06-30 18:45 1070100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1998233532-487228089-2655391932-1001-4096.dat

+ 2011-06-30 18:45 . 2011-06-30 18:45 1457744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1998233532-487228089-2655391932-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"Acer Tour Reminder"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-22 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]

"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-31 75048]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-30 115560]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-31 535336]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-20 80744]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/10 11:11];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-31 00:53 87536]

S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-30 c:\windows\Tasks\RMSchedule.job

- c:\program files\Registry Mechanic\RegMech.exe [2010-11-25 16:46]

.

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{2ECAE152-400F-4AEE-B685-F140C8E3661A}.job

- c:\windows\system32\msfeedssync.exe [2011-06-27 22:07]

.

2011-04-03 c:\windows\Tasks\User_Feed_Synchronization-{307C4116-25B9-4330-930D-E68F9CA585BB}.job

- c:\windows\system32\msfeedssync.exe [2011-06-27 22:07]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.1.1 68.238.64.12

FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5868)

c:\windows\system32\MsnChatHook.dll

c:\windows\system32\ShowErrMsg.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\BatchCrypto.dll

c:\windows\system32\CryptoAPI.dll

c:\windows\system32\keyManager.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\windows\RtHDVCpl.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Launch Manager\LManager.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\acer\Empowering Technology\ENET\ENMTRAY.EXE

c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

c:\users\Linda\AppData\Local\Temp\RtkBtMnt.exe

c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Apoint2K\Apntex.exe

.

**************************************************************************

.

Completion time: 2011-06-30 12:10:04 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-30 19:09

ComboFix2.txt 2011-06-30 14:49

.

Pre-Run: 26,802,065,408 bytes free

Post-Run: 26,488,426,496 bytes free

.

- - End Of File - - 0DEBAC69A226D1AD7C0514377357ABA0

Link to post
Share on other sites

It's still running faster :).

I am thrilled to hear that! :D

I'm not seeing anything suspicious remaining in your ComboFix logs. Let's run some online scans to confirm you're clean, before we move on to the next step ;):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

--------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

--------

Please include the ESET and BitDefender reports in your next reply, and let me know if you encounter any issues ;).

Link to post
Share on other sites

Looks clean?

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

QuickScan Beta 32-bit v0.9.9.93

-------------------------------

Scan date: Thu Jun 30 17:42:42 2011

Machine ID: D84B8B3B

No infection found.

-------------------

Processes

---------

(unsigned) Acer Empowering Techonology Framework L 4144 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

(unsigned) Acer eNet Management 1672 C:\Acer\Empowering Technology\eNet\eNMTray.exe

(unsigned) Acer ePower Management 4136 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

(unsigned) Acer eRecovery Management 5000 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

(unsigned) Cyberlink PowerCinema 3360 C:\Program Files\Acer\Acer Arcade\PCMService.exe

(unsigned) eDataSecurity 2504 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

(verified) Alps Pointing-device Driver 3936 C:\Program Files\Apoint2K\Apoint.exe

(verified) Alps Pointing-device Driver for Windows 5676 C:\Program Files\Apoint2K\ApntEx.exe

(verified) cyberlink brs 3624 C:\Program Files\CyberLink\Shared Files\brs.exe

(verified) Firefox 4960 C:\Program Files\Mozilla Firefox\firefox.exe

(verified) Firefox 5208 C:\Program Files\Mozilla Firefox\plugin-container.exe

(verified) HD Audio Control Panel 1532 C:\Windows\RtHDVCpl.exe

(verified) Intel® Common User Interface 3872 C:\Windows\System32\hkcmd.exe

(verified) Intel® Common User Interface 2108 C:\Windows\System32\igfxpers.exe

(verified) Intel® Common User Interface 3896 C:\Windows\System32\igfxsrvc.exe

(verified) Intel® Common User Interface 3620 C:\Windows\System32\igfxtray.exe

(verified) iTunes 3680 C:\Program Files\iTunes\iTunesHelper.exe

(verified) Microsoft® Windows® Operating System 948 C:\Program Files\Windows Media Player\wmpnscfg.exe

(verified) Microsoft® Windows® Operating System 2120 C:\Program Files\Windows Sidebar\sidebar.exe

(verified) Microsoft® Windows® Operating System 4936 C:\Windows\explorer.exe

(verified) Microsoft® Windows® Operating System 1224 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 3332 C:\Windows\System32\taskeng.exe

(verified) Microsoft® Windows® Operating System 3700 C:\Windows\WindowsMobile\wmdSync.exe

(verified) PC Tool Smart Alert 2880 C:\Program Files\Registry Mechanic\Alert.exe

(verified) PowerDVD RC Service 3692 C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

(verified) SSDMonit Application 3304 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

(verified) Symantec Security Technologies 2916 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

(verified) Windows 3376 C:\Windows\System32\wpcumi.exe

Network activity

----------------

Process firefox.exe (4960) connected on port 80 (HTTP) --> 74.125.224.171

Process firefox.exe (4960) connected on port 80 (HTTP) --> 69.171.224.12

Process firefox.exe (4960) connected on port 80 (HTTP) --> 74.125.224.171

Process plugin-container.exe (5208) connected on port 80 (HTTP) --> 199.7.52.190

Autoruns and critical files

---------------------------

(unsigned) acer eNetManagement c:\windows\system32\enethook.dll

(unsigned) Acer Tour Reminder C:\Acer\AcerTour\Reminder.exe

(unsigned) Acer.scr C:\Windows\system32\Acer.scr

(unsigned) Cyberlink PowerCinema C:\Program Files\Acer\Acer Arcade\PCMService.exe

(unsigned) eDataSecurity C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

(unsigned) launcher.exe C:\Program Files\Acer Assist\launcher.exe

(unsigned) PowerReg C:\Program Files\Acer Registration\ACE1.exe

(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe

(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

(verified) Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe

(verified) cyberlink brs C:\Program Files\CyberLink\Shared Files\brs.exe

(verified) HD Audio Control Panel C:\Windows\RtHDVCpl.exe

(verified) Intel® Common User Interface C:\Windows\System32\hkcmd.exe

(verified) Intel® Common User Interface C:\Windows\System32\igfxdev.dll

(verified) Intel® Common User Interface C:\Windows\System32\igfxpers.exe

(verified) Intel® Common User Interface C:\Windows\System32\igfxtray.exe

(verified) iTunes C:\Program Files\iTunes\iTunesHelper.exe

(verified) Launch Manager C:\Program Files\Launch Manager\LManager.exe

(verified) Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE

(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe

(verified) Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\oobefldr.dll

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) Microsoft® Windows® Operating System C:\Windows\WindowsMobile\wmdSync.exe

(verified) MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

(verified) PowerDVD Language Application C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe

(verified) PowerDVD RC Service C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

(verified) Realtek Voice Manager C:\Windows\Skytel.exe

(verified) SSDMonit Application C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

(verified) Symantec Security Technologies C:\Program Files\Common Files\Symantec Shared\ccApp.exe

(verified) Windows C:\Windows\System32\wpcumi.exe

(verified) Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe

(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins

---------------

(unsigned) ActiveToolBand Module C:\Windows\System32\ActiveToolBand.dll

(unsigned) eDStoolbar Module C:\Windows\System32\eDStoolbar.dll

(unsigned) Panda3D Game Engine Plug-in 1.0.1 C:\Windows\Downloaded Program Files\p3dactivex.ocx

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

(verified) AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

(verified) BitDefender QuickScan C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

(verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) Family Feud C:\Windows\Downloaded Program Files\familyfeud.ocx

(verified) Games C:\Windows\Downloaded Program Files\wwlaunch.ocx

(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

(verified) Windows C:\Windows\System32\wpclsp.dll

(verified) Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Scan

----

(unsigned) MD5: 1ecd388c55b7bd4468395cdfd4488f3d C:\Acer\AcerTour\Reminder.exe

(unsigned) MD5: 3845b6555de995f6c0c07ae2abcc0532 C:\Acer\ALaunch\ALaunchSvc.exe

(unsigned) MD5: 4cd3dca5f48d7dce9a3ee90df83a1223 C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

(unsigned) MD5: 1b05cfdbf6e769028703b6368e91ba8d C:\Acer\Empowering Technology\Acer.Empowering.Framework.Host.dll

(unsigned) MD5: 363ec83893477e492c2ea52fa95253dc C:\Acer\Empowering Technology\Acer.Empowering.Framework.Interface.dll

(unsigned) MD5: 8092bc19097a8d5b07a44e49d3aa239d C:\Acer\Empowering Technology\Acer.Empowering.Framework.LaunchBarView.dll

(unsigned) MD5: 50413b53240d067eadf1e7bd6a38d0f2 C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

(unsigned) MD5: 13a8cec1d544c448f974912690277b7e C:\Acer\Empowering Technology\Acer.Empowering.Framework.Presenter.dll

(unsigned) MD5: b044d50a56fe16fc9f3d5445e9bf106f C:\Acer\Empowering Technology\acer.empowering.framework.shared.dll

(unsigned) MD5: 39cbe2e778299f468bbd5b45cfb90a70 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

(unsigned) MD5: 6d0db7b8895bbbd610a8d6af9672431a C:\Acer\Empowering Technology\Acer.Empowering.Shared.UI.dll

(unsigned) MD5: 72a2a89cfe8eceebe84efbe5cbbc1dd7 C:\Acer\Empowering Technology\acer.empowering.windows.forms.dll

(unsigned) MD5: e090ee780714e376062198c6625d5b51 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

(unsigned) MD5: 320d3528de1771c8c7e9b53db0ebef74 C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll

(unsigned) MD5: 503a72d3b29427a80c610c92163830e7 C:\Acer\Empowering Technology\eLock.Serv.Interface.dll

(unsigned) MD5: 490001cc1c1a5b2e120199480ba6adff C:\Acer\Empowering Technology\eLock\eLock.Client.dll

(unsigned) MD5: 59870aba7eab51ebd56f21d90fbd456b C:\Acer\Empowering Technology\eLock\eLockCTL.dll

(unsigned) MD5: fb5383bfd4dec6792aaef76c9343ecff C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

(unsigned) MD5: 72a2a89cfe8eceebe84efbe5cbbc1dd7 C:\Acer\Empowering Technology\eNet\Acer.Empowering.Windows.Forms.dll

(unsigned) MD5: 76605bbac5e28ab48ec0face46ee743e C:\Acer\Empowering Technology\eNet\Diagnosis.dll

(unsigned) MD5: 9316c26f089cf2cea2bd1496ac9f38a4 C:\Acer\Empowering Technology\eNet\eNet Service.exe

(unsigned) MD5: 282abebf70112d79cd92dfd3046cdeea C:\Acer\Empowering Technology\eNet\eNet.dll

(unsigned) MD5: 2bb5b239a4501c0a846a2e43d3a98986 C:\Acer\Empowering Technology\eNet\eNetHook.dll

(unsigned) MD5: 72ee63ff69a73ba13dbb8fc9fb69acbb C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

(unsigned) MD5: 84e951281677788db8fd9d0a669a8e0f C:\Acer\Empowering Technology\eNet\eNetServiceInterface.dll

(unsigned) MD5: 90e857889d71c3d46d60bd352c8dab99 C:\Acer\Empowering Technology\eNet\eNMIPCmm.dll

(unsigned) MD5: 5b1a52a2f4573a1ca947a3af859cf6f7 C:\Acer\Empowering Technology\eNet\eNMTray.exe

(unsigned) MD5: 44db6dff9cf3902b120bf846f1ae96d6 C:\Acer\Empowering Technology\eNet\ICmdDispatcher.dll

(unsigned) MD5: a36a62960d9da21fb5fdd7276c5beacd C:\Acer\Empowering Technology\eNet\MultiLang.dll

(unsigned) MD5: e6ae8a882646891c35af11300bf9a7ea C:\Acer\Empowering Technology\eNet\Network.dll

(unsigned) MD5: 0dd9a112f0fa435d354eb4bdf3298b7d C:\Acer\Empowering Technology\eNet\NetworkCardMgr.dll

(unsigned) MD5: ca4da3278410ff88a6b56fd4213963c2 C:\Acer\Empowering Technology\eNet\PfMgr.dll

(unsigned) MD5: f9bd37444b07018d5bf56d49ec12dc03 C:\Acer\Empowering Technology\eNet\ProfileSwitch.dll

(unsigned) MD5: 152dbb3dbbb3b7110fecebdb34cc7248 C:\Acer\Empowering Technology\eNet\Wlan.dll

(unsigned) MD5: add5e336a86eb9e6bcd590cc8b17ac6c C:\Acer\Empowering Technology\ePower\en\ePower_UI.resources.dll

(unsigned) MD5: 0f0e9ebe47a7b2bd7444424473fa3962 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

(unsigned) MD5: e75999892cec703b3e1b5221b5bac92a C:\Acer\Empowering Technology\ePower\ePower_UI.dll

(unsigned) MD5: ee80ac462a171dbf06eeb2058b5d3bc6 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

(unsigned) MD5: dbebe0c451f1ee6ed9028d116e77495b C:\Acer\Empowering Technology\ePower\SysHook.dll

(unsigned) MD5: 442e9fbbeebd916519d8381bc2f71ea9 C:\Acer\Empowering Technology\ePower\WMIInterface.dll

(unsigned) MD5: e09f72b19d45906ceb2115e55005bfc5 C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll

(unsigned) MD5: 4f779ad993a2975d945ee6985cac0fea C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

(unsigned) MD5: 3d184410ef5ee017e186ac96181b3ff8 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

(unsigned) MD5: 4f0d42339259d4ab955b565845bbe583 C:\Acer\Empowering Technology\eRecovery\eRecoveryUI.dll

(unsigned) MD5: 6b46e837ec3ff448a0665dc86c5208dc C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

(unsigned) MD5: c5333e9a6992eb4bd5d2592efc0dcc03 C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll

(unsigned) MD5: b7c242b0251d658cabf5f3fd91eef3eb C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll

(unsigned) MD5: 5086dc931f7c15bcf12e29d5eaa78b2d C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll

(unsigned) MD5: 6a7b3889caccc5ce4f5e8e9fd8c921ff C:\Acer\Empowering Technology\eSettings\eSettings.View.dll

(unsigned) MD5: dca768724878d1177034691517ef9b91 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

(unsigned) MD5: 5f3bd963f02108c36592b5728fa725c5 C:\Acer\Empowering Technology\log4net.dll

(unsigned) MD5: 842684e0df20a59e293da1c6f0dfe261 C:\Acer\Mobility Center\MobilityService.exe

(unsigned) MD5: f9e2c7373c92b6cd9c398b30e85d126e C:\Program Files\Acer Assist\launcher.exe

(unsigned) MD5: dd75c4fde2026b84d85737cd4458e0ff C:\Program Files\Acer Registration\ACE1.exe

(unsigned) MD5: 48f25fc1b2796cda2aeeffe560666055 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

(unsigned) MD5: e704d274715e0b1fb5b558951ff95f16 C:\Program Files\Acer\Acer Arcade\Kernel\common\CLRCEngine3.dll

(unsigned) MD5: 9f75dfcaffaccd99f9854fab0aa1bc7f C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll

(unsigned) MD5: 2a85d608a484dfe7eac7b9cae089bf73 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

(unsigned) MD5: 28b3d45b0cb49f24157e92d90bf343c1 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll

(unsigned) MD5: 9dd3fcfd2eb348514ac6ac11616672eb C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapX.dll

(unsigned) MD5: 746724540bd4b618b89f8a614a02f50d C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

(unsigned) MD5: 237c6256b2e4d3015e4f42f4a6539784 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll

(unsigned) MD5: d86f329c63bde78751b2f7ef352eb222 C:\Program Files\Acer\Acer Arcade\Kernel\TV\PCMRRec4.dll

(unsigned) MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Acer\Acer Arcade\MFC71.dll

(unsigned) MD5: 97eafd36a7e6b61319abfbceda328f63 C:\Program Files\Acer\Acer Arcade\PCMService.exe

(unsigned) MD5: 793ff718477345cd5d232c50bed1e452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll

(unsigned) MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

(unsigned) MD5: dddbd3d825e9846b6adb78578aa7a699 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll

(unsigned) MD5: 103976a97e25724e0a3ed50e48921cd2 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll

(unsigned) MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe

(unsigned) MD5: 0c9fffc25f797f8c7c3f99bc12cfa411 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll

(unsigned) MD5: 1a5e278dedf15c328aaeec5dcb18b808 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\af6f706cdcf02a312a9a339c20a8dbfb\System.Configuration.ni.dll

(unsigned) MD5: 11ff68ddfe3e90de4401ec43d7acbbca C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\daf35d9703895998bae9efd6d23be282\System.Drawing.ni.dll

(unsigned) MD5: e5cac0211584e4a8e50e5ca30e961602 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99ebbe6c25ebbd2ebd6e0f842ae84617\System.Management.ni.dll

(unsigned) MD5: 08ca595ad1f7a889aac47e4b8bf10878 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3e1c184b683c96ec23c1cf22aec704d9\System.Runtime.Remoting.ni.dll

(unsigned) MD5: ed95dc7692e4bfaa3e219b6fcbe1c0f1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7d35e4a8583c5dc077a1d43d12ad8855\System.ServiceProcess.ni.dll

(unsigned) MD5: 08489cfbc16f770f093befc76bff8d1f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\9e5583324c4659b40b4b440fb1a9e639\System.Web.ni.dll

(unsigned) MD5: 752c6a33b87bc81c8481906e6c6e79bf C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4d5fc62cbae71aae3cf1fa90446920ef\System.Windows.Forms.ni.dll

(unsigned) MD5: fdeebd2a0a0ba6000c904dc4fae674a5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll

(unsigned) MD5: e43a888be303497084f56b52770390e1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll

(unsigned) MD5: 03ca457cae11969e40b3840ad9432045 C:\Windows\Downloaded Program Files\p3dactivex.ocx

(unsigned) MD5: a356c37d72ac22bdfbe421e7a96b51d6 C:\Windows\System32\ActiveToolBand.dll

(unsigned) MD5: b9876a758b370ff98e21b95a855bfe9b C:\Windows\System32\ADMIN_CLASS_LIB.dll

(unsigned) MD5: 5cb2c74f632f47f39071ad7487b0f825 C:\Windows\system32\Adobe\Director\np32dsw.dll

(unsigned) MD5: 9f97089fa244b38321464f0aa40e186f C:\Windows\System32\BatchCrypto.dll

(unsigned) MD5: df53b8bd2c2d86e8cfeb4bb488b5ea37 C:\Windows\System32\CryptoAPI.dll

(unsigned) MD5: 7f1c1f78d709c4a54cbb46ede7e0b48d C:\Windows\system32\DRIVERS\NTIDrvr.sys

(unsigned) MD5: 5c142ec504f37c5ff36ac1ab73f20c1b C:\Windows\System32\eDStoolbar.dll

(unsigned) MD5: 2bb5b239a4501c0a846a2e43d3a98986 c:\windows\system32\enethook.dll

(unsigned) MD5: 69a6f66e921ae6a6814f021f7e9fa1d0 C:\Windows\System32\keyManager.dll

(unsigned) MD5: 81adb60c39decb86676d1c6f9578e68b C:\Windows\System32\MSNChatHook.dll

(unsigned) MD5: 36b091cb0b6fdbe01df37425014b2bb2 C:\Windows\System32\PSDUtil.dll

(unsigned) MD5: ff265743d5fa487d5721b4e94d17842a C:\Windows\System32\ShowErrMsg.dll

(unsigned) MD5: 2fb1494c450fb7b0c350492acc24607d C:\Windows\System32\sysenv.dll

(unsigned) MD5: 75f2a9b695ef3ef22d731f059920f636 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll

(unsigned) MD5: ccc2e312486ae6b80970211da472268b C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.06 MB sent, 1.16 KB recvd

Scanned 1294 files and modules - 87 seconds

==============================================================================

Link to post
Share on other sites

Looks clean?

Looks clean! :D

It looks like you've also been doing a good job keeping your programs up-to-date; keep it up! ;)

If you don't have any more problems or concerns, I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled:

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

You have NO antivirus program installed !

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.