Cannot Get Rid of these Issues

TaterTot24 · October 25, 2011

I have been fighting the problem for weeks, so I finally decided to post here.

I was having problem with browser redirects at first and the Windows theme would sometimes randomly change. Now I am having issue with the SVCHost process. Just today, AVG caught a "shutcrakers.freetcp.com" javascript exploit.

I have gotten the Anti-Malware to run and provide clean results the other day, but now I cannot get it to run without crashing. I have also ran Spybot Search & Destroy and sometimes it finds stuff and sometimes it doesn't. Whatever I seem to be able to get rid of, it apparently just comes back the next day.

Thanks in advance for all of your help!

Here is the DDS log...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by RelayAPawn at 11:31:43 on 2011-10-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.767 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\DigitalPersona\Bin\DpHost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Documents and Settings\RelayAPawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\relayapawn\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\windows\system32\reg.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285369290890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{06335B35-0C02-453C-B941-1DDB75122B09} : NameServer = 192.168.156.1,208.67.222.222

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-17 366152]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-17 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-17 22216]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-25 41272]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-21 1025352]

.

=============== Created Last 30 ================

.

2011-10-25 17:55:13 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-17 21:47:15 -------- d-----w- c:\windows\system32\Adobe

2011-10-17 17:44:26 -------- d-----w- c:\documents and settings\relayapawn\application data\Malwarebytes

2011-10-17 17:44:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-10-17 17:44:18 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-17 17:44:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-17 17:44:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-17 17:32:59 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-10-17 17:32:57 -------- d-----w- c:\program files\AVG Secure Search

2011-10-17 17:31:15 -------- d-----w- c:\documents and settings\relayapawn\application data\AVG2012

2011-10-17 17:23:40 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-10-17 17:09:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-10-17 17:09:37 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-10-14 16:35:16 -------- d-----w- c:\windows\pss

2011-10-14 16:29:39 -------- d-----w- c:\windows\1956e9f56f4b4fc3b6f45869d06d95e9.TMP

2011-10-13 23:11:43 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-10-13 23:11:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-10-13 23:03:47 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-13 23:03:47 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-13 17:32:37 -------- d-----w- c:\program files\Lavasoft

2011-10-13 00:54:53 -------- d-----w- c:\documents and settings\relayapawn\local settings\application data\AVG Security Toolbar

.

==================== Find3M ====================

.

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD1600AAJS-75WAA0 rev.58.01D58 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A69231B

user & kernel MBR OK

.

============= FINISH: 11:38:36.00 ===============

attach.txt

LDTate · October 25, 2011

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

TaterTot24 · October 26, 2011

The computer seems to be better at the moment, but it usually gets worse as the day goes on....

Here is the TDSSKiller log...

09:38:18.0578 3088 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21

09:38:18.0953 3088 ============================================================

09:38:18.0953 3088 Current date / time: 2011/10/26 09:38:18.0953

09:38:18.0953 3088 SystemInfo:

09:38:18.0953 3088

09:38:18.0953 3088 OS Version: 5.1.2600 ServicePack: 3.0

09:38:18.0953 3088 Product type: Workstation

09:38:18.0953 3088 ComputerName: RELY-20DBE13927

09:38:18.0953 3088 UserName: Rely

09:38:18.0953 3088 Windows directory: C:\WINDOWS

09:38:18.0953 3088 System windows directory: C:\WINDOWS

09:38:18.0953 3088 Processor architecture: Intel x86

09:38:18.0953 3088 Number of processors: 2

09:38:18.0953 3088 Page size: 0x1000

09:38:18.0953 3088 Boot type: Normal boot

09:38:18.0953 3088 ============================================================

09:38:20.0687 3088 Initialize success

09:38:29.0390 3952 ============================================================

09:38:29.0390 3952 Scan started

09:38:29.0390 3952 Mode: Manual;

09:38:29.0390 3952 ============================================================

09:38:31.0078 3952 Abiosdsk - ok

09:38:31.0093 3952 abp480n5 - ok

09:38:31.0156 3952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:38:31.0156 3952 ACPI - ok

09:38:31.0203 3952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:38:31.0203 3952 ACPIEC - ok

09:38:31.0203 3952 adpu160m - ok

09:38:31.0234 3952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:38:31.0250 3952 aec - ok

09:38:31.0312 3952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:38:31.0312 3952 AFD - ok

09:38:31.0312 3952 Aha154x - ok

09:38:31.0328 3952 aic78u2 - ok

09:38:31.0328 3952 aic78xx - ok

09:38:31.0343 3952 AliIde - ok

09:38:31.0359 3952 amsint - ok

09:38:31.0359 3952 asc - ok

09:38:31.0375 3952 asc3350p - ok

09:38:31.0375 3952 asc3550 - ok

09:38:31.0421 3952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:38:31.0421 3952 AsyncMac - ok

09:38:31.0437 3952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:38:31.0437 3952 atapi - ok

09:38:31.0437 3952 Atdisk - ok

09:38:31.0453 3952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:38:31.0468 3952 Atmarpc - ok

09:38:31.0500 3952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:38:31.0500 3952 audstub - ok

09:38:31.0562 3952 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

09:38:31.0562 3952 AVGIDSDriver - ok

09:38:31.0593 3952 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

09:38:31.0593 3952 AVGIDSEH - ok

09:38:31.0609 3952 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

09:38:31.0609 3952 AVGIDSFilter - ok

09:38:31.0671 3952 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

09:38:31.0671 3952 AVGIDSShim - ok

09:38:31.0734 3952 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

09:38:31.0734 3952 Avgldx86 - ok

09:38:31.0750 3952 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

09:38:31.0750 3952 Avgmfx86 - ok

09:38:31.0781 3952 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

09:38:31.0781 3952 Avgrkx86 - ok

09:38:31.0828 3952 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

09:38:31.0828 3952 Avgtdix - ok

09:38:31.0890 3952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:38:31.0890 3952 Beep - ok

09:38:31.0937 3952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:38:31.0937 3952 cbidf2k - ok

09:38:31.0953 3952 cd20xrnt - ok

09:38:31.0984 3952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:38:31.0984 3952 Cdaudio - ok

09:38:32.0031 3952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:38:32.0031 3952 Cdfs - ok

09:38:32.0062 3952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:38:32.0062 3952 Cdrom - ok

09:38:32.0109 3952 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

09:38:32.0109 3952 cercsr6 - ok

09:38:32.0125 3952 Changer - ok

09:38:32.0125 3952 CmdIde - ok

09:38:32.0140 3952 Cpqarray - ok

09:38:32.0156 3952 dac2w2k - ok

09:38:32.0156 3952 dac960nt - ok

09:38:32.0187 3952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:38:32.0187 3952 Disk - ok

09:38:32.0250 3952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:38:32.0265 3952 dmboot - ok

09:38:32.0281 3952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:38:32.0281 3952 dmio - ok

09:38:32.0328 3952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:38:32.0328 3952 dmload - ok

09:38:32.0359 3952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:38:32.0375 3952 DMusic - ok

09:38:32.0375 3952 dpti2o - ok

09:38:32.0437 3952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:38:32.0437 3952 drmkaud - ok

09:38:32.0546 3952 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

09:38:32.0562 3952 e1express - ok

09:38:32.0593 3952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:38:32.0593 3952 Fastfat - ok

09:38:32.0593 3952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:38:32.0609 3952 Fdc - ok

09:38:32.0656 3952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:38:32.0656 3952 Fips - ok

09:38:32.0671 3952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:38:32.0687 3952 Flpydisk - ok

09:38:32.0750 3952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:38:32.0750 3952 FltMgr - ok

09:38:32.0781 3952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:38:32.0781 3952 Fs_Rec - ok

09:38:32.0796 3952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:38:32.0796 3952 Ftdisk - ok

09:38:32.0843 3952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:38:32.0843 3952 Gpc - ok

09:38:32.0843 3952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:38:32.0859 3952 HDAudBus - ok

09:38:32.0859 3952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:38:32.0859 3952 hidusb - ok

09:38:32.0984 3952 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys

09:38:32.0984 3952 HPFXBULK - ok

09:38:32.0984 3952 hpn - ok

09:38:33.0062 3952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:38:33.0078 3952 HTTP - ok

09:38:33.0078 3952 i2omgmt - ok

09:38:33.0093 3952 i2omp - ok

09:38:33.0093 3952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

09:38:33.0093 3952 i8042prt - ok

09:38:33.0296 3952 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:38:33.0421 3952 ialm - ok

09:38:33.0437 3952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:38:33.0437 3952 Imapi - ok

09:38:33.0453 3952 ini910u - ok

09:38:33.0656 3952 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

09:38:33.0781 3952 IntcAzAudAddService - ok

09:38:33.0796 3952 IntelIde - ok

09:38:33.0859 3952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:38:33.0859 3952 intelppm - ok

09:38:33.0890 3952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:38:33.0890 3952 Ip6Fw - ok

09:38:33.0953 3952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:38:33.0953 3952 IpFilterDriver - ok

09:38:33.0984 3952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:38:33.0984 3952 IpInIp - ok

09:38:34.0031 3952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:38:34.0031 3952 IpNat - ok

09:38:34.0046 3952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:38:34.0046 3952 IPSec - ok

09:38:34.0062 3952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:38:34.0062 3952 IRENUM - ok

09:38:34.0109 3952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:38:34.0109 3952 isapnp - ok

09:38:34.0140 3952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:38:34.0140 3952 Kbdclass - ok

09:38:34.0140 3952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:38:34.0140 3952 kbdhid - ok

09:38:34.0203 3952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:38:34.0203 3952 kmixer - ok

09:38:34.0234 3952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:38:34.0234 3952 KSecDD - ok

09:38:34.0234 3952 lbrtfdc - ok

09:38:34.0265 3952 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

09:38:34.0265 3952 MBAMProtector - ok

09:38:34.0281 3952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:38:34.0281 3952 mnmdd - ok

09:38:34.0296 3952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:38:34.0296 3952 Modem - ok

09:38:34.0312 3952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:38:34.0312 3952 Mouclass - ok

09:38:34.0343 3952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:38:34.0343 3952 mouhid - ok

09:38:34.0359 3952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:38:34.0359 3952 MountMgr - ok

09:38:34.0375 3952 mraid35x - ok

09:38:34.0375 3952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:38:34.0390 3952 MRxDAV - ok

09:38:34.0453 3952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:38:34.0484 3952 MRxSmb - ok

09:38:34.0531 3952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:38:34.0531 3952 Msfs - ok

09:38:34.0578 3952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:38:34.0593 3952 MSKSSRV - ok

09:38:34.0609 3952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:38:34.0625 3952 MSPCLOCK - ok

09:38:34.0625 3952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:38:34.0625 3952 MSPQM - ok

09:38:34.0671 3952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:38:34.0671 3952 mssmbios - ok

09:38:34.0718 3952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:38:34.0718 3952 Mup - ok

09:38:34.0750 3952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:38:34.0750 3952 NDIS - ok

09:38:34.0812 3952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:38:34.0812 3952 NdisTapi - ok

09:38:34.0828 3952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:38:34.0843 3952 Ndisuio - ok

09:38:34.0843 3952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:38:34.0843 3952 NdisWan - ok

09:38:34.0875 3952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:38:34.0875 3952 NDProxy - ok

09:38:34.0890 3952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:38:34.0890 3952 NetBIOS - ok

09:38:34.0937 3952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:38:34.0937 3952 NetBT - ok

09:38:34.0953 3952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:38:34.0953 3952 Npfs - ok

09:38:35.0031 3952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:38:35.0031 3952 Ntfs - ok

09:38:35.0093 3952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:38:35.0093 3952 Null - ok

09:38:35.0140 3952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:38:35.0140 3952 NwlnkFlt - ok

09:38:35.0156 3952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:38:35.0156 3952 NwlnkFwd - ok

09:38:35.0203 3952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

09:38:35.0203 3952 Parport - ok

09:38:35.0218 3952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:38:35.0218 3952 PartMgr - ok

09:38:35.0250 3952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:38:35.0250 3952 ParVdm - ok

09:38:35.0265 3952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:38:35.0265 3952 PCI - ok

09:38:35.0265 3952 PCIDump - ok

09:38:35.0296 3952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:38:35.0296 3952 PCIIde - ok

09:38:35.0312 3952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:38:35.0312 3952 Pcmcia - ok

09:38:35.0328 3952 PDCOMP - ok

09:38:35.0328 3952 PDFRAME - ok

09:38:35.0343 3952 PDRELI - ok

09:38:35.0343 3952 PDRFRAME - ok

09:38:35.0359 3952 perc2 - ok

09:38:35.0359 3952 perc2hib - ok

09:38:35.0421 3952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:38:35.0437 3952 PptpMiniport - ok

09:38:35.0484 3952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:38:35.0484 3952 PSched - ok

09:38:35.0515 3952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:38:35.0515 3952 Ptilink - ok

09:38:35.0531 3952 ql1080 - ok

09:38:35.0531 3952 Ql10wnt - ok

09:38:35.0546 3952 ql12160 - ok

09:38:35.0546 3952 ql1240 - ok

09:38:35.0562 3952 ql1280 - ok

09:38:35.0593 3952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:38:35.0593 3952 RasAcd - ok

09:38:35.0609 3952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:38:35.0609 3952 Rasl2tp - ok

09:38:35.0609 3952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:38:35.0609 3952 RasPppoe - ok

09:38:35.0625 3952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:38:35.0625 3952 Raspti - ok

09:38:35.0640 3952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:38:35.0640 3952 Rdbss - ok

09:38:35.0656 3952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:38:35.0656 3952 RDPCDD - ok

09:38:35.0718 3952 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

09:38:35.0718 3952 RDPWD - ok

09:38:35.0750 3952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:38:35.0750 3952 redbook - ok

09:38:35.0812 3952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:38:35.0812 3952 Secdrv - ok

09:38:35.0890 3952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:38:35.0890 3952 Serial - ok

09:38:35.0953 3952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:38:35.0953 3952 Sfloppy - ok

09:38:35.0953 3952 Simbad - ok

09:38:35.0968 3952 Sparrow - ok

09:38:36.0015 3952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:38:36.0015 3952 splitter - ok

09:38:36.0078 3952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:38:36.0093 3952 sr - ok

09:38:36.0125 3952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:38:36.0125 3952 Srv - ok

09:38:36.0187 3952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:38:36.0187 3952 swenum - ok

09:38:36.0218 3952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:38:36.0218 3952 swmidi - ok

09:38:36.0234 3952 symc810 - ok

09:38:36.0234 3952 symc8xx - ok

09:38:36.0250 3952 sym_hi - ok

09:38:36.0250 3952 sym_u3 - ok

09:38:36.0296 3952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:38:36.0296 3952 sysaudio - ok

09:38:36.0359 3952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:38:36.0359 3952 Tcpip - ok

09:38:36.0421 3952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:38:36.0421 3952 TDPIPE - ok

09:38:36.0453 3952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:38:36.0453 3952 TDTCP - ok

09:38:36.0484 3952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:38:36.0484 3952 TermDD - ok

09:38:36.0531 3952 TosIde - ok

09:38:36.0562 3952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:38:36.0562 3952 Udfs - ok

09:38:36.0578 3952 ultra - ok

09:38:36.0640 3952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:38:36.0640 3952 Update - ok

09:38:36.0703 3952 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

09:38:36.0703 3952 usbaudio - ok

09:38:36.0734 3952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:38:36.0750 3952 usbccgp - ok

09:38:36.0750 3952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:38:36.0750 3952 usbehci - ok

09:38:36.0796 3952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:38:36.0796 3952 usbhub - ok

09:38:36.0828 3952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:38:36.0828 3952 usbprint - ok

09:38:36.0890 3952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:38:36.0890 3952 usbscan - ok

09:38:36.0937 3952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:38:36.0937 3952 USBSTOR - ok

09:38:37.0000 3952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:38:37.0000 3952 usbuhci - ok

09:38:37.0062 3952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:38:37.0062 3952 VgaSave - ok

09:38:37.0078 3952 ViaIde - ok

09:38:37.0125 3952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:38:37.0125 3952 VolSnap - ok

09:38:37.0187 3952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:38:37.0187 3952 Wanarp - ok

09:38:37.0203 3952 WDICA - ok

09:38:37.0265 3952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:38:37.0265 3952 wdmaud - ok

09:38:37.0312 3952 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

09:38:37.0312 3952 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

09:38:37.0328 3952 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

09:38:37.0328 3952 Boot (0x1200) (2a93ccc035ca43661a438f303a58304e) \Device\Harddisk0\DR0\Partition0

09:38:37.0328 3952 \Device\Harddisk0\DR0\Partition0 - ok

09:38:37.0328 3952 ============================================================

09:38:37.0328 3952 Scan finished

09:38:37.0328 3952 ============================================================

09:38:37.0343 4056 Detected object count: 1

09:38:37.0343 4056 Actual detected object count: 1

09:38:45.0671 4056 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

09:38:45.0671 4056 \Device\Harddisk0\DR0 - ok

09:38:45.0671 4056 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

09:38:49.0015 4012 Deinitialize success

LDTate · October 26, 2011

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

TaterTot24 · October 26, 2011

I have not been able to use the computer long enough to really tell anything yet...

Here is the Combo Fix Log...

ComboFix 11-10-26.03 - RelayAPawn 10/26/2011 10:42:25.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1302 [GMT -7:00]

Running from: c:\documents and settings\RelayAPawn\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\RelayAPawn\Application Data\Adobe\plugs

c:\documents and settings\RelayAPawn\Application Data\Adobe\shed

c:\documents and settings\RelayAPawn\Application Data\PriceGong

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\1.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\a.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\b.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\c.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\d.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\e.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\f.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\g.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\h.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\i.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\J.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\k.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\l.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\m.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\n.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\o.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\p.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\q.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\r.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\s.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\t.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\u.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\v.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\w.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\x.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\y.xml

c:\documents and settings\RelayAPawn\Application Data\PriceGong\Data\z.xml

c:\documents and settings\RelayAPawn\Recent\Thumbs.db

C:\Install.exe

c:\windows\help\tours\htmltour\unlock_playing.htm

c:\windows\system32\d3d9caps.dat

.

((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))

.

2011-10-22 16:56 . 2011-10-22 16:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

2011-10-17 21:47 . 2011-10-17 21:47 -------- d-----w- c:\windows\system32\Adobe

2011-10-17 17:44 . 2011-10-17 17:44 -------- d-----w- c:\documents and settings\RelayAPawn\Application Data\Malwarebytes

2011-10-17 17:44 . 2011-10-17 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-10-17 17:44 . 2011-10-18 15:53 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-17 17:44 . 2011-10-17 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-17 17:44 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-17 17:32 . 2011-10-17 17:33 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-10-17 17:32 . 2011-10-17 17:33 -------- d-----w- c:\program files\AVG Secure Search

2011-10-17 17:31 . 2011-10-17 17:31 -------- d-----w- c:\documents and settings\RelayAPawn\Application Data\AVG2012

2011-10-17 17:23 . 2011-10-17 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-10-17 17:09 . 2011-10-17 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-10-17 17:09 . 2011-10-17 17:11 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-10-14 17:04 . 2011-10-14 17:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-10-14 17:04 . 2011-10-14 17:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-10-14 16:29 . 2011-10-14 16:29 -------- d-----w- c:\windows\1956e9f56f4b4fc3b6f45869d06d95e9.TMP

2011-10-13 23:11 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-10-13 23:11 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-10-13 23:03 . 2011-10-13 23:03 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-13 17:32 . 2011-10-13 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-10-13 17:32 . 2011-10-13 17:32 -------- d-----w- c:\program files\Lavasoft

2011-10-13 07:33 . 2011-10-13 07:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-10-13 00:54 . 2011-10-13 00:54 -------- d-----w- c:\documents and settings\RelayAPawn\Local Settings\Application Data\AVG Security Toolbar

2011-10-13 00:49 . 2011-10-13 00:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-26 18:41 . 2007-10-09 21:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 13:30 . 2010-09-07 11:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-03 10:17 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-08 13:08 . 2010-09-07 11:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-09-01 16:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Enable RDP Client.lnk - c:\windows\system32\reg.exe [2004-8-4 50176]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 229840]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 295248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/17/2011 10:44 AM 366152]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/17/2011 10:33 AM 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 10:42 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 10:42 PM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 10:42 PM 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/17/2011 10:44 AM 22216]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/21/2011 10:36 AM 1025352]

S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-839522115-1004Core.job

- c:\documents and settings\RelayAPawn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 21:36]

.

2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-854245398-839522115-1004UA.job

- c:\documents and settings\RelayAPawn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 21:36]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: Interfaces\{06335B35-0C02-453C-B941-1DDB75122B09}: NameServer = 192.168.156.1,208.67.222.222

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-26 10:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-10-26 10:50:50

ComboFix-quarantined-files.txt 2011-10-26 17:50

.

Pre-Run: 137,689,395,200 bytes free

Post-Run: 138,861,633,536 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - D451A700842072EF187F9C81B8F1F7C5

LDTate · October 26, 2011

I'll give you my all clean post.

I'll leave your topic open for a couple more days.

Be sure to uninstall Combofix.

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

Click START run
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

Click START Search
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.
[*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.
[*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
•Free browser plug-in for Internet Explorer and Firefox
•Real-time safety ratings
•Ideal for Facebook, Twitter and LinkedIn
[*] JAVA Click this link and click on the Free JAVA Download
[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site
until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

LDTate · October 29, 2011

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Sign In

Cannot Get Rid of these Issues

Recommended Posts

TaterTot24

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

TaterTot24

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

TaterTot24

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information