Jump to content

A0222750.exe & \A0222751.exe


Recommended Posts

I am running WinXPPro/SE3 fully patched.

My OS is 32bit.

I have MBAM 1.51.2.1300 as a free version being used on a home computer

MBAM database version is 8020

I use Avast6.0.1289 with definitions 111028-2 (which is updated several times a day.)

My D-Link DI-604a router came with a SPI firewall installed.

I do not use P2P software.

My Yahoo email account was recently hacked and used to send spam. My first defense was to delete the contact list. I don't use it to send email. I've subsequently learned that I should go back and harden the password (a simple invented word in German) so that it includes at least 1 digit and one character.

I ask a point of advice. Is it poor practice to use a common password for access to forums? My 71-year-old brain has trouble remembering them. It seems pointless to put them in a Word document on my hard drive as anyone who gains access to my machine can quickly scan it for 'useful' information. Paranoia seems useful up to a point. After that it leads to paralysis and the computer becomes an anchor, not a vessel to go places.

Is the Password Manager that came with Mozilla SeaMonkey (current version) another point of paranoia?

I recently ran malwarebytes in SafeMode on my two 'in-tower' hard drives and found 2 iehv.exe in two folders (one an archive from some years ago) and a copy of PKTMP000.exe (also in an old archive folder) in a path suggesting that it was an early update of Mozilla SeaMonkey. I asked malwarebytes to deal with them. They were quarantined.

I realized I had not run malwarebytes on my ESATA drive, so 7 hours later I ran it again, both on the 'in-tower' hard drives previously examined and on the ESATA drive. The ESATA is a 0.5 TB drive with several 'archives' that are just drag and drop copies of folders in My Documents, etc.

On the ESATA drive I found more copies of the iehv.exe and PKTMP000.exe.

To my surprise, two more files were found on my F: drive where I store data but no programs. Malwarebytes reported these files:

f:\system volume information\_restore{c9281341-b140-4276-9ec5-52964cc00f0f}\RP1362\A0222750.exe (PUP.HistoryTool) -> Q&DS

f:\system volume information\_restore{c9281341-b140-4276-9ec5-52964cc00f0f}\RP1362\A0222751.exe (PUP.HistoryTool) -> Q&DS

Q&DS is my contraction of "Quarantined and deleted successfully." It makes the report easier to read in Word in landscape mode.

I've had trouble finding anything concrete about these executable files. I found these lines in a KAS report in a post from 2/11/10:

http://www.lavasofts...showtopic=28466

C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222750.exe Infected: Virus.Win32.Sality.l 1

C:\System Volume Information\_restore{CBDC1A69-0D07-401B-8BF0-3C909F00E4A9}\RP1171\A0222751.exe Infected: Virus.Win32.Sality.l 1

If these are significant, why weren't they detected 7 hours earlier? If they are significant, what are they and what should I do about them?

I ran one more quick scan with MBAM, not in SafeMode, and found no problems.

I've attached zipped copies of dds.txt and attach.zim

thanks,

baumgrenze

dds.zip

attach.zip

Link to post
Share on other sites

Larry,

Thank you for responding. Here is the requested DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by John Baum at 16:28:04 on 2011-11-01

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [Google Update] "c:\documents and settings\john baum\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [GEST] c:\program files\gigabyte\gest\RUN.exe

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [AutoTask] "c:\program files\autotask\AutoTask.exe" /STARTUP

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204766255656

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204766314453

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

TCP: DhcpNameServer = 207.69.188.171 207.69.188.172

TCP: Interfaces\{EF779F53-A259-4983-BB69-E6D050A627B0} : NameServer = 207.69.188.171,207.69.188.172

TCP: Interfaces\{EF779F53-A259-4983-BB69-E6D050A627B0} : DhcpNameServer = 207.69.188.171 207.69.188.172

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R? gupdate1c9829e187f717e;Google Update Service (gupdate1c9829e187f717e)

R? gupdatem;Google Update Service (gupdatem)

R? Lbd;Lbd

S? aswFsBlk;aswFsBlk

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? GEST Service;GEST Service for program management.

S? IAStorDataMgrSvc;Intel® Rapid Storage Technology

S? PSI;PSI

S? RDID1057;EDIROL UA-1EX

S? scsiscan;SCSI Scanner Driver

S? Secunia PSI Agent;Secunia PSI Agent

S? Secunia Update Agent;Secunia Update Agent

.

=============== Created Last 30 ================

.

2011-10-29 19:52:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-10-29 19:52:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-10-29 19:52:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-10-29 19:52:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-10-29 19:52:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-10-29 19:52:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-10-29 19:52:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-24 20:51:41 388096 ----a-r- c:\documents and settings\john baum\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

.

==================== Find3M ====================

.

2011-11-01 23:29:51 16608 ----a-w- c:\windows\gdrv.sys

2011-10-18 14:56:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2008-03-26 20:48:52 6651904 ----a-w- c:\program files\Omron Health Management Software.exe

2008-01-30 17:43:12 172032 ----a-w- c:\program files\occLib.dll

2007-10-11 23:36:22 81920 ----a-w- c:\program files\pdfLib.dll

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 16:31:45.92 ===============

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Larry,

I forgot to disable Avast until I was prompted.

I think I am getting an error message in the ComboFix window. I did a screen dump to Word and then did a manual copy. Here is the text I see:

Attempting to create a new System Restore point

PevFind, by Billy O’Neal III, version 1.5.6 ComboFix Edition. Syntax Error.

Pass LEGAL for license information. Built Sat Jun 25 23:20:28 2011pevFind, by Billy O’Neal III, version 1.5.6 Combofix Edition. Syntax Error. Pass LEGAL for license information. Built Sat Jun 25 23:20:28 2011

Is this significant?

Thanks,

John

Link to post
Share on other sites

Larry,

It looks as though the process failed.

I found a Windows error message when I returned:

Error saving file

C:\WINDOWS\erdnt\Hiv-backup\SECURITY

Continue with next file?

[RegCreateKeyEx:5 – Access is denied]

The ComboFix window remains the same.

I did not answer the "Continue with next file?" question. It is a yes or no to proceed.

The ERU NT window appears the same, too.

I've saved screen dumps in Word. Are they of any use?

I also see that the Avast system tray icon is revolving again. I told it, wait until I reboot. Is that a clue?

Thanks,

John

I have to go eat now. I'll look for your reply. If there is none, I guess I will see if I can abort the process.

Link to post
Share on other sites

It appears that something went wrong.

I tried to send this message but was offline (url reported as not found):

I hit a "The Recycle Bin is Corrupted" message. Do I breathe deeply and say "Yes" or can it be renamed?

It looks as though I am in one of those "off the web" phases of the process. I choose "Yes"

There were some files and folders deleted. I can summarize from screen dumps if they are not in a log. In the end a program failed "catchme.3XE" and the ComboFix program terminated.

John

One last observation before rebooting. The desktop appears plain black, but reverts to normal when I use the desktop icon on the taskbar.

Remaining observations from my screendumps to Word

Deleting Files:

C:\Documents and Settings\John Baum\GoToAssistDownloadHelper.exe

C:\Program Files\Search Toolbar\icon.ico

C:\Program Files\Search Toolbar\Search ToolbarUninstall.exe

C:\Program Files\Search Toolbar\Search ToolbarUpdater.exe

C:\WINDOWS\help\tours\htmltour\unlock_playing.htm

Deleting Folders:

C:\Documents and Settings\John Baum\WINDOWS

C:\Program Files\Search Toolbar

Dropdown message:

this appeared for C:\, F:\ and L:\ in turn (they are program drive, data drive, and ESata external, in turn)

The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle bin for the drive?

I chose "Yes."

In ComboFix I saw:

Rebooting Windows . . .Please wait

and then the

pefFind message I saw earlier followed by:

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net

Rootkit scan 2011-11-02 10:57:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive...

and then a dropdown stating

catchme.3XE has encountered a problem and needs to close. We are sorry.....

could not send error report as I was offline.

What next?

thanks,

John

Link to post
Share on other sites

That doesn't look too good.

Delete the combofix.exe you have on the desktop anf download a fresh copy.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Link to post
Share on other sites

Larry,

Is it safe to assume that you want me to run it once I have it, this time with Avast disabled until reboot before I start?

Just to confirm that it is there, what and where should I look for the MS Recovery Console? Is there an executable file? If so, I don't think I have it installed on C:\.

If I don't have it, perhaps I should get it from MS before starting with anything else?

I just logged the drive with ZTree and did a global display for *.exe and the most recent file is setup.exe from 10/28/11 that is associated with Google Chrome. The first 6 executables are all Chrome related and are from 10/28 and 10/26. They are followed by 2 files from MBAM, an uninstaller and the set-up file. Would it help if I created a short log of recently installed *.exe files? It is easy to tag files down to any date and then print a "Catalog" of the files and their paths to a txt file. I find 71 files introduced since 10/1/11.

It is appalling, there are 3,246 files found on this drive that answer to *.exe!

Thanks,

John

Link to post
Share on other sites

Is it safe to assume that you want me to run it once I have it, this time with Avast disabled until reboot before I start?
Yes
Just to confirm that it is there, what and where should I look for the MS Recovery Console?
You won't see that until after it's installed and you restart the pc.

Description of the Windows XP Recovery Console for advanced users

http://support.microsoft.com/kb/314058

Link to post
Share on other sites

Things may be looking up. ComboFix ran to complete a log this time. Here it is:

ComboFix 11-11-02.03 - John Baum 11/02/2011 15:52:32.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.926 [GMT -7:00]

Running from: c:\documents and settings\John Baum\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\John Baum\GoToAssistDownloadHelper.exe

c:\documents and settings\John Baum\WINDOWS

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\help\tours\htmltour\unlock_playing.htm

.

.

((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))

.

.

2011-10-29 19:52 . 2011-10-29 21:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-10-29 19:52 . 2011-10-29 21:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-10-29 19:52 . 2011-10-29 21:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-10-29 19:52 . 2011-10-29 21:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-10-29 19:52 . 2011-10-29 21:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-10-29 19:52 . 2011-10-29 21:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-10-29 19:52 . 2011-10-29 21:55 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-10-29 19:52 . 2011-10-29 21:54 -------- d-----w- c:\program files\QuickTime

2011-10-29 19:51 . 2011-10-29 19:51 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer

2011-10-27 23:15 . 2011-10-27 23:15 -------- d-----w- c:\program files\Common Files\Java

2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-24 20:51 . 2011-10-24 20:51 388096 ----a-r- c:\documents and settings\John Baum\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-02 23:02 . 2008-03-06 00:42 16608 ----a-w- c:\windows\gdrv.sys

2011-10-18 14:56 . 2011-05-15 05:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 12:06 . 2010-05-06 02:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 09:37 . 2011-02-22 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-26 18:41 . 2007-10-09 21:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45 . 2011-05-29 06:40 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2011-05-29 06:40 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-05-29 06:40 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2011-05-29 06:40 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2011-05-29 06:40 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-05-29 06:40 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-05-29 06:40 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-06 20:36 . 2011-05-29 06:40 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-06 20:36 . 2011-05-29 06:40 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 20:33 . 2011-05-29 06:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-09-06 13:20 . 2007-07-27 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 00:00 . 2011-08-09 00:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2008-03-26 20:48 . 2008-03-26 20:48 6651904 ----a-w- c:\program files\Omron Health Management Software.exe

2008-01-30 17:43 . 2008-01-30 17:43 172032 ----a-w- c:\program files\occLib.dll

2007-10-11 23:36 . 2007-10-11 23:36 81920 ----a-w- c:\program files\pdfLib.dll

2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

.

c:\documents and settings\John Baum\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2008-4-6 1081344]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2011-04-14 02:57 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk

backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-09-11 07:43 67488 ------w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2008-09-26 18:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2008-07-10 16:47 116040 ------w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2007-12-22 23:03 916240 ------w- c:\program files\Eraser\Eraser.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 06:55 54832 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-07-19 01:55 451872 ------w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 23:57 153136 ------w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 23:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\WINDOWS\\ServicePackFiles\\i386\\fxsclnt.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 0 (0x0)

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/28/2011 11:40 PM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/28/2011 11:40 PM 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/28/2011 11:40 PM 20568]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [5/11/2010 2:32 PM 13336]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/10/2011 7:24 AM 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [1/10/2011 7:24 AM 399416]

R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [3/5/2008 5:43 PM 47624]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]

R3 RDID1057;EDIROL UA-1EX;c:\windows\system32\drivers\Rdwm1057.sys [12/9/2008 5:20 PM 139793]

R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [8/24/2010 8:18 PM 11520]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 gupdate1c9829e187f717e;Google Update Service (gupdate1c9829e187f717e);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2009 10:46 PM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2009 10:46 PM 133104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-07-19 01:53 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2011-11-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 22:42]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 16:51]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 16:51]

.

2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1343024091-839522115-1003Core.job

- c:\documents and settings\John Baum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-29 18:25]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1343024091-839522115-1003UA.job

- c:\documents and settings\John Baum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-29 18:25]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 207.69.188.187 207.69.188.186 207.69.188.171 207.69.188.172

TCP: Interfaces\{EF779F53-A259-4983-BB69-E6D050A627B0}: NameServer = 207.69.188.171,207.69.188.172

DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-02 16:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1048)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll

.

Completion time: 2011-11-02 16:05:45

ComboFix-quarantined-files.txt 2011-11-02 23:05

.

Pre-Run: 33,630,437,376 bytes free

Post-Run: 34,154,356,736 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - F1825C8DA0FED443956631A2570F5C7F

Link to post
Share on other sites

Seems to be fine to me, too.

How do I read in the results what the process accomplished, what it changed?

My original post was about MBAM finding A0222751.exe and A0222750.exe and quarantining them not long after a scan that did not find them.

Also, does your software know not to get exercised about FlexNet Publisher, the 'rootkit' (FNPLicensingService.exe) that gets installed along with Adobe Acrobat, PhotoShop, etc. as a DRM tool? My limited reading puts it in a class with the C-Dilla program Intuit delivered a few years back with TurboTax.

I became aware of it when Secunia put out a warning that it needed to be updated and it proved most difficult to do because ordinary users couldn't do so, just the customer, Adobe, could.

Just for the record, I captured an image of a 'program failure' of a program named rmbr.3XE as the ComboFix scanning launched. I take it this was not significant. I did not try to report it because last time I was disconnected from the web when catchme.3XE ran into a problem.

Thanks for your patience.

John

Link to post
Share on other sites

How do I read in the results what the process accomplished, what it changed?
I see what you see. You can only go by what was removed.
My original post was about MBAM finding A0222751.exe and A0222750.exe and quarantining them not long after a scan that did not find them.
I didn't see them listed so they might have been part of what MBAM and CF removed.
Also, does your software know not to get exercised about FlexNet Publisher, the 'rootkit' (FNPLicensingService.exe) that gets installed along with Adobe Acrobat, PhotoShop, etc. as a DRM tool? My limited reading puts it in a class with the C-Dilla program Intuit delivered a few years back with TurboTax.
I don't know. You could ask in Comments and Suggestions.
Just for the record, I captured an image of a 'program failure' of a program named rmbr.3XE as the ComboFix scanning launched. I take it this was not significant. I did not try to report it because last time I was disconnected from the web when catchme.3XE ran into a problem.
Combofix disables the connection until a reboot by combofix after it does it's thing.

Be sure to uninstall CF.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.