Jump to content

still have problem after running Malwarebytes


briang9

Recommended Posts

Hope this is useful to you to provide any help please

much appreciated

please note the problem I am having is preventing me from accessing my e-mail account on the infected machine, however I have access to another machine, but may take me a bit longer to respond

Regards

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by brian at 23:02:39 on 2011-11-11

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1234 [GMT 0:00]

.

AV: Virgin Media Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Firewall Booster *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Virgin Media\Virgin Media Security\10.0.35.57164.1\RpsSecurityAwareR.exe

C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Program Files\Virgin Media\Virgin Media Security\10.0.35.57164.1\Rps.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:sergey.danilov@oracle.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [\\HOME-1NQIMOZZGK\EPSON SX420W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\docume~1\brian\locals~1\temp\E_S15A.tmp" /EF "HKCU"

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

uRun: [Google Update] "c:\documents and settings\brian\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [NPSStartup]

mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN

mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN

mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"

mRun: [Virgin Media Security] "c:\program files\virgin media\virgin media security\10.0.35.57164.1\RPS.exe" -set Silent "1" SplashURL ""

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285790196219

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285794912781

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0718099A-0EA2-41C2-8371-ACDE950BE61C} : DhcpNameServer = 192.168.1.1

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 94.63.240.149 www.google.com

Hosts: 94.63.240.150 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\58vhhfjt.default\

FF - prefs.js: browser.startup.homepage - google.co.uk

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\brian\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll

.

============= SERVICES / DRIVERS ===============

.

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-11-9 196320]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-24 238952]

R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2011-5-26 1406264]

R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

R2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\virgin media security\10.0.35.57164.1\RpsSecurityAwareR.exe [2011-11-9 154632]

R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-11-9 10315064]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-11-9 64080]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-24 36608]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2011-11-9 341072]

S0 cerc6;cerc6; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-3-24 98432]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-3-24 14848]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-3-24 123648]

.

=============== Created Last 30 ================

.

2011-11-11 18:59:48 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-11 18:59:48 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-11-11 18:31:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-11-11 18:31:00 713552 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2011-11-11 18:31:00 269272 ----a-w- c:\program files\mozilla firefox\updater.exe

2011-11-11 18:31:00 19416 ----a-w- c:\program files\mozilla firefox\xpcom.dll

2011-11-11 18:31:00 166872 ----a-w- c:\program files\mozilla firefox\softokn3.dll

2011-11-11 18:31:00 15789016 ----a-w- c:\program files\mozilla firefox\xul.dll

2011-11-11 18:31:00 142296 ----a-w- c:\program files\mozilla firefox\ssl3.dll

2011-11-11 18:31:00 109528 ----a-w- c:\program files\mozilla firefox\smime3.dll

2011-11-09 21:54:50 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys

2011-11-09 21:42:32 -------- d-----w- c:\documents and settings\brian\application data\{{userdatapath.company}}

2011-11-09 21:29:26 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2011-11-09 21:29:18 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2011-11-09 21:29:18 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2011-11-09 21:29:18 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-11-09 21:28:06 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2011-11-09 21:26:22 -------- d-----w- c:\program files\Trend Micro

2011-11-09 20:59:20 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-11-09 20:59:20 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-09 20:51:16 -------- d-----w- c:\documents and settings\brian\application data\Braincell

2011-11-09 20:51:13 -------- d-----w- c:\documents and settings\brian\local settings\application data\Programs

2011-11-09 20:42:57 -------- d--h--w- c:\windows\ie8

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 05:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 02:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 23:03:25.93 ===============

attach.txt

ddslogs.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

thanks for the response, the problem I am having is I am unable to access my webmail page from this laptop, problem happens with IE and Firefox, can access OK from all other computers in the house so suspect some sort of malware, as requested ran another scan and report is below

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8162

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

14/11/2011 20:04:08

mbam-log-2011-11-14 (20-04-08).txt

Scan type: Full scan (C:\|)

Objects scanned: 252760

Time elapsed: 1 hour(s), 20 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Sure not seeing anything bad so far.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

OK. Np need to see the old scan.

I don't know why combofix is crashing.

Let do this first.

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

OK here is old scan log, will try the other things tomorrow, its bed time in the UK now

really appreciate your help

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8128

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/11/2011 06:36:41

mbam-log-2011-11-10 (06-36-41).txt

Scan type: Full scan (C:\|)

Objects scanned: 253828

Time elapsed: 1 hour(s), 1 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{e2e098d6-5177-4d33-a500-6c1fababd608}\RP405\A0027952.exe (Malware.Packer.UNK) -> Quarantined and deleted successfully.

Link to post
Share on other sites

OK ran the TDSS Killer, didnt find anything

report below

13:27:29.0343 1936 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

13:27:29.0593 1936 ============================================================

13:27:29.0593 1936 Current date / time: 2011/11/15 13:27:29.0593

13:27:29.0593 1936 SystemInfo:

13:27:29.0593 1936

13:27:29.0593 1936 OS Version: 5.1.2600 ServicePack: 3.0

13:27:29.0593 1936 Product type: Workstation

13:27:29.0593 1936 ComputerName: BRIANSLAPTOP

13:27:29.0593 1936 UserName: brian

13:27:29.0593 1936 Windows directory: C:\WINDOWS

13:27:29.0593 1936 System windows directory: C:\WINDOWS

13:27:29.0593 1936 Processor architecture: Intel x86

13:27:29.0593 1936 Number of processors: 2

13:27:29.0593 1936 Page size: 0x1000

13:27:29.0593 1936 Boot type: Normal boot

13:27:29.0593 1936 ============================================================

13:27:31.0375 1936 Initialize success

13:28:03.0968 4640 ============================================================

13:28:03.0968 4640 Scan started

13:28:03.0968 4640 Mode: Manual;

13:28:03.0968 4640 ============================================================

13:28:04.0531 4640 Abiosdsk - ok

13:28:04.0546 4640 abp480n5 - ok

13:28:04.0609 4640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:28:04.0609 4640 ACPI - ok

13:28:04.0656 4640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:28:04.0687 4640 ACPIEC - ok

13:28:04.0687 4640 adpu160m - ok

13:28:04.0750 4640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:28:04.0750 4640 aec - ok

13:28:04.0812 4640 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:28:04.0843 4640 AFD - ok

13:28:04.0875 4640 Aha154x - ok

13:28:04.0890 4640 aic78u2 - ok

13:28:04.0906 4640 aic78xx - ok

13:28:04.0937 4640 AliIde - ok

13:28:04.0953 4640 amsint - ok

13:28:05.0000 4640 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

13:28:05.0000 4640 ApfiltrService - ok

13:28:05.0078 4640 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

13:28:05.0093 4640 APPDRV - ok

13:28:05.0109 4640 asc - ok

13:28:05.0125 4640 asc3350p - ok

13:28:05.0140 4640 asc3550 - ok

13:28:05.0203 4640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:28:05.0218 4640 AsyncMac - ok

13:28:05.0281 4640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:28:05.0281 4640 atapi - ok

13:28:05.0296 4640 Atdisk - ok

13:28:05.0312 4640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:28:05.0343 4640 Atmarpc - ok

13:28:05.0406 4640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:28:05.0406 4640 audstub - ok

13:28:05.0484 4640 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

13:28:05.0484 4640 b57w2k - ok

13:28:05.0562 4640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:28:05.0578 4640 Beep - ok

13:28:05.0718 4640 catchme - ok

13:28:05.0796 4640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:28:05.0828 4640 cbidf2k - ok

13:28:05.0843 4640 cd20xrnt - ok

13:28:05.0859 4640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:28:05.0859 4640 Cdaudio - ok

13:28:05.0921 4640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:28:05.0921 4640 Cdfs - ok

13:28:05.0968 4640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:28:05.0968 4640 Cdrom - ok

13:28:06.0000 4640 cerc6 - ok

13:28:06.0015 4640 Changer - ok

13:28:06.0078 4640 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

13:28:06.0078 4640 CmBatt - ok

13:28:06.0078 4640 CmdIde - ok

13:28:06.0093 4640 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

13:28:06.0109 4640 Compbatt - ok

13:28:06.0125 4640 Cpqarray - ok

13:28:06.0156 4640 dac2w2k - ok

13:28:06.0171 4640 dac960nt - ok

13:28:06.0187 4640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:28:06.0187 4640 Disk - ok

13:28:06.0265 4640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:28:06.0328 4640 dmboot - ok

13:28:06.0375 4640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:28:06.0421 4640 dmio - ok

13:28:06.0468 4640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:28:06.0484 4640 dmload - ok

13:28:06.0531 4640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:28:06.0531 4640 DMusic - ok

13:28:06.0546 4640 dpti2o - ok

13:28:06.0578 4640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:28:06.0578 4640 drmkaud - ok

13:28:06.0703 4640 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

13:28:06.0734 4640 DSproct - ok

13:28:06.0828 4640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:28:06.0859 4640 Fastfat - ok

13:28:06.0906 4640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

13:28:06.0937 4640 Fdc - ok

13:28:06.0953 4640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:28:07.0000 4640 Fips - ok

13:28:07.0046 4640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

13:28:07.0078 4640 Flpydisk - ok

13:28:07.0156 4640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

13:28:07.0156 4640 FltMgr - ok

13:28:07.0218 4640 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS

13:28:07.0281 4640 FsUsbExDisk - ok

13:28:07.0312 4640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:28:07.0328 4640 Fs_Rec - ok

13:28:07.0375 4640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:28:07.0375 4640 Ftdisk - ok

13:28:07.0390 4640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:28:07.0421 4640 Gpc - ok

13:28:07.0515 4640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:28:07.0515 4640 HDAudBus - ok

13:28:07.0578 4640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:28:07.0578 4640 HidUsb - ok

13:28:07.0609 4640 hpn - ok

13:28:07.0687 4640 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

13:28:07.0703 4640 HSF_DPV - ok

13:28:08.0062 4640 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

13:28:08.0062 4640 HSXHWAZL - ok

13:28:08.0187 4640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:28:08.0312 4640 HTTP - ok

13:28:08.0390 4640 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

13:28:08.0421 4640 hwdatacard - ok

13:28:08.0484 4640 i2omgmt - ok

13:28:08.0515 4640 i2omp - ok

13:28:08.0578 4640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:28:08.0578 4640 i8042prt - ok

13:28:08.0687 4640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:28:08.0687 4640 Imapi - ok

13:28:08.0703 4640 ini910u - ok

13:28:08.0718 4640 IntelIde - ok

13:28:08.0781 4640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:28:08.0781 4640 intelppm - ok

13:28:08.0875 4640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

13:28:09.0015 4640 Ip6Fw - ok

13:28:09.0125 4640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:28:09.0156 4640 IpFilterDriver - ok

13:28:09.0171 4640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:28:09.0187 4640 IpInIp - ok

13:28:09.0218 4640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:28:09.0250 4640 IpNat - ok

13:28:09.0328 4640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:28:09.0343 4640 IPSec - ok

13:28:09.0390 4640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:28:09.0406 4640 IRENUM - ok

13:28:09.0453 4640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:28:09.0453 4640 isapnp - ok

13:28:09.0515 4640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:28:09.0515 4640 Kbdclass - ok

13:28:09.0562 4640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:28:09.0562 4640 kbdhid - ok

13:28:09.0609 4640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:28:09.0609 4640 kmixer - ok

13:28:09.0656 4640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:28:09.0656 4640 KSecDD - ok

13:28:09.0671 4640 lbrtfdc - ok

13:28:09.0718 4640 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

13:28:09.0718 4640 mdmxsdk - ok

13:28:09.0750 4640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:28:09.0765 4640 mnmdd - ok

13:28:09.0796 4640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:28:09.0812 4640 Modem - ok

13:28:09.0890 4640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:28:09.0890 4640 Mouclass - ok

13:28:09.0937 4640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:28:09.0937 4640 mouhid - ok

13:28:09.0953 4640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:28:09.0968 4640 MountMgr - ok

13:28:10.0000 4640 mraid35x - ok

13:28:10.0062 4640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:28:10.0062 4640 MRxDAV - ok

13:28:10.0125 4640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:28:10.0125 4640 MRxSmb - ok

13:28:10.0140 4640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:28:10.0140 4640 Msfs - ok

13:28:10.0203 4640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:28:10.0203 4640 MSKSSRV - ok

13:28:10.0218 4640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:28:10.0234 4640 MSPCLOCK - ok

13:28:10.0250 4640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:28:10.0265 4640 MSPQM - ok

13:28:10.0312 4640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:28:10.0312 4640 mssmbios - ok

13:28:10.0390 4640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:28:10.0390 4640 Mup - ok

13:28:10.0453 4640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:28:10.0453 4640 NDIS - ok

13:28:10.0500 4640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:28:10.0500 4640 NdisTapi - ok

13:28:10.0546 4640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:28:10.0562 4640 Ndisuio - ok

13:28:10.0578 4640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:28:10.0578 4640 NdisWan - ok

13:28:10.0640 4640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:28:10.0656 4640 NDProxy - ok

13:28:10.0671 4640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:28:10.0671 4640 NetBIOS - ok

13:28:10.0703 4640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:28:10.0718 4640 NetBT - ok

13:28:11.0203 4640 NETw5x32 (3bc15801f7b9dd2d16897a38a962ce56) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

13:28:11.0484 4640 NETw5x32 - ok

13:28:11.0609 4640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:28:11.0609 4640 Npfs - ok

13:28:11.0687 4640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:28:11.0703 4640 Ntfs - ok

13:28:11.0765 4640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:28:11.0781 4640 Null - ok

13:28:12.0109 4640 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:28:12.0312 4640 nv - ok

13:28:12.0468 4640 NWADI (091a1284aa583288b64dcd370d1b421e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

13:28:12.0500 4640 NWADI - ok

13:28:12.0531 4640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:28:12.0546 4640 NwlnkFlt - ok

13:28:12.0562 4640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:28:12.0609 4640 NwlnkFwd - ok

13:28:12.0656 4640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

13:28:12.0656 4640 Parport - ok

13:28:12.0671 4640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:28:12.0687 4640 PartMgr - ok

13:28:12.0718 4640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:28:12.0750 4640 ParVdm - ok

13:28:12.0750 4640 PCASp50 - ok

13:28:12.0781 4640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:28:12.0781 4640 PCI - ok

13:28:12.0796 4640 PCIDump - ok

13:28:13.0046 4640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:28:13.0046 4640 PCIIde - ok

13:28:13.0375 4640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

13:28:13.0375 4640 Pcmcia - ok

13:28:13.0468 4640 PDCOMP - ok

13:28:13.0484 4640 PDFRAME - ok

13:28:13.0500 4640 PDRELI - ok

13:28:13.0515 4640 PDRFRAME - ok

13:28:13.0531 4640 perc2 - ok

13:28:13.0531 4640 perc2hib - ok

13:28:13.0578 4640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:28:13.0578 4640 PptpMiniport - ok

13:28:13.0593 4640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:28:13.0593 4640 PSched - ok

13:28:13.0625 4640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:28:13.0625 4640 Ptilink - ok

13:28:13.0656 4640 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:28:13.0656 4640 PxHelp20 - ok

13:28:13.0671 4640 ql1080 - ok

13:28:13.0671 4640 Ql10wnt - ok

13:28:13.0687 4640 ql12160 - ok

13:28:13.0703 4640 ql1240 - ok

13:28:13.0718 4640 ql1280 - ok

13:28:13.0750 4640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:28:13.0781 4640 RasAcd - ok

13:28:13.0828 4640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:28:13.0828 4640 Rasl2tp - ok

13:28:13.0843 4640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:28:13.0859 4640 RasPppoe - ok

13:28:13.0859 4640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:28:13.0875 4640 Raspti - ok

13:28:13.0906 4640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:28:13.0906 4640 Rdbss - ok

13:28:13.0968 4640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:28:13.0984 4640 RDPCDD - ok

13:28:14.0078 4640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:28:14.0093 4640 rdpdr - ok

13:28:14.0140 4640 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:28:14.0187 4640 RDPWD - ok

13:28:14.0234 4640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:28:14.0234 4640 redbook - ok

13:28:14.0296 4640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:28:14.0328 4640 Secdrv - ok

13:28:14.0375 4640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:28:14.0375 4640 serenum - ok

13:28:14.0421 4640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:28:14.0437 4640 Serial - ok

13:28:14.0484 4640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:28:14.0515 4640 Sfloppy - ok

13:28:14.0531 4640 Simbad - ok

13:28:14.0546 4640 Sparrow - ok

13:28:14.0640 4640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:28:14.0640 4640 splitter - ok

13:28:14.0718 4640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:28:14.0718 4640 sr - ok

13:28:14.0781 4640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:28:14.0781 4640 Srv - ok

13:28:14.0828 4640 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys

13:28:14.0875 4640 ss_bbus - ok

13:28:14.0984 4640 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys

13:28:15.0000 4640 ss_bmdfl - ok

13:28:15.0015 4640 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys

13:28:15.0062 4640 ss_bmdm - ok

13:28:15.0156 4640 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

13:28:15.0359 4640 STHDA - ok

13:28:15.0468 4640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:28:15.0468 4640 swenum - ok

13:28:15.0515 4640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:28:15.0515 4640 swmidi - ok

13:28:15.0531 4640 symc810 - ok

13:28:15.0546 4640 symc8xx - ok

13:28:15.0546 4640 sym_hi - ok

13:28:15.0562 4640 sym_u3 - ok

13:28:15.0578 4640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:28:15.0593 4640 sysaudio - ok

13:28:15.0656 4640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:28:15.0687 4640 Tcpip - ok

13:28:15.0734 4640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:28:15.0750 4640 TDPIPE - ok

13:28:15.0750 4640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:28:15.0765 4640 TDTCP - ok

13:28:15.0812 4640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:28:15.0812 4640 TermDD - ok

13:28:15.0859 4640 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys

13:28:15.0875 4640 tmactmon - ok

13:28:15.0984 4640 tmcfw (7c5ca15a4993e101bf3cc521984c885a) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys

13:28:15.0984 4640 tmcfw - ok

13:28:16.0046 4640 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys

13:28:16.0078 4640 tmcomm - ok

13:28:16.0093 4640 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys

13:28:16.0140 4640 tmevtmgr - ok

13:28:16.0171 4640 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

13:28:16.0203 4640 tmtdi - ok

13:28:16.0234 4640 TosIde - ok

13:28:16.0281 4640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:28:16.0312 4640 Udfs - ok

13:28:16.0328 4640 UIUSys - ok

13:28:16.0343 4640 ultra - ok

13:28:16.0406 4640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:28:16.0406 4640 Update - ok

13:28:16.0453 4640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:28:16.0468 4640 usbccgp - ok

13:28:16.0546 4640 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys

13:28:16.0546 4640 USBCCID - ok

13:28:16.0593 4640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:28:16.0593 4640 usbehci - ok

13:28:16.0656 4640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:28:16.0656 4640 usbhub - ok

13:28:16.0687 4640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:28:16.0718 4640 usbprint - ok

13:28:16.0765 4640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:28:16.0796 4640 usbscan - ok

13:28:16.0843 4640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:28:16.0859 4640 USBSTOR - ok

13:28:16.0906 4640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:28:16.0906 4640 usbuhci - ok

13:28:16.0921 4640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:28:16.0937 4640 VgaSave - ok

13:28:16.0953 4640 ViaIde - ok

13:28:17.0000 4640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:28:17.0000 4640 VolSnap - ok

13:28:17.0031 4640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:28:17.0046 4640 Wanarp - ok

13:28:17.0078 4640 WDICA - ok

13:28:17.0156 4640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:28:17.0156 4640 wdmaud - ok

13:28:17.0250 4640 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

13:28:17.0250 4640 winachsf - ok

13:28:17.0312 4640 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

13:28:17.0312 4640 WmiAcpi - ok

13:28:17.0375 4640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:28:17.0390 4640 WudfPf - ok

13:28:17.0406 4640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:28:17.0437 4640 WudfRd - ok

13:28:17.0453 4640 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

13:28:17.0609 4640 \Device\Harddisk0\DR0 - ok

13:28:17.0609 4640 Boot (0x1200) (c27f54d2c4eeb4a85e9321b769bc41a9) \Device\Harddisk0\DR0\Partition0

13:28:17.0609 4640 \Device\Harddisk0\DR0\Partition0 - ok

13:28:17.0609 4640 ============================================================

13:28:17.0609 4640 Scan finished

13:28:17.0609 4640 ============================================================

13:28:17.0625 5420 Detected object count: 0

13:28:17.0625 5420 Actual detected object count: 0

Link to post
Share on other sites

Hi managed to run combofix in safe mode, and hey it fixed it, log below if you need it,also copied quarantine log as well

cant begin to tell you how grateful I am for your help

many many thanks again

ComboFix 11-11-15.01 - brian 15/11/2011 14:41:09.4.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1775 [GMT 0:00]

Running from: c:\documents and settings\brian\Desktop\ComboFix.exe

AV: Virgin Media Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\brian\Application Data\PriceGong

c:\documents and settings\brian\Application Data\PriceGong\Data\1.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\a.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\b.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\c.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\d.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\e.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\f.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\g.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\h.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\i.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\J.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\k.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\l.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\m.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\n.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\o.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\p.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\q.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\r.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\s.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\t.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\u.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\v.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\w.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\x.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\y.xml

c:\documents and settings\brian\Application Data\PriceGong\Data\z.xml

c:\documents and settings\brian\WINDOWS

.

.

((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))

.

.

2011-11-15 13:08 . 2011-11-15 13:08 -------- d-----w- c:\documents and settings\brian\Local Settings\Application Data\Innovative Solutions

2011-11-15 13:08 . 2011-11-15 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions

2011-11-15 13:07 . 2011-11-15 13:07 -------- d-----w- c:\program files\Innovative Solutions

2011-11-14 18:42 . 2011-11-14 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-14 18:42 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-11 18:59 . 2011-11-11 20:13 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-11 18:59 . 2011-11-11 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-11-11 18:31 . 2011-11-05 07:10 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-11-11 18:31 . 2011-11-05 07:10 713552 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe

2011-11-11 18:31 . 2011-11-05 07:10 15789016 ----a-w- c:\program files\Mozilla Firefox\xul.dll

2011-11-11 18:31 . 2011-11-05 07:10 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe

2011-11-11 18:31 . 2011-11-05 07:10 19416 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll

2011-11-11 18:31 . 2011-11-05 07:10 166872 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll

2011-11-11 18:31 . 2011-11-05 07:10 142296 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll

2011-11-11 18:31 . 2011-11-05 07:10 109528 ----a-w- c:\program files\Mozilla Firefox\smime3.dll

2011-11-09 23:40 . 2011-11-09 23:40 -------- d-----w- c:\program files\Common Files\Java

2011-11-09 21:54 . 2010-09-17 21:14 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys

2011-11-09 21:42 . 2011-11-09 21:42 -------- d-----w- c:\documents and settings\brian\Application Data\{{userdatapath.company}}

2011-11-09 21:29 . 2011-11-09 21:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro

2011-11-09 21:29 . 2010-09-17 21:14 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2011-11-09 21:29 . 2010-09-17 21:14 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2011-11-09 21:29 . 2010-09-17 21:14 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2011-11-09 21:29 . 2010-09-17 21:14 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-11-09 21:28 . 2011-11-10 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2011-11-09 21:26 . 2011-11-09 21:27 -------- d-----w- c:\program files\Trend Micro

2011-11-09 20:59 . 2011-11-09 20:59 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-09 20:51 . 2011-11-09 20:51 -------- d-----w- c:\documents and settings\brian\Application Data\Braincell

2011-11-09 20:51 . 2011-11-09 20:51 -------- d-----w- c:\documents and settings\brian\Local Settings\Application Data\Programs

2011-11-09 20:50 . 2011-11-09 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-11-09 20:42 . 2011-11-09 20:43 -------- d--h--w- c:\windows\ie8

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-10 14:22 . 2010-09-29 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 05:06 . 2011-01-25 20:57 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 02:37 . 2011-01-25 20:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2008-04-13 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 10:41 . 2009-10-08 13:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2008-04-13 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41 . 2008-04-13 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2008-04-13 23:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2008-04-13 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec

2011-11-05 07:10 . 2011-11-11 18:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]

"\\HOME-1NQIMOZZGK\EPSON SX420W Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE" [2009-09-14 200704]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]

"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]

"nwiz"="nwiz.exe" [2008-06-09 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 86016]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-10-09 2086912]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-11 273544]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-10-20 10204472]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-09-17 112632]

"Virgin Media Security"="c:\program files\Virgin Media\Virgin Media Security\10.0.35.57164.1\RPS.exe" [2011-10-20 269480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell Support\\DSHelp.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=

.

R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [26/05/2011 17:53 1406264]

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [09/11/2011 21:18 10315064]

S0 cerc6;cerc6; [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 17:07 759048]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [09/11/2011 21:27 196320]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [24/03/2011 21:49 238952]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2010 23:39 136176]

S2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 12:07 503080]

S2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Virgin Media Security\10.0.35.57164.1\RpsSecurityAwareR.exe [09/11/2011 21:38 154632]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [09/11/2011 21:29 64080]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [09/10/2008 14:32 14336]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [24/03/2011 21:49 36608]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2010 23:39 136176]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [24/03/2011 21:50 98432]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [24/03/2011 21:50 14848]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [24/03/2011 21:50 123648]

S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [09/11/2011 21:54 341072]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MDMXSDK

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2011-11-15 c:\windows\Tasks\FinalTorrent Update Checker.job

- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-05-07 14:24]

.

2011-11-15 c:\windows\Tasks\FreeFileViewerUpdateChecker.job

- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-09-20 14:24]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 23:39]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 23:39]

.

2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-261478967-1606980848-1004Core.job

- c:\documents and settings\brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-11 00:04]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-261478967-1606980848-1004UA.job

- c:\documents and settings\brian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-11 00:04]

.

2011-11-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-261478967-1606980848-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2011-11-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-776561741-261478967-1606980848-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2011-11-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-261478967-1606980848-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2011-11-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-261478967-1606980848-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:sergey.danilov@oracle.com

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\brian\Application Data\Mozilla\Firefox\Profiles\58vhhfjt.default\

FF - prefs.js: browser.startup.homepage - google.co.uk

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-DriverMax - (no file)

HKCU-Run-DriverMax_RESTART - (no file)

HKLM-Run-NPSStartup - (no file)

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-15 14:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

2011-11-15 14:53:37 . 2011-11-15 14:53:37 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-22_WiBro_WiMAX.reg.dat

2011-11-15 14:53:37 . 2011-11-15 14:53:37 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-21_Searsburg.reg.dat

2011-11-15 14:53:37 . 2011-11-15 14:53:37 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-20_NXP_Driver.reg.dat

2011-11-15 14:53:37 . 2011-11-15 14:53:37 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-19_VIA_driver.reg.dat

2011-11-15 14:53:37 . 2011-11-15 14:53:37 948 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-18_Zinia_Serial_Driver.reg.dat

2011-11-15 14:53:37 . 2011-11-15 14:53:37 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-17_EMP_Chipset2.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 912 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-16_Shrewsbury.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 936 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-11_HSP_Plus_Default.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 884 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-09_Hsp.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-08_EMPChipset.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-07_Schorl.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 904 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-06_Spencer.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-05_Sloan.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-04_semseyite.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 920 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-03_Swallowtail.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-02_Siberian.reg.dat

2011-11-15 14:53:36 . 2011-11-15 14:53:36 908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-01_Simmental.reg.dat

2011-11-15 14:53:13 . 2011-11-15 14:53:13 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NPSStartup.reg.dat

2011-11-15 14:53:10 . 2011-11-15 14:53:10 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverMax_RESTART.reg.dat

2011-11-15 14:53:10 . 2011-11-15 14:53:10 95 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-DriverMax.reg.dat

2011-11-15 14:53:09 . 2011-11-15 14:53:10 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat

2011-11-14 22:36:34 . 2011-11-15 14:49:02 8,443 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-11-14 22:21:50 . 2011-11-15 14:38:53 357 ----a-w- C:\Qoobox\Quarantine\catchme.log

2011-01-14 13:52:08 . 2011-01-14 13:52:08 640 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\mru.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 23,296 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\1.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 125,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\a.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 165,160 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\b.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 172,176 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\c.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 105,704 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\d.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 108,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\e.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 60,048 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\f.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 70,624 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\g.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 52,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\h.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 48,336 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\i.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 28,000 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\J.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 28,080 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\k.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 69,168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\l.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 104,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\m.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 36,808 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\n.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 41,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\o.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 96,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\p.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 4,440 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\q.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 36,768 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\r.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 159,760 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\s.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 95,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\t.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 20,960 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\u.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 30,528 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\v.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 43,520 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\w.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 2,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\x.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 10,744 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\y.xml.vir

2011-01-05 06:02:22 . 2011-01-05 06:02:22 11,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\brian\Application Data\PriceGong\Data\z.xml.vir

.

Completion time: 2011-11-15 14:55:03

ComboFix-quarantined-files.txt 2011-11-15 14:54

.

Pre-Run: 34,876,264,448 bytes free

Post-Run: 35,298,623,488 bytes free

.

- - End Of File - - 0AD39325A9B122BB27F0BF461C8119AC

Link to post
Share on other sites

Be sure to uninstall Combofix now.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.