Jump to content

Recommended Posts

I'm afraid I didn't do my due diligence on this pc in regards to malware prevention and I'm paying the piper as they say.

Hopefully the cavalry can swoop in and save the day.

No more rhymes now, I mean it!

Current symptoms:

-Running AVG or MBAM almost immediately terminates

-Browser searches return incorrect pages

-After a few minutes programs become non-responsive. I.e. double clicking on a txt file on the desktop will change the cursor to busy, return the cursor to the pointer, however nothing is opened. Also start menu stops responding. This all requires a hard reboot to be able to do anything again.

Attached is the Attach.zip file and posted below is the DDS.txt log.

Any help will be monstrously appreciate. Thanks for your time!

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Jne at 8:19:14 on 2011-11-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.3077 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\4110580961:511966474.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Jne\Application Data\0C2B3\D4340.exe

svchost.exe

C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe

C:\Program Files\LP\40E0\FD0.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Internet Explorer\3A0F\36B.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\A0712\lvvm.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:52808

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll

uWinlogon: Shell=explorer.exe,c:\documents and settings\jne\application data\0c2b3\D4340.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [GEST] =

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [36B.exe] c:\program files\internet explorer\3a0f\36B.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [FD0.exe] c:\program files\lp\40e0\FD0.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WTkozMi1HM0xBQS1BNDg5Ui05VUpLRi1FS0szWC0zNFNE"&"inst=NzctNzM4Nzc1NDc4LVQ1LUtWMys3LUJBKzEtWEwrMS1GUDkrNi1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTErMS1YTzkrMS1DSVArMi1ERFQrMzU0NzMtREQ5MEYrMS1TVDkwRkFQUCsxLUY5ME0xMkFOKzItRjkwTTEyQSsxLUY5ME0xMkFCKzEtVTk1KzEtRjkwTTEyQVRCTisxLUY5ME0xMkFVKzEtU1QxMkZPSSsxLVNUMTJGQVBQKzEtU1RGOTBNMTJBVUYrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c5351cd68a3652929a3ca137080c67cf-19a77c17efa9c776cb873aad82f5af3a909584cd

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jne\application data\mozilla\firefox\profiles\5w1msm4z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 52808

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\documents and settings\jne\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-20 68136]

R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-9-29 2139400]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-12-11 100712]

.

=============== Created Last 30 ================

.

2011-11-12 13:56:41 388096 ----a-r- c:\documents and settings\jne\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-11-12 13:49:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 13:49:41 -------- d-----w- c:\documents and settings\jne\application data\Malwarebytes

2011-11-12 13:49:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-12 13:49:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 13:49:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-12 13:32:54 -------- d-----w- c:\program files\LP

2011-11-12 13:32:33 -------- d-----w- c:\program files\B36BF

2011-11-12 13:32:33 -------- d-----w- c:\documents and settings\jne\application data\0C2B3

2011-11-12 13:29:01 104448 ----a-w- c:\program files\internet explorer\3a0f\11.tmp

2011-10-17 01:53:05 104448 ----a-w- c:\program files\internet explorer\3a0f\E.tmp

2011-10-17 01:46:58 104448 ----a-w- c:\program files\internet explorer\3a0f\F.tmp

2011-10-17 01:26:13 -------- d-sh--w- c:\documents and settings\jne\PrivacIE

2011-10-17 01:21:50 104448 ----a-w- c:\program files\internet explorer\3a0f\3D.tmp

2011-10-17 01:20:38 176640 ----a-w- c:\program files\internet explorer\3a0f\36B.exe

2011-10-17 00:57:37 -------- d-----w- c:\program files\A0712

2011-10-17 00:57:37 -------- d-----w- c:\documents and settings\jne\application data\FA5A0

.

==================== Find3M ====================

.

2011-11-12 14:10:33 16608 ----a-w- c:\windows\gdrv.sys

2011-10-17 01:21:19 283648 ----a-w- c:\documents and settings\jne\application data\conhost.exe

2011-10-17 01:20:58 193024 ----a-w- c:\windows\system32\lvvm.exe

2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-11 05:00:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-11 04:45:12 166976 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 8:19:40.51 ===============

attach.zip

Link to post
Share on other sites

Hello worthlesscricket! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please follow the instructions here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#use

When you are ready, please post log.txt and a new fresh DDS log file.

Link to post
Share on other sites

log.txt:

ComboFix 11-11-12.04 - Jne 11/12/2011 17:23:16.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.3132 [GMT -6:00]

Running from: c:\documents and settings\Jne\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\Jne\Application Data\0712.A5A

c:\documents and settings\Jne\Application Data\conhost.exe

c:\documents and settings\Jne\Application Data\Microsoft\csrss.exe

c:\documents and settings\Jne\WINDOWS

c:\program files\LP

c:\program files\LP\40E0\78.tmp

c:\program files\LP\40E0\83.tmp

c:\program files\LP\40E0\FD0.exe

c:\windows\$NtUninstallKB7286$

c:\windows\$NtUninstallKB7286$\1957920317

c:\windows\$NtUninstallKB7286$\3783000821\@

c:\windows\$NtUninstallKB7286$\3783000821\bckfg.tmp

c:\windows\$NtUninstallKB7286$\3783000821\cfg.ini

c:\windows\$NtUninstallKB7286$\3783000821\Desktop.ini

c:\windows\$NtUninstallKB7286$\3783000821\keywords

c:\windows\$NtUninstallKB7286$\3783000821\kwrd.dll

c:\windows\$NtUninstallKB7286$\3783000821\L\fnkiameu

c:\windows\$NtUninstallKB7286$\3783000821\lsflt7.ver

c:\windows\$NtUninstallKB7286$\3783000821\U\00000001.@

c:\windows\$NtUninstallKB7286$\3783000821\U\00000002.@

c:\windows\$NtUninstallKB7286$\3783000821\U\80000000.@

c:\windows\$NtUninstallKB7286$\3783000821\U\80000032.@

.

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected

Restored copy from - The cat found it :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_e17c02f5

.

.

((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))

.

.

2011-11-12 23:31 . 2011-11-12 23:31 -------- d-----w- c:\program files\LP

2011-11-12 23:20 . 2008-04-14 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2011-11-12 23:20 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-11-12 13:56 . 2011-11-12 13:56 388096 ----a-r- c:\documents and settings\Jne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-12 13:49 . 2011-11-12 13:54 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 13:49 . 2011-11-12 13:49 -------- d-----w- c:\documents and settings\Jne\Application Data\Malwarebytes

2011-11-12 13:49 . 2011-11-12 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-12 13:49 . 2011-11-12 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-12 13:49 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 13:35 . 2011-11-12 13:35 -------- d-----w- c:\program files\Common Files\Java

2011-11-12 13:32 . 2011-11-12 13:32 -------- d-----w- c:\documents and settings\Jne\Application Data\0C2B3

2011-11-12 13:32 . 2011-11-12 13:32 -------- d-----w- c:\program files\B36BF

2011-11-12 13:29 . 2011-11-12 13:29 104448 ----a-w- c:\program files\Internet Explorer\3A0F\11.tmp

2011-10-17 01:53 . 2011-10-17 01:53 104448 ----a-w- c:\program files\Internet Explorer\3A0F\E.tmp

2011-10-17 01:46 . 2011-10-17 01:46 104448 ----a-w- c:\program files\Internet Explorer\3A0F\F.tmp

2011-10-17 01:26 . 2011-10-17 01:26 -------- d-sh--w- c:\documents and settings\Jne\PrivacIE

2011-10-17 01:21 . 2011-10-17 01:21 104448 ----a-w- c:\program files\Internet Explorer\3A0F\3D.tmp

2011-10-17 01:20 . 2011-10-17 01:21 176640 ----a-w- c:\program files\Internet Explorer\3A0F\36B.exe

2011-10-17 00:57 . 2011-11-12 23:16 -------- d-----w- c:\program files\A0712

2011-10-17 00:57 . 2011-11-12 23:16 -------- d-----w- c:\documents and settings\Jne\Application Data\FA5A0

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-12 23:31 . 2009-01-21 03:59 16608 ----a-w- c:\windows\gdrv.sys

2011-10-17 01:20 . 2011-10-06 00:44 193024 ----a-w- c:\windows\system32\lvvm.exe

2011-10-03 11:06 . 2010-11-29 23:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 08:37 . 2010-02-27 01:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-11 05:00 . 2011-05-25 21:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-11 04:45 . 2011-09-11 04:45 166976 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="=" [X]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"36B.exe"="c:\program files\Internet Explorer\3A0F\36B.exe" [2011-10-17 176640]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"FD0.exe"="c:\program files\LP\40E0\FD0.exe" [2011-11-12 290304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WTkozMi1HM0xBQS1BNDg5Ui05VUpLRi1FS0szWC0zNFNE&inst=NzctNzM4Nzc1NDc4LVQ1LUtWMys3LUJBKzEtWEwrMS1GUDkrNi1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTErMS1YTzkrMS1DSVArMi1ERFQrMzU0NzMtREQ5MEYrMS1TVDkwRkFQUCsxLUY5ME0xMkFOKzItRjkwTTEyQSsxLUY5ME0xMkFCKzEtVTk1KzEtRjkwTTEyQVRCTisxLUY5ME0xMkFVKzEtU1QxMkZPSSsxLVNUMTJGQVBQKzEtU1RGOTBNMTJBVUYrMQ∏=90&ver=2012.0.1831&mid=c5351cd68a3652929a3ca137080c67cf-19a77c17efa9c776cb873aad82f5af3a909584cd" [?]

.

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]

"Shell"="explorer.exe,c:\documents and settings\Jne\Application Data\0C2B3\D4340.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/20/2009 10:01 PM 68136]

R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [9/29/2010 6:30 PM 2139400]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/11/2010 9:04 AM 100712]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:58202

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Jne\Application Data\Mozilla\Firefox\Profiles\5w1msm4z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58202

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-12 17:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(684)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\RTHDCPL.EXE

c:\windows\SOUNDMAN.EXE

c:\program files\Dell AIO Printer A940\dlbabmon.exe

c:\windows\system32\RUNDLL32.EXE

c:\documents and settings\Jne\Application Data\FA5A0\F383A.exe

c:\program files\A0712\lvvm.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2011-11-12 17:33:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-12 23:33

.

Pre-Run: 192,884,424,704 bytes free

Post-Run: 193,557,811,200 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 9A4F216FA9EF02C37A7046CB57AE6AE4

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Jne at 17:36:11 on 2011-11-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.3051 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Dell AIO Printer A940\dlbabmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Internet Explorer\3A0F\36B.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\LP\40E0\FD0.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Jne\Application Data\FA5A0\F383A.exe

C:\Program Files\A0712\lvvm.exe

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:58202

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll

uWinlogon: Shell=explorer.exe,c:\documents and settings\jne\application data\0c2b3\D4340.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [GEST] =

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [36B.exe] c:\program files\internet explorer\3a0f\36B.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [FD0.exe] c:\program files\lp\40e0\FD0.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WTkozMi1HM0xBQS1BNDg5Ui05VUpLRi1FS0szWC0zNFNE"&"inst=NzctNzM4Nzc1NDc4LVQ1LUtWMys3LUJBKzEtWEwrMS1GUDkrNi1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTErMS1YTzkrMS1DSVArMi1ERFQrMzU0NzMtREQ5MEYrMS1TVDkwRkFQUCsxLUY5ME0xMkFOKzItRjkwTTEyQSsxLUY5ME0xMkFCKzEtVTk1KzEtRjkwTTEyQVRCTisxLUY5ME0xMkFVKzEtU1QxMkZPSSsxLVNUMTJGQVBQKzEtU1RGOTBNMTJBVUYrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=c5351cd68a3652929a3ca137080c67cf-19a77c17efa9c776cb873aad82f5af3a909584cd

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D2B0D57B-2BF9-4AAE-AB7B-C706B488F727} : DhcpNameServer = 192.168.1.254

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jne\application data\mozilla\firefox\profiles\5w1msm4z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58202

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-20 68136]

R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-9-29 2139400]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-12-11 100712]

.

=============== Created Last 30 ================

.

2011-11-12 23:31:47 -------- d-----w- c:\program files\LP

2011-11-12 23:20:56 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2011-11-12 23:20:56 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-11-12 23:18:15 -------- d-sha-r- C:\cmdcons

2011-11-12 23:16:27 98816 ----a-w- c:\windows\sed.exe

2011-11-12 23:16:27 518144 ----a-w- c:\windows\SWREG.exe

2011-11-12 23:16:27 256000 ----a-w- c:\windows\PEV.exe

2011-11-12 23:16:27 208896 ----a-w- c:\windows\MBR.exe

2011-11-12 13:56:41 388096 ----a-r- c:\documents and settings\jne\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-11-12 13:49:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 13:49:41 -------- d-----w- c:\documents and settings\jne\application data\Malwarebytes

2011-11-12 13:49:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-12 13:49:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 13:49:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-12 13:32:33 -------- d-----w- c:\program files\B36BF

2011-11-12 13:32:33 -------- d-----w- c:\documents and settings\jne\application data\0C2B3

2011-11-12 13:29:01 104448 ----a-w- c:\program files\internet explorer\3a0f\11.tmp

2011-10-17 01:53:05 104448 ----a-w- c:\program files\internet explorer\3a0f\E.tmp

2011-10-17 01:46:58 104448 ----a-w- c:\program files\internet explorer\3a0f\F.tmp

2011-10-17 01:26:13 -------- d-sh--w- c:\documents and settings\jne\PrivacIE

2011-10-17 01:21:50 104448 ----a-w- c:\program files\internet explorer\3a0f\3D.tmp

2011-10-17 01:20:38 176640 ----a-w- c:\program files\internet explorer\3a0f\36B.exe

2011-10-17 00:57:37 -------- d-----w- c:\program files\A0712

2011-10-17 00:57:37 -------- d-----w- c:\documents and settings\jne\application data\FA5A0

.

==================== Find3M ====================

.

2011-11-12 23:31:29 16608 ----a-w- c:\windows\gdrv.sys

2011-10-17 01:20:58 193024 ----a-w- c:\windows\system32\lvvm.exe

2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-11 05:00:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-11 04:45:12 166976 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 17:36:17.59 ===============

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\documents and settings\Jne\Application Data\0C2B3
c:\program files\B36BF
c:\program files\LP
c:\program files\Internet Explorer\3A0F
c:\program files\A0712
c:\documents and settings\Jne\Application Data\FA5A0

File::
c:\windows\system32\lvvm.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:58202

FireFox::
FF - ProfilePath - c:\documents and settings\Jne\Application Data\Mozilla\Firefox\Profiles\5w1msm4z.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58202
FF - prefs.js: network.proxy.type - 1

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

Things are looking positive. MBAM and AVG run again. Searches are working as expected and no lockups.

ComboFix.txt:

ComboFix 11-11-12.04 - Jne 11/12/2011 17:58:03.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.2938 [GMT -6:00]

Running from: c:\documents and settings\Jne\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jne\Desktop\CFScript.txt

.

FILE ::

"c:\windows\system32\lvvm.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Jne\Application Data\0C2B3

c:\documents and settings\Jne\Application Data\0C2B3\36BF.C2B

c:\documents and settings\Jne\Application Data\0C2B3\D4340.exe

c:\documents and settings\Jne\Application Data\FA5A0

c:\documents and settings\Jne\Application Data\FA5A0\0712.A5A

c:\documents and settings\Jne\Application Data\FA5A0\F383A.exe

c:\program files\A0712

c:\program files\A0712\lvvm.exe

c:\program files\B36BF

c:\program files\Internet Explorer\3A0F

c:\program files\Internet Explorer\3A0F\11.tmp

c:\program files\Internet Explorer\3A0F\36B.exe

c:\program files\Internet Explorer\3A0F\3D.tmp

c:\program files\Internet Explorer\3A0F\E.tmp

c:\program files\Internet Explorer\3A0F\F.tmp

c:\program files\LP

c:\program files\LP\40E0\2.tmp

c:\program files\LP\40E0\FD0.exe

c:\windows\system32\lvvm.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))

.

.

2011-11-12 23:20 . 2008-04-14 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2011-11-12 23:20 . 2008-04-14 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-11-12 13:56 . 2011-11-12 13:56 388096 ----a-r- c:\documents and settings\Jne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-12 13:49 . 2011-11-12 13:54 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 13:49 . 2011-11-12 13:49 -------- d-----w- c:\documents and settings\Jne\Application Data\Malwarebytes

2011-11-12 13:49 . 2011-11-12 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-12 13:49 . 2011-11-12 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-12 13:49 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 13:35 . 2011-11-12 13:35 -------- d-----w- c:\program files\Common Files\Java

2011-10-17 01:26 . 2011-10-17 01:26 -------- d-sh--w- c:\documents and settings\Jne\PrivacIE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-12 23:31 . 2009-01-21 03:59 16608 ----a-w- c:\windows\gdrv.sys

2011-10-03 11:06 . 2010-11-29 23:25 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 08:37 . 2010-02-27 01:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-26 16:41 . 2011-09-26 16:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-11 05:00 . 2011-05-25 21:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-11 04:45 . 2011-09-11 04:45 166976 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="=" [X]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WTkozMi1HM0xBQS1BNDg5Ui05VUpLRi1FS0szWC0zNFNE&inst=NzctNzM4Nzc1NDc4LVQ1LUtWMys3LUJBKzEtWEwrMS1GUDkrNi1UQjkrMi1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTErMS1YTzkrMS1DSVArMi1ERFQrMzU0NzMtREQ5MEYrMS1TVDkwRkFQUCsxLUY5ME0xMkFOKzItRjkwTTEyQSsxLUY5ME0xMkFCKzEtVTk1KzEtRjkwTTEyQVRCTisxLUY5ME0xMkFVKzEtU1QxMkZPSSsxLVNUMTJGQVBQKzEtU1RGOTBNMTJBVUYrMQ∏=90&ver=2012.0.1831&mid=c5351cd68a3652929a3ca137080c67cf-19a77c17efa9c776cb873aad82f5af3a909584cd" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/20/2009 10:01 PM 68136]

R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [9/29/2010 6:30 PM 2139400]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/11/2010 9:04 AM 100712]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Jne\Application Data\Mozilla\Firefox\Profiles\5w1msm4z.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-36B.exe - c:\program files\Internet Explorer\3A0F\36B.exe

HKLM-Run-FD0.exe - c:\program files\LP\40E0\FD0.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-12 18:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-11-12 18:01:43

ComboFix-quarantined-files.txt 2011-11-13 00:01

ComboFix2.txt 2011-11-12 23:33

.

Pre-Run: 193,560,113,152 bytes free

Post-Run: 193,548,410,880 bytes free

.

- - End Of File - - 35F3C3F170888B8C48DB604D13E98A72

Link to post
Share on other sites

Good! :)

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next:

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next post, please include both the log file specified above.

Link to post
Share on other sites

I ran MBAM without issue and no problems came up. Log pasted below.

A slight hiccup when running the ESET Online Scanner, I had AVG running and AVG Resident Shield kept yelling at me as the ESET did it's thing. Freaked me out a bit at first so I was having AVG remove them as it saw them. About halfway through I realized ESET was in looking at the _restore files so I turned of Resident Shield. So I may have skewed some of the ESET results with AVG. ESET log pasted below MBAM log below.

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8149

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/13/2011 6:21:58 AM

mbam-log-2011-11-13 (06-21-58).txt

Scan type: Quick scan

Objects scanned: 145041

Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6bc1be2152a9014d91518e246dd7b2db

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-13 01:11:36

# local_time=2011-11-13 07:11:36 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777175 100 0 4113468 4113468 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=70707

# found=17

# cleaned=17

# scan_time=1830

C:\Qoobox\Quarantine\C\Documents and Settings\Jne\Application Data\conhost.exe.vir a variant of Win32/Kryptik.UAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jne\Application Data\0C2B3\D4340.exe.vir a variant of Win32/Kryptik.ABW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jne\Application Data\FA5A0\F383A.exe.vir a variant of Win32/Kryptik.ABW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Jne\Application Data\Microsoft\csrss.exe.vir a variant of Win32/Kryptik.UAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\A0712\lvvm.exe.vir a variant of Win32/Kryptik.ABW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\3A0F\11.tmp.vir a variant of Win32/Kryptik.TXV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\3A0F\36B.exe.vir a variant of Win32/Kryptik.UAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\3A0F\3D.tmp.vir a variant of Win32/Kryptik.TXV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\3A0F\E.tmp.vir a variant of Win32/Kryptik.TXV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\3A0F\F.tmp.vir a variant of Win32/Kryptik.TXV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\LP\40E0\83.tmp.vir a variant of Win32/Kryptik.VHI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\lvvm.exe.vir a variant of Win32/Kryptik.UAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4A634D63-7E61-46D2-84AC-621AB2A1AC50}\RP883\A0037844.exe a variant of Win32/Kryptik.VHI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4A634D63-7E61-46D2-84AC-621AB2A1AC50}\RP883\A0037859.exe a variant of Win32/Kryptik.ABW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4A634D63-7E61-46D2-84AC-621AB2A1AC50}\RP883\A0037919.exe a variant of Win32/Kryptik.ABW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4A634D63-7E61-46D2-84AC-621AB2A1AC50}\RP883\A0037920.exe a variant of Win32/Kryptik.ABW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Don't worry about the resaults.

C:\Qoobox\Quarantine

What was found in this folder has backups of the removed by ComboFix. Do not worry, there is no way to infect your system because they are secured, and even uninstalling ComboFix, they will also be removed.

C:\System Volume Information\_restore(...)

Those are old infected restore points, which will be cleaned.

If everything is OK now, we can proceed to the end of cleaning process.

Link to post
Share on other sites

Great! :)

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Step 2

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest version of Adobe Reader. Before you download and install the latest version is important to uninstall it, so for this purpose: Click on Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install the application and then restart your computer.

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Some quick tips:

  1. Antivirus software - I see that you have no antivirus install on your system, so take a look here more closely. It's always necessary. Always updated antivirus program will save you many future problems. Here some good free antivirus solutions:
    • avast! Free Antivirus - It is a light on system resources, and it's unobtrusive. For the most part it runs silently in the background. It's the only free antivirus with boot scan options. Definitions based on our experience are just average.
    • Avira AntiVir Personal - AntiVir has a clean and pleasant interface. It has a small footprint and is easy on system resources. Based on active infections in our malware removal forum, it's definitions are among the best. It is also more effective against rootkits than most. However, this free product aggressively promotes the paid version. A pop-up displayed after ever definition update (shown below) is sometimes confused as an unwanted popup. Compatible with Windows XP/Vista/7, including 64-bit and Linux.
    • Microsoft Security Essentials - It is 100% free. Free download, free updates, and advertising free. There isn't even a paid option available. Above all, it uses fewer system resources than any other antivirus tested (free or paid). Simple to install, easy to use, runs silently in the background. Compatible with Windows XP 32-bit, Windows Vista/Windows 7 32-bit or 64-bit. Many languages offered.

[*]Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.

  1. Open Start => All Programs => Accessories => System tools => Disk Cleanup.
  2. In the Drop down box that appears select your main drive e.g. C:\
  3. Click OK.
  4. The System will do some calculation and display a dialogue box with TABS.
  5. Select the More Options tab.
  6. At the bottom will be a system restore box with a CLEANUP button. Click on it.
  7. Accept the Warning and select OK again, the program will close and you are done.

[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

Safe surfing! ;)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.