newbye

Bestmarsktore search redirect malware

14 posts in this topic

MBAM scans do not seem to get rid of this malware. Occasionally when I search on google, it redirects me to bestmarkstore.com, flurrysearch.com and some other websites. How do I get rid of it?

Share this post


Link to post
Share on other sites

Hi newbye

:huh:

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Next

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

In your next reply, please include these log(s):

1.DDS.txt

2.Attach.txt

3.RKU log

Share this post


Link to post
Share on other sites

Thanks, here are the 3 logs.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Sei Pei at 12:41:44.92 on Mon 03/07/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3062.1274 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\lxdncoms.exe

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TpKmpSVC.exe

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Nitro PDF\Professional\NitroPDF.exe

C:\Windows\explorer.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Users\Sei Pei\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\seipei~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} - hxxps://remote.dteenergy.com/plantview/common/activex/,DanaInfo=.apmvy0Ej0mlyKo10+sstree.cab

DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD9} - hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csoex_mbb.cab

DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCDA} - hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csoex_mbs.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {B9B2EE1A-E314-4338-A305-BE845EACB113} - hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csw25.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://remote.dteenergy.com/,DanaInfo=dtelm36.dteco.com+dwa7W.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.dteenergy.com/dana-cached/sc/JuniperSetupClient.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

mASetup: Nitro PDF Professional - cscript //B "c:\program files\nitro pdf\professional\RemoveOldAddins.vbs"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\seipei~1\appdata\roaming\mozilla\firefox\profiles\fwnx55m8.newprofile\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\users\sei pei\appdata\roaming\mozilla\firefox\profiles\fwnx55m8.newprofile\extensions\{fcf36b88-1bba-487f-b64b-d2e8980a9293}\components\tvtpwm_moz_xpcom.dll

FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\users\sei pei\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\sei pei\appdata\roaming\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\users\sei pei\appdata\roaming\mozilla\firefox\profiles\fwnx55m8.newprofile\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\users\sei pei\appdata\roaming\mozilla\firefox\profiles\fwnx55m8.newprofile\extensions\reader_plugin@ebrary.com\plugins\NPinfotl.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\sei pei\appdata\roaming\Move Networks

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - c:\program files\lenovo\client security solution\PWM Firefox Extension

FF - Ext: XULRunner: {C0A493B8-F849-4CEE-871A-4B02C695FAB9} - c:\users\sei pei\appdata\local\{C0A493B8-F849-4CEE-871A-4B02C695FAB9}

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - %profile%\extensions\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: EBrary Reader Plugin: reader_plugin@ebrary.com - %profile%\extensions\reader_plugin@ebrary.com

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-19 342128]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]

R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-12-5 88832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-16 20952]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-19 91640]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-19 43288]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-11-19 65224]

S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]

S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

.

=============== Created Last 30 ================

.

2011-03-03 14:26:31 -------- d-----w- c:\users\seipei~1\appdata\roaming\MiKTeX

2011-03-03 14:25:39 -------- d-----w- c:\users\seipei~1\appdata\local\MiKTeX

2011-03-03 14:14:48 -------- d-----w- c:\progra~2\MiKTeX

2011-03-03 14:09:35 -------- d-----w- c:\program files\MiKTeX 2.9

2011-03-02 12:50:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-03-02 12:50:59 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-03-02 12:49:14 -------- d-----w- c:\program files\iPod

2011-03-02 12:49:13 -------- d-----w- c:\program files\iTunes

2011-03-02 12:49:13 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-03-02 12:38:34 -------- d-----w- c:\program files\Bonjour

2011-02-26 06:11:34 -------- d-----w- C:\cygwin

2011-02-26 05:50:43 -------- d-----w- c:\users\seipei~1\appdata\local\Audible

2011-02-25 18:10:57 255352 ----a-w- c:\windows\system32\awrdscdc.ax

2011-02-25 18:10:49 24576 ------w- c:\windows\system32\msxml3a.dll

2011-02-25 18:10:34 -------- d-----w- c:\program files\Audible

2011-02-24 08:00:41 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-22 21:30:33 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-22 21:30:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-17 18:07:22 -------- d-----w- C:\Python27

2011-02-12 14:18:32 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin

2011-02-12 14:18:32 22 --sha-w- c:\users\seipei~1\appdata\roaming\Sys6925.Config Collection.sys

2011-02-12 14:11:14 -------- d-----w- c:\program files\jv16 PowerTools 2010

2011-02-11 12:52:49 -------- d-----w- c:\users\seipei~1\appdata\roaming\AnvSoft

2011-02-11 12:52:43 -------- d-----w- c:\program files\AnvSoft

2011-02-11 12:35:00 695578 ----a-w- c:\windows\system32\unins000.exe

2011-02-11 12:35:00 65536 ----a-w- c:\windows\system32\camcodec.dll

2011-02-10 10:05:06 2329088 ----a-w- c:\windows\system32\win32k.sys

2011-02-10 10:03:52 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-02-09 08:22:50 0 ----a-w- c:\users\seipei~1\appdata\local\Msekewobeyitam.bin

2011-02-09 08:22:48 -------- d-----w- c:\users\seipei~1\appdata\local\{C0A493B8-F849-4CEE-871A-4B02C695FAB9}

.

==================== Find3M ====================

.

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll

2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec

2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 12:43:18.91 ===============

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/19/2009 8:13:24 AM

System Uptime: 3/5/2011 3:18:20 PM (45 hours ago)

.

Motherboard: LENOVO | | 766112U

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 67 GiB total, 12.09 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP161: 3/4/2011 10:26:31 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 4.65

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.2

Adobe Shockwave Player 11.5

Any Video Converter 3.1.8

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AudibleManager

Auto Mouse Click v1.1

Bonjour

CamStudio

CamStudio Lossless Codec v1.4

Client Security - Password Manager

Facebook Plug-In

FastImageResizer (remove only)

Inkscape 0.48.0

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

iTunes

Java 6 Update 17

Java 6 Update 6

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Juniper Terminal Services Client

jv16 PowerTools 2010

KeePass Password Safe 1.17

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Lexmark 2600 Series

Lexmark Fax Solutions

Logitech Vid

Logitech Webcam Software

Malwarebytes' Anti-Malware

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee VirusScan Enterprise

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.0

Microsoft IntelliType Pro 8.0

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access 2007

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office FrontPage 2003

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MiKTeX 2.9

Move Media Player

MozBackup 1.4.9

Mozilla Firefox (3.5.17)

Mozilla Thunderbird (3.1.8)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nitro PDF Professional

OGA Notifier 2.0.0048.0

On Screen Display

OrgScheduler version 6.6

Palm Desktop by ACCESS

Python 2.7.1

QuickTime

SecureShell

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Silverfrost FTN95

Skype

Share this post


Link to post
Share on other sites

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #2

==============================================

>Drivers

==============================================

0x90E3D000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5259264 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x91A2D000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel

Share this post


Link to post
Share on other sites

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Share this post


Link to post
Share on other sites

here is the combofix log.... thanks.

ComboFix 11-03-07.02 - Sei Pei 03/07/2011 14:59:34.2.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3062.1816 [GMT -5:00]

Running from: c:\users\Sei Pei\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sei Pei\AppData\Local\{C0A493B8-F849-4CEE-871A-4B02C695FAB9}

c:\users\Sei Pei\AppData\Local\{C0A493B8-F849-4CEE-871A-4B02C695FAB9}\chrome.manifest

c:\users\Sei Pei\AppData\Local\{C0A493B8-F849-4CEE-871A-4B02C695FAB9}\chrome\content\_cfg.js

c:\users\Sei Pei\AppData\Local\{C0A493B8-F849-4CEE-871A-4B02C695FAB9}\chrome\content\overlay.xul

c:\users\Sei Pei\AppData\Local\{C0A493B8-F849-4CEE-871A-4B02C695FAB9}\install.rdf

c:\users\Sei Pei\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sys5889.Data Repository.sys

c:\windows\system32\LogFiles\AIT\AitEventLog.etl.001

c:\windows\system32\LogFiles\HTTPERR\httperr1.log

c:\windows\system32\LogFiles\Scm\05ee699f-ab25-42d8-8781-558c5d1d2fad

c:\windows\system32\LogFiles\Scm\071d41b6-8806-4eb0-b661-6cb67be6e86e

c:\windows\system32\LogFiles\Scm\0d9b5d92-3a22-486d-a887-3aa21597cf27

c:\windows\system32\LogFiles\Scm\0e12083c-0335-49db-9542-ba1ec6d83ecc

c:\windows\system32\LogFiles\Scm\0f1359e6-9a70-4af8-a4ae-000aa2f49fdb

c:\windows\system32\LogFiles\Scm\18ac1fb9-33c0-4ee3-b352-b5037e6ef8d6

c:\windows\system32\LogFiles\Scm\18e6d428-d26c-4169-bedf-3b5bddc952f6

c:\windows\system32\LogFiles\Scm\1ec9510d-a439-4950-9399-b6399edf9ea7

c:\windows\system32\LogFiles\Scm\2375f586-1009-41fb-b54e-30d8af2b781d

c:\windows\system32\LogFiles\Scm\24fa84a0-e087-48ec-bc51-2b9c4c815d78

c:\windows\system32\LogFiles\Scm\2bd05ba6-988d-4bd3-a9cd-9a39f80af524

c:\windows\system32\LogFiles\Scm\2c59ecaf-3a27-4640-9f4b-519b05bdd70f

c:\windows\system32\LogFiles\Scm\367f930a-a3db-4112-b1f1-50e92a171c88

c:\windows\system32\LogFiles\Scm\3a472dd5-9e55-4fa9-b37c-b6c0a9fe07d3

c:\windows\system32\LogFiles\Scm\4040e761-8758-4007-b2fe-142b24bf4b16

c:\windows\system32\LogFiles\Scm\42aff320-ade2-40ac-9b1f-6d1a8f30c91c

c:\windows\system32\LogFiles\Scm\488ea444-1086-49a8-bb2c-f45748fbcb52

c:\windows\system32\LogFiles\Scm\48a078cb-dd7b-4a92-828a-1407ec94906f

c:\windows\system32\LogFiles\Scm\50a32b77-63f7-4f61-9b25-f47ae2fc8d0a

c:\windows\system32\LogFiles\Scm\50fb5a03-0e1e-48de-b8a1-bee9d7d2cd0f

c:\windows\system32\LogFiles\Scm\5b184694-64c3-4633-94c5-945b3fa561d6

c:\windows\system32\LogFiles\Scm\5c2c622f-70e9-4194-a7da-033e827365ad

c:\windows\system32\LogFiles\Scm\5fbc3ee8-fdb0-43cc-a4d2-55649a9224b0

c:\windows\system32\LogFiles\Scm\60158c7a-6808-42cd-95ee-afd9a57925db

c:\windows\system32\LogFiles\Scm\617dbe93-69f5-41da-b1d9-4329d1e208ae

c:\windows\system32\LogFiles\Scm\6375cc1c-d975-48d2-9cd5-63db19b10d4a

c:\windows\system32\LogFiles\Scm\685f656c-1a33-4017-9f08-f9a2bcb1edfd

c:\windows\system32\LogFiles\Scm\6a3ea629-e161-47a2-ba59-6c2e3ea0f18f

c:\windows\system32\LogFiles\Scm\6aef0c98-2cb4-4b67-8c70-4c977c7355cc

c:\windows\system32\LogFiles\Scm\6b7ac694-8d6d-481b-9dd8-2a3a741ada6d

c:\windows\system32\LogFiles\Scm\731e9c62-95b5-4c8c-ab64-4cc591c9ff5b

c:\windows\system32\LogFiles\Scm\73259f86-29d6-42ff-b1e7-634f6e40d4f8

c:\windows\system32\LogFiles\Scm\7d3c7871-a917-4ef0-82e8-5f0a96423051

c:\windows\system32\LogFiles\Scm\8905ecd8-016f-4dc2-90e6-a5f1fa6a841a

c:\windows\system32\LogFiles\Scm\9334c323-f100-4656-9ba0-e4aa69c0f9c2

c:\windows\system32\LogFiles\Scm\9386d4b8-77c1-4c82-b047-1297b0b67143

c:\windows\system32\LogFiles\Scm\994058c5-9874-4c5d-9cf4-6661aa234a31

c:\windows\system32\LogFiles\Scm\9b75c702-ea13-406a-badb-6c588ee4375b

c:\windows\system32\LogFiles\Scm\9efacbe6-a797-4905-a0c6-014cd3000dbb

c:\windows\system32\LogFiles\Scm\9f54b95f-5096-4803-ae61-e9b3ac5b616d

c:\windows\system32\LogFiles\Scm\a1cfa52f-06f2-418d-addb-cd6456d66f43

c:\windows\system32\LogFiles\Scm\a2cfb6f3-b3ae-4971-8e29-c415be22d2e5

c:\windows\system32\LogFiles\Scm\a316e645-1c56-45a6-bd6a-7dca79778090

c:\windows\system32\LogFiles\Scm\a338a66e-b132-43d0-9951-5d9d5b2ec332

c:\windows\system32\LogFiles\Scm\a3dbc3e1-10ee-496a-a51f-081c996e4e3e

c:\windows\system32\LogFiles\Scm\a6394592-54ce-4e93-8d64-1a068f462632

c:\windows\system32\LogFiles\Scm\ab771a9f-fb0f-4fa1-8b5f-48186615901e

c:\windows\system32\LogFiles\Scm\b6670152-5534-4902-836a-9b30c3758f79

c:\windows\system32\LogFiles\Scm\b9bee219-c29e-4310-819c-147a5a0e045e

c:\windows\system32\LogFiles\Scm\bba67ad0-4ba0-4b44-827b-ff419b70c057

c:\windows\system32\LogFiles\Scm\bd12bc73-2c75-48fe-a78c-d2b9be4c92ff

c:\windows\system32\LogFiles\Scm\c90440a0-6d8f-423f-8f42-83eef05ce708

c:\windows\system32\LogFiles\Scm\cdfc7f73-18ef-480f-a93c-1b35656f184d

c:\windows\system32\LogFiles\Scm\d21f6024-191f-4454-bbbc-09a650da2549

c:\windows\system32\LogFiles\Scm\d41088b9-3dbf-459b-8121-edbe211c9ba2

c:\windows\system32\LogFiles\Scm\d55d172f-6f14-42db-ac06-fffc311d6524

c:\windows\system32\LogFiles\Scm\d622195c-d680-4fea-9c56-59660c7c9e94

c:\windows\system32\LogFiles\Scm\d81da4eb-2cc2-442c-bf52-0eb9a1d2c081

c:\windows\system32\LogFiles\Scm\d8bb5b7f-d0ca-4f67-a3d7-73e1d05f63da

c:\windows\system32\LogFiles\Scm\ddef17c5-fffb-4e89-a088-9abc5b1fb2cd

c:\windows\system32\LogFiles\Scm\de8699d2-8a05-42f7-8a85-5162af47d26a

c:\windows\system32\LogFiles\Scm\de8bae53-2809-4f75-85ef-427d364b9b2c

c:\windows\system32\LogFiles\Scm\df74bac0-4ea1-430f-b529-35139bd16d64

c:\windows\system32\LogFiles\Scm\e1ada8d3-2d07-4376-b79a-aea69a8f889b

c:\windows\system32\LogFiles\Scm\e1b987d3-4d13-449b-936d-17a23033f09e

c:\windows\system32\LogFiles\Scm\e475ad50-cbbc-4008-82c4-140a0f59e402

c:\windows\system32\LogFiles\Scm\e6883f93-5c69-4cbf-8c0a-caca74d101f1

c:\windows\system32\LogFiles\Scm\e6f3a527-8b0b-43fa-94eb-584032761924

c:\windows\system32\LogFiles\Scm\e79b2998-8f63-451a-a56d-26edc0a5098a

c:\windows\system32\LogFiles\Scm\e8164c0d-216c-4b6b-9eb8-31bf958b8014

c:\windows\system32\LogFiles\Scm\ebb919b1-a6ff-4174-a51c-447786de8870

c:\windows\system32\LogFiles\Scm\efe38c60-190c-44a6-9f0c-3f62cae3291e

c:\windows\system32\LogFiles\Scm\f1369a11-e983-4458-b390-712efa1cba44

c:\windows\system32\LogFiles\Scm\f93c7104-998a-4a38-b935-775a3138b3c3

c:\windows\system32\LogFiles\Scm\f9c36b74-36ee-4443-a6f2-ba8e56100b27

c:\windows\system32\LogFiles\Scm\fbe58078-39bb-4b9a-bbf1-85760bf18910

c:\windows\system32\LogFiles\Scm\fdd0ac7b-7bfb-44e3-ab76-c0010b492ed7

c:\windows\system32\LogFiles\Scm\ffb8486a-9861-4b82-be38-c7f8fb1b6605

c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\LogFiles . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))

.

.

2011-03-07 17:46 . 2011-03-07 17:46 -------- d-----w- c:\windows\system32\BlaToDelete

2011-03-03 14:26 . 2011-03-03 14:26 -------- d-----w- c:\users\Sei Pei\AppData\Roaming\MiKTeX

2011-03-03 14:25 . 2011-03-03 14:25 -------- d-----w- c:\users\Sei Pei\AppData\Local\MiKTeX

2011-03-03 14:14 . 2011-03-03 14:14 -------- d-----w- c:\programdata\MiKTeX

2011-03-03 14:09 . 2011-03-03 14:12 -------- d-----w- c:\program files\MiKTeX 2.9

2011-03-02 12:50 . 2011-03-02 12:50 -------- dc----w- c:\windows\system32\DRVSTORE

2011-03-02 12:50 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-03-02 12:50 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-03-02 12:49 . 2011-03-02 12:49 -------- d-----w- c:\program files\iPod

2011-03-02 12:49 . 2011-03-02 12:50 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-03-02 12:49 . 2011-03-02 12:50 -------- d-----w- c:\program files\iTunes

2011-03-02 12:42 . 2011-03-02 12:49 -------- d-----w- c:\programdata\Apple Computer

2011-03-02 12:39 . 2011-03-02 12:39 -------- d-----w- c:\program files\Apple Software Update

2011-03-02 12:38 . 2011-03-02 12:38 -------- d-----w- c:\program files\Bonjour

2011-02-26 06:11 . 2011-02-26 15:37 -------- d-----w- C:\cygwin

2011-02-26 05:50 . 2011-03-02 15:22 -------- d-----w- c:\users\Sei Pei\AppData\Local\Audible

2011-02-25 18:10 . 2011-02-25 18:10 255352 ----a-w- c:\windows\system32\awrdscdc.ax

2011-02-25 18:10 . 2001-08-18 03:43 24576 ------w- c:\windows\system32\msxml3a.dll

2011-02-25 18:10 . 2011-02-25 18:10 -------- d-----w- c:\program files\Audible

2011-02-24 08:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-22 21:30 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-22 21:30 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-17 18:07 . 2011-02-17 18:14 -------- d-----w- C:\Python27

2011-02-12 14:18 . 2011-02-12 14:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin

2011-02-12 14:18 . 2011-02-12 14:18 22 --sha-w- c:\users\Sei Pei\AppData\Roaming\Sys6925.Config Collection.sys

2011-02-12 14:11 . 2011-02-12 19:36 -------- d-----w- c:\program files\jv16 PowerTools 2010

2011-02-11 12:52 . 2011-02-11 12:52 -------- d-----w- c:\users\Sei Pei\AppData\Roaming\AnvSoft

2011-02-11 12:52 . 2011-02-11 12:52 -------- d-----w- c:\program files\AnvSoft

2011-02-11 12:35 . 2011-02-11 12:34 695578 ----a-w- c:\windows\system32\unins000.exe

2011-02-11 12:35 . 2008-10-01 00:35 65536 ----a-w- c:\windows\system32\camcodec.dll

2011-02-10 10:05 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys

2011-02-10 10:03 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-09 08:22 . 2011-02-16 05:33 0 ----a-w- c:\users\Sei Pei\AppData\Local\Msekewobeyitam.bin

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 23:09 . 2010-12-16 14:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 23:08 . 2010-12-16 14:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]

"TpShocks"="TpShocks.exe" [2009-07-09 337184]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-08-17 55048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-10-19 3093816]

"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 209216]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

.

c:\users\Sei Pei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2009-08-17 19:27 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

2008-03-27 15:13 320168 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]

2009-07-16 20:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]

2008-03-27 15:13 16040 ----a-w- c:\program files\Lexmark 2600 Series\lxdnamon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]

2008-03-27 15:13 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-09 02:05 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]

2009-03-13 22:32 68976 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]

2010-11-15 03:38 11755312 ----a-w- c:\program files\VoipBuster\voipbuster.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-04-28 94208]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-30 65224]

R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]

R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 379904]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2009-04-30 21256]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-30 70216]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]

S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 88832]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2010-07-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

.

2010-07-15 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} - hxxps://remote.dteenergy.com/plantview/common/activex/,DanaInfo=.apmvy0Ej0mlyKo10+sstree.cab

DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD9} - hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csoex_mbb.cab

DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCDA} - hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csoex_mbs.cab

DPF: {B9B2EE1A-E314-4338-A305-BE845EACB113} - hxxps://ost.maybank2u.com.my/MBBWecos/Cab/csw25.cab

FF - ProfilePath - c:\users\Sei Pei\AppData\Roaming\Mozilla\Firefox\Profiles\fwnx55m8.NewProfile\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Sei Pei\AppData\Roaming\Move Networks

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - c:\program files\Lenovo\Client Security Solution\PWM Firefox Extension

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - %profile%\extensions\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - Ext: EBrary Reader Plugin: reader_plugin@ebrary.com - %profile%\extensions\reader_plugin@ebrary.com

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_ActiveSetup-Nitro PDF Professional - (no file)

AddRemove-KeePass Password Safe_is1 - c:\program files\KeePass Password Safe\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]

"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]

"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(604)

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

- - - - - - - > 'Explorer.exe'(5588)

c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll

c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL

c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL

c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL

c:\windows\System32\pnidui.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe

c:\program files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\windows\system32\TpKmpSVC.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\McAfee\VirusScan Enterprise\mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\conhost.exe

c:\windows\system32\conhost.exe

c:\windows\System32\TpShocks.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Lenovo\Client Security Solution\password_manager.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

.

**************************************************************************

.

Completion time: 2011-03-07 15:18:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-07 20:18

.

Pre-Run: 13,508,939,776 bytes free

Post-Run: 13,943,398,400 bytes free

.

- - End Of File - - 63FC7D5F8D1DE738FF60E737A9E8F2B9

Share this post


Link to post
Share on other sites

Hi,

I like to see more on this file.

Please go to one of the below sites to scan the following files:

virscan.org

Virus Total

Click on Browse, and upload the following file for analysis:

c:\windows\system32\BlaToDelete

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

Please include the following in your next post:

  • File analysis results

Share this post


Link to post
Share on other sites

Hi, that folder is actually the installation folder of the Rootkit Unhooker program that I was instructed to run in the first reply post. Sorry for the confusion, I had given it that name to remember to delete it later.

Share this post


Link to post
Share on other sites

I think my problem is solved. Clicked on a bunch of google links and I did not have any redirection. Do I need to do anything else?

Share this post


Link to post
Share on other sites

There are some older versions of Java on your computer. These can be a source of infection.

[javaicon.gif

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says Java SE Runtime Environment (JRE) - JRE 6 Update 24 -
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement. Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u124 -windows-i586-p.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

      [*]Click OK to leave the Java Control Panel.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: 1.6.0_24 from Sun Microsystems Inc.

Next

Your Computer is Clean

CLEAN-1.jpg

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial for Spywareblaster can be found here.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.