I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software
HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list
HERE
You have Microsoft Security Essentials running, also McAfee security shield. If McAfee includes an Antivirus component it will clash with MSE and may even negate protection. Dont forget for realtime protection, only one Firewall and one Antivirus program to run with realtime protection enabled. Next,
Please proceed as follows :-
Step 1
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
Step 2
Download Security Check by screen317 from
HERE or
HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-01-31 599040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
Yep making good progress, from your logs it appears you have two Antivirus programs running in realtime. McAfee and Microsoft Security Essentials. That is not good, two AV`s will clash and may even negate protection. Make sure only one has reatime protection enabled. Also dont update just yet, lets make sure you are clean first.
Please continue as follows :-
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <-- Very important
3. Open notepad and copy/paste the text inbetween the dooted lines below into it:
----------------------------------------------------------------------------------------------------------------- KillAll:: File:: c:\windows\system32\drivers\oihaeplf.sys c:\windows\system32\drivers\caxjuuap.sys c:\users\SUNDAR\AppData\Local\Xjizaxoga.dat c:\users\SUNDAR\AppData\Local\Gxirirotani.bin c:\windows\Emcmm.dat c:\windows\system32\SySAVI2WMV.dat c:\windows\system32\ezsidmv.dat Folder:: c:\users\SUNDAR\AppData\Roaming\uTorrent RegNull:: [HKEY_USERS\S-1-5-21-3551730455-2682397126-331062045-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2
Run an online virus scan with Kaspersky from HERE. This scan is very thorough and may take several hours to run, please allow it to complete. 1. At the main page. Press on "Accept". After reading the contents. 2. At the next window Select Update. Allow the Database to update. Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run. 3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. 4. Select Scan Report. 5. If any threats were found they will appear in the report 6. Select "Save error report as" Then in the file name just type in kaspersky Under "save as type" select text .txt Save it to your Desktop. Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
- - End Of File - - FBBDCC6371CC4DD5B4EF0865042C304A
KASPERSKY
-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, August 11, 2010 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, August 10, 2010 17:50:47 Records in database: 4128652 --------------------------------------------------------------------------------
Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.It will also remove the OTC application.
Some systems give alert to OTC site, it is very safe. Either accept the alert or use the alternative d/l site.
Any tools left on the Desktop can be safely removed by deleting.
Step 3
Your version of Java is outdated, Select > Start > Control Panel > Programs. You will see the Java icon ( looks like a coffee cup) Select the icon to open Java console. Select update tab and follow the prompts.
1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option ORdownload the toolbar-free or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours" 3. Then select the items you wish to clean up. In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done.
Step 5
Post a final HJT log for me please and let me know how your system is responding, any issues. It will be safe to install Windows updates now when you`re ready.
Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.
Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
Make proper use of your antivirus and firewall
Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.
You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.
You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.
Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.
These browser add-ons will help to make your browser safer:
Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:
Available for Firefox and Internet Explorer.
Green to go,
Yellow for caution, and
Red to stop.
Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.
These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.
Here a couple of links by two security experts that will give some excellent tips and advice.
Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.
Please reply so I know you have read this and I will then close out the thread unless you have any other issues, its been a pleasure to work you.
I have read your instructions and will try to follow it all the time. Thank you for the valuable help you have given me. It has been a great experience working with you.
Since this issue appears to be resolved the topic has been closed. Glad we could help. :emotion-21:
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.
Since this issue appears to be resolved the topic has been closed. Glad we could help. :emotion-21:
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.
I understand this part, Nice writing, Thanks for your instruction!
kevinf80_1d0ac6
1.1K Posts
0
August 10th, 2010 12:00
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE
You have Microsoft Security Essentials running, also McAfee security shield. If McAfee includes an Antivirus component it will clash with MSE and may even negate protection. Dont forget for realtime protection, only one Firewall and one Antivirus program to run with realtime protection enabled. Next,
Please proceed as follows :-
Step 1
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Combofix
Don`t forget Combofix must be saved to your desktop. <--Very important
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important
Please include the C:\ComboFix.txt in your next reply for further review.
Examples of how to disable realtime protection available at the following link :-
Disable realtime protection
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
Step 2
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What i`d like in your reply :-
Kevin
sm1025
9 Posts
0
August 10th, 2010 13:00
HI Kevin,
Thank You for spending your valuable time helping out with my problem.
Here are the logs from both the programs.
COMBOFIX
ComboFix 10-08-09.03 - SUNDAR 10/08/2010 20:01:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1067 [GMT 1:00]
Running from: c:\users\SUNDAR\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\SUNDAR\AppData\Local\{22F80F66-A0A0-431D-8967-E75A3E4FDE0E}
c:\users\SUNDAR\AppData\Local\{22F80F66-A0A0-431D-8967-E75A3E4FDE0E}\chrome.manifest
c:\users\SUNDAR\AppData\Local\{22F80F66-A0A0-431D-8967-E75A3E4FDE0E}\chrome\content\_cfg.js
c:\users\SUNDAR\AppData\Local\{22F80F66-A0A0-431D-8967-E75A3E4FDE0E}\chrome\content\overlay.xul
c:\users\SUNDAR\AppData\Local\{22F80F66-A0A0-431D-8967-E75A3E4FDE0E}\install.rdf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
Infected copy of c:\windows\system32\DRIVERS\RDPENCDD.SYS was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-08-10 19:18 . 2010-08-10 19:21 -------- d-----w- c:\users\SUNDAR\AppData\Local\temp
2010-08-10 19:18 . 2010-08-10 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 12:30 . 2010-08-10 12:30 -------- d-----w- c:\program files\Trend Micro
2010-08-10 11:24 . 2010-08-10 11:26 -------- d-----w- c:\windows\system32\catroot2
2010-08-10 10:04 . 2010-08-10 10:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-10 09:30 . 2010-08-10 09:30 -------- d-----w- c:\windows\CheckSur
2010-08-10 05:30 . 2010-08-10 05:30 6144 ----a-w- c:\windows\system32\drivers\oihaeplf.sys
2010-08-09 13:01 . 2010-08-09 13:01 6144 ----a-w- c:\windows\system32\drivers\caxjuuap.sys
2010-08-09 11:52 . 2010-08-09 11:53 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-09 10:47 . 2010-08-09 10:47 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Reallusion
2010-08-09 10:15 . 2010-08-09 10:15 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Malwarebytes
2010-08-09 10:14 . 2010-08-09 10:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 10:14 . 2010-08-09 10:14 -------- d-----w- c:\programdata\Malwarebytes
2010-08-09 10:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 10:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 07:34 . 2010-08-09 07:34 120 ----a-w- c:\users\SUNDAR\AppData\Local\Xjizaxoga.dat
2010-08-09 07:34 . 2010-08-09 07:34 0 ----a-w- c:\users\SUNDAR\AppData\Local\Gxirirotani.bin
2010-08-07 20:16 . 2010-08-07 22:23 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Football Superstars
2010-08-07 17:38 . 2010-08-07 20:16 -------- d-----w- C:\FSDownloader
2010-08-05 18:50 . 2010-08-05 18:50 -------- d-----w- c:\programdata\WindowsSearch
2010-08-05 12:42 . 2010-08-05 12:42 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Video2Webcam
2010-08-05 12:42 . 2010-08-05 12:42 -------- d-----w- c:\programdata\Video2Webcam
2010-08-05 12:41 . 2010-04-17 14:31 1053056 ----a-w- c:\windows\system32\drivers\V2WCDRV.sys
2010-08-03 05:58 . 2010-08-03 06:01 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\vlc
2010-08-01 20:58 . 2010-08-01 20:58 -------- d-----w- c:\program files\WSRMacros
2010-08-01 20:49 . 2010-08-01 20:52 -------- d-----w- c:\program files\TextSpeech Pro 3
2010-08-01 20:21 . 2010-08-01 20:21 -------- d-----w- c:\program files\WordTalk
2010-07-25 14:35 . 2010-07-25 14:35 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\WAYN
2010-07-25 14:35 . 2010-07-25 14:35 -------- d-----w- c:\users\SUNDAR\AppData\Local\WAYN
2010-07-25 14:34 . 2010-07-25 14:34 -------- d-----w- c:\program files\WAYN
2010-07-22 05:32 . 2010-07-22 05:32 -------- d-----w- c:\users\SUNDAR\AppData\Local\Yahoo!
2010-07-22 02:33 . 2010-07-21 22:19 -------- d-----w- C:\CSI Las Vegas Season9 (XviD asd) EnglishV+NapisyPL - www.xvidasd.com
2010-07-17 11:29 . 2010-07-24 09:02 -------- d-----w- c:\users\SUNDAR\AppData\Local\Graboid
2010-07-17 11:29 . 2010-07-17 11:29 -------- d-----w- c:\users\SUNDAR\AppData\Local\Graboid_Inc
2010-07-17 11:28 . 2010-07-17 11:29 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\MozillaControl
2010-07-17 11:28 . 2010-07-17 11:28 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-07-17 11:27 . 2010-07-24 09:04 -------- d-----w- c:\program files\Graboid
2010-07-14 20:05 . 2010-07-14 20:05 -------- d-----w- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 19:18 . 2010-03-10 08:31 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-10 18:42 . 2010-03-12 16:39 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Skype
2010-08-10 18:26 . 2010-03-12 16:34 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\uTorrent
2010-08-10 15:05 . 2010-03-12 16:41 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\skypePM
2010-08-10 12:30 . 2010-08-10 12:30 388096 ----a-r- c:\users\SUNDAR\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-09 23:00 . 2010-03-10 08:40 1356 ----a-w- c:\users\SUNDAR\AppData\Local\d3d9caps.dat
2010-08-09 08:07 . 2010-06-28 19:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-07 20:16 . 2010-08-07 20:16 717146 ----a-w- c:\users\SUNDAR\AppData\Roaming\Football Superstars\unins000.exe
2010-08-03 09:38 . 2010-03-12 19:01 -------- d-----w- c:\program files\Opera
2010-08-01 20:21 . 2010-08-01 20:21 3262 ----a-r- c:\users\SUNDAR\AppData\Roaming\Microsoft\Installer\{D4481AFF-4218-4CF0-A68C-87E9EBAE3B86}\_13C736DD7BE79AEFCF0DA2.exe
2010-07-23 05:17 . 2010-03-12 16:24 -------- d-----w- c:\program files\Yahoo!
2010-07-22 06:45 . 2010-03-12 16:29 -------- d-----w- c:\programdata\Yahoo!
2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\users\SUNDAR\AppData\Roaming\Virgin Media\HUB\downloads\VirginDetectionScriptsBundle.41.zip.dir\tools\NetworkFinder.signed.exe
2010-07-14 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 23:34 . 2010-06-28 19:13 63488 ----a-w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-13 23:34 . 2010-06-28 19:13 117760 ----a-w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-10 07:58 . 2010-07-10 07:58 12 ----a-w- c:\windows\Emcmm.dat
2010-07-10 07:51 . 2010-07-10 07:50 5 ----a-w- c:\windows\system32\SySAVI2WMV.dat
2010-07-07 16:49 . 2010-07-07 16:49 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Sierra
2010-07-06 07:31 . 2010-03-10 08:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-05 19:33 . 2010-07-05 19:33 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\PlayFirst
2010-07-05 19:33 . 2010-07-05 19:33 -------- d-----w- c:\programdata\PlayFirst
2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\program files\bigup16
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\programdata\Radialpoint
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Virgin Media
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\programdata\Virgin Media
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\program files\Virgin Media
2010-06-29 11:41 . 2010-06-29 11:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-29 07:18 . 2010-04-04 22:54 -------- d-----w- c:\program files\Common Files\Apple
2010-06-29 07:12 . 2010-03-12 17:33 -------- d-----w- c:\programdata\WinZip
2010-06-28 19:13 . 2010-06-28 19:13 52224 ----a-w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-28 19:12 . 2010-06-28 19:12 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com
2010-06-28 19:12 . 2010-06-28 19:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-28 19:04 . 2010-03-12 18:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 16:30 . 2010-03-10 09:31 -------- d-----w- c:\program files\McAfee
2010-06-25 16:17 . 2010-06-25 16:17 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 05:31 . 2010-03-10 09:29 -------- d-----w- c:\programdata\McAfee
2010-06-13 21:19 . 2010-03-19 22:25 -------- d-----w- c:\program files\Electronic Arts
2010-06-12 18:38 . 2010-06-12 18:38 -------- d-----w- c:\programdata\TVU Networks
2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-06-07 23:58 . 2010-06-07 23:58 60416 --sha-r- c:\windows\system32\shginax.dll
2010-06-03 17:21 . 2010-08-07 20:20 26149888 ----a-w- c:\users\SUNDAR\AppData\Roaming\Football Superstars\FSClientr.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-26 17:06 . 2010-06-09 12:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 12:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-16 01:56 . 2010-03-10 08:41 69968 ----a-w- c:\users\SUNDAR\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-14 13:59 . 2010-05-14 13:59 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-13 17:29 . 2010-05-13 17:29 25214 ----a-r- c:\users\SUNDAR\AppData\Roaming\Microsoft\Installer\{D6D532B2-22E1-43AA-B4B7-34D772314859}\ARPPRODUCTICON.exe
2010-04-27 16:16 . 2010-04-22 08:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2010-03-10 09:49 . 2010-03-10 09:49 76 --sh--r- c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Google Update"="c:\users\SUNDAR\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-12 135664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SmartVoip"="c:\program files\SmartVoip.com\SmartVoip\SmartVoip.exe" [2010-07-15 10570032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"tray"= 0 (0x0)
"EnableLUA"= 2 (0x2)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"New application"=c:\program files\Yamicsoft\Vista Manager\WallpaperChanger.exe
"OxigenTrayIcon"=c:\program files\Oxigen\bin\OxiTray.exe
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe"
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" /runkey
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):02,50,02,85,56,c2,ca,01
R1 MpKslcd5f9de1;MpKslcd5f9de1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F31B883-96A5-4DCF-AE17-C65637DB7517}\MpKslcd5f9de1.sys
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-01-31 599040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [2009-12-14 668912]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551730455-2682397126-331062045-1000Core.job
- c:\users\SUNDAR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 16:11]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551730455-2682397126-331062045-1000UA.job
- c:\users\SUNDAR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\SUNDAR\AppData\Roaming\Mozilla\Firefox\Profiles\85ydxb79.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Virgin Media\HUB\nprpspa.dll
FF - plugin: c:\users\SUNDAR\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\SUNDAR\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\SUNDAR\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-sped - (no file)
HKLM-Run-NPSStartup - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 20:20
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3551730455-2682397126-331062045-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f5,8d,c7,b8,3c,42,7c,94,61,c6,c7,d0,0b,58,ed,0d,6d,49,3a,c4,cd,b8,7d,
db,9d,1c,5d,13,e6,22,54,4c,dc,7e,d5,73,e9,e7,b8,82,67,f0,ac,55,5d,c8,68,b7,\
"??"=hex:73,45,c1,24,62,a5,51,a2,a5,e9,a0,a4,0a,b6,8e,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3628)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-08-10 20:31:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-10 19:31
Pre-Run: 6,734,540,800 bytes free
Post-Run: 6,611,144,704 bytes free
- - End Of File - - 39B9E86BE8F8DFAD854C13B4562EA6F8
sm1025
9 Posts
0
August 10th, 2010 13:00
Hi Kevin
I tried to run the Windows Update and it didnt show any error report this time. But I didnt install any of it yet, waiting for your reply to do it.
Regards
Sundar
kevinf80_1d0ac6
1.1K Posts
0
August 10th, 2010 15:00
Hi Sundar,
Yep making good progress, from your logs it appears you have two Antivirus programs running in realtime. McAfee and Microsoft Security Essentials. That is not good, two AV`s will clash and may even negate protection. Make sure only one has reatime protection enabled. Also dont update just yet, lets make sure you are clean first.
Please continue as follows :-
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <-- Very important
3. Open notepad and copy/paste the text inbetween the dooted lines below into it:
-----------------------------------------------------------------------------------------------------------------
KillAll::
File::
c:\windows\system32\drivers\oihaeplf.sys
c:\windows\system32\drivers\caxjuuap.sys
c:\users\SUNDAR\AppData\Local\Xjizaxoga.dat
c:\users\SUNDAR\AppData\Local\Gxirirotani.bin
c:\windows\Emcmm.dat
c:\windows\system32\SySAVI2WMV.dat
c:\windows\system32\ezsidmv.dat
Folder::
c:\users\SUNDAR\AppData\Roaming\uTorrent
RegNull::
[HKEY_USERS\S-1-5-21-3551730455-2682397126-331062045-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
-----------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2
Run an online virus scan with Kaspersky from HERE. This scan is very thorough and may take several hours to run, please allow it to complete.
1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
The following animation may help.
Kaspersky Gif
Kevin
sm1025
9 Posts
0
August 10th, 2010 22:00
Hi Kevin
I fllowed your instructions and got following log files from those steps.
and I didnt update my system yet, waiting for your advice for it.
COMBOFIX
ComboFix 10-08-09.03 - SUNDAR 10/08/2010 22:13:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1268 [GMT 1:00]
Running from: c:\users\SUNDAR\Desktop\ComboFix.exe
Command switches used :: c:\users\SUNDAR\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FILE ::
"c:\users\SUNDAR\AppData\Local\Gxirirotani.bin"
"c:\users\SUNDAR\AppData\Local\Xjizaxoga.dat"
"c:\windows\Emcmm.dat"
"c:\windows\system32\drivers\caxjuuap.sys"
"c:\windows\system32\drivers\oihaeplf.sys"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\SySAVI2WMV.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\SUNDAR\AppData\Local\Gxirirotani.bin
c:\users\SUNDAR\AppData\Local\Xjizaxoga.dat
c:\users\SUNDAR\AppData\Roaming\uTorrent
c:\users\SUNDAR\AppData\Roaming\uTorrent\dht.dat
c:\users\SUNDAR\AppData\Roaming\uTorrent\dht.dat.old
c:\users\SUNDAR\AppData\Roaming\uTorrent\resume.dat
c:\users\SUNDAR\AppData\Roaming\uTorrent\resume.dat.old
c:\users\SUNDAR\AppData\Roaming\uTorrent\rss.dat
c:\users\SUNDAR\AppData\Roaming\uTorrent\rss.dat.old
c:\users\SUNDAR\AppData\Roaming\uTorrent\settings.dat
c:\users\SUNDAR\AppData\Roaming\uTorrent\settings.dat.old
c:\users\SUNDAR\AppData\Roaming\uTorrent\utorrent.lng
c:\windows\Emcmm.dat
c:\windows\system32\drivers\caxjuuap.sys
c:\windows\system32\drivers\oihaeplf.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\SySAVI2WMV.dat
.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-08-10 21:25 . 2010-08-10 21:27 -------- d-----w- c:\users\SUNDAR\AppData\Local\temp
2010-08-10 21:25 . 2010-08-10 21:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 21:25 . 2010-08-10 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 12:30 . 2010-08-10 12:30 -------- d-----w- c:\program files\Trend Micro
2010-08-10 11:24 . 2010-08-10 11:26 -------- d-----w- c:\windows\system32\catroot2
2010-08-10 10:04 . 2010-08-10 10:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-10 09:30 . 2010-08-10 09:30 -------- d-----w- c:\windows\CheckSur
2010-08-09 11:52 . 2010-08-09 11:53 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-09 10:47 . 2010-08-09 10:47 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Reallusion
2010-08-09 10:15 . 2010-08-09 10:15 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Malwarebytes
2010-08-09 10:14 . 2010-08-09 10:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 10:14 . 2010-08-09 10:14 -------- d-----w- c:\programdata\Malwarebytes
2010-08-09 10:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 10:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-07 20:16 . 2010-08-07 22:23 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Football Superstars
2010-08-07 17:38 . 2010-08-07 20:16 -------- d-----w- C:\FSDownloader
2010-08-05 18:50 . 2010-08-05 18:50 -------- d-----w- c:\programdata\WindowsSearch
2010-08-05 12:42 . 2010-08-05 12:42 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Video2Webcam
2010-08-05 12:42 . 2010-08-05 12:42 -------- d-----w- c:\programdata\Video2Webcam
2010-08-05 12:41 . 2010-04-17 14:31 1053056 ----a-w- c:\windows\system32\drivers\V2WCDRV.sys
2010-08-03 05:58 . 2010-08-03 06:01 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\vlc
2010-08-01 20:58 . 2010-08-01 20:58 -------- d-----w- c:\program files\WSRMacros
2010-08-01 20:49 . 2010-08-01 20:52 -------- d-----w- c:\program files\TextSpeech Pro 3
2010-08-01 20:21 . 2010-08-01 20:21 -------- d-----w- c:\program files\WordTalk
2010-07-25 14:35 . 2010-07-25 14:35 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\WAYN
2010-07-25 14:35 . 2010-07-25 14:35 -------- d-----w- c:\users\SUNDAR\AppData\Local\WAYN
2010-07-25 14:34 . 2010-07-25 14:34 -------- d-----w- c:\program files\WAYN
2010-07-22 05:32 . 2010-07-22 05:32 -------- d-----w- c:\users\SUNDAR\AppData\Local\Yahoo!
2010-07-22 02:33 . 2010-07-21 22:19 -------- d-----w- C:\CSI Las Vegas Season9 (XviD asd) EnglishV+NapisyPL - www.xvidasd.com
2010-07-17 11:29 . 2010-07-24 09:02 -------- d-----w- c:\users\SUNDAR\AppData\Local\Graboid
2010-07-17 11:29 . 2010-07-17 11:29 -------- d-----w- c:\users\SUNDAR\AppData\Local\Graboid_Inc
2010-07-17 11:28 . 2010-07-17 11:29 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\MozillaControl
2010-07-17 11:28 . 2010-07-17 11:28 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-07-17 11:27 . 2010-07-24 09:04 -------- d-----w- c:\program files\Graboid
2010-07-14 20:05 . 2010-07-14 20:05 -------- d-----w- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 21:25 . 2010-03-10 08:31 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-10 18:42 . 2010-03-12 16:39 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Skype
2010-08-10 15:05 . 2010-03-12 16:41 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\skypePM
2010-08-10 12:30 . 2010-08-10 12:30 388096 ----a-r- c:\users\SUNDAR\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-09 23:00 . 2010-03-10 08:40 1356 ----a-w- c:\users\SUNDAR\AppData\Local\d3d9caps.dat
2010-08-09 08:07 . 2010-06-28 19:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-07 20:16 . 2010-08-07 20:16 717146 ----a-w- c:\users\SUNDAR\AppData\Roaming\Football Superstars\unins000.exe
2010-08-03 09:38 . 2010-03-12 19:01 -------- d-----w- c:\program files\Opera
2010-08-01 20:21 . 2010-08-01 20:21 3262 ----a-r- c:\users\SUNDAR\AppData\Roaming\Microsoft\Installer\{D4481AFF-4218-4CF0-A68C-87E9EBAE3B86}\_13C736DD7BE79AEFCF0DA2.exe
2010-07-23 05:17 . 2010-03-12 16:24 -------- d-----w- c:\program files\Yahoo!
2010-07-22 06:45 . 2010-03-12 16:29 -------- d-----w- c:\programdata\Yahoo!
2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\users\SUNDAR\AppData\Roaming\Virgin Media\HUB\downloads\VirginDetectionScriptsBundle.41.zip.dir\tools\NetworkFinder.signed.exe
2010-07-14 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 23:34 . 2010-06-28 19:13 63488 ----a-w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-13 23:34 . 2010-06-28 19:13 117760 ----a-w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-07 16:49 . 2010-07-07 16:49 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Sierra
2010-07-06 07:31 . 2010-03-10 08:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-05 19:33 . 2010-07-05 19:33 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\PlayFirst
2010-07-05 19:33 . 2010-07-05 19:33 -------- d-----w- c:\programdata\PlayFirst
2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\program files\bigup16
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\programdata\Radialpoint
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\Virgin Media
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\programdata\Virgin Media
2010-07-05 15:02 . 2010-07-05 15:02 -------- d-----w- c:\program files\Virgin Media
2010-06-29 07:18 . 2010-04-04 22:54 -------- d-----w- c:\program files\Common Files\Apple
2010-06-29 07:12 . 2010-03-12 17:33 -------- d-----w- c:\programdata\WinZip
2010-06-28 19:13 . 2010-06-28 19:13 52224 ----a-w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-28 19:12 . 2010-06-28 19:12 -------- d-----w- c:\users\SUNDAR\AppData\Roaming\SUPERAntiSpyware.com
2010-06-28 19:12 . 2010-06-28 19:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-28 19:04 . 2010-03-12 18:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 16:30 . 2010-03-10 09:31 -------- d-----w- c:\program files\McAfee
2010-06-25 16:17 . 2010-06-25 16:17 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 05:31 . 2010-03-10 09:29 -------- d-----w- c:\programdata\McAfee
2010-06-13 21:19 . 2010-03-19 22:25 -------- d-----w- c:\program files\Electronic Arts
2010-06-12 18:38 . 2010-06-12 18:38 -------- d-----w- c:\programdata\TVU Networks
2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-06-07 23:58 . 2010-06-07 23:58 60416 --sha-r- c:\windows\system32\shginax.dll
2010-06-03 17:21 . 2010-08-07 20:20 26149888 ----a-w- c:\users\SUNDAR\AppData\Roaming\Football Superstars\FSClientr.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 17:37 . 2010-03-12 19:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 12:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 12:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-16 01:56 . 2010-03-10 08:41 69968 ----a-w- c:\users\SUNDAR\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-14 13:59 . 2010-05-14 13:59 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-13 17:29 . 2010-05-13 17:29 25214 ----a-r- c:\users\SUNDAR\AppData\Roaming\Microsoft\Installer\{D6D532B2-22E1-43AA-B4B7-34D772314859}\ARPPRODUCTICON.exe
2010-04-27 16:16 . 2010-04-22 08:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2010-03-10 09:49 . 2010-03-10 09:49 76 --sh--r- c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Google Update"="c:\users\SUNDAR\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-12 135664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SmartVoip"="c:\program files\SmartVoip.com\SmartVoip\SmartVoip.exe" [2010-07-15 10570032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VirginMediaHUB.exe"="c:\program files\Virgin Media\HUB\VirginMediaHUB.exe" [2009-12-14 4277488]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"tray"= 0 (0x0)
"EnableLUA"= 2 (0x2)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"New application"=c:\program files\Yamicsoft\Vista Manager\WallpaperChanger.exe
"OxigenTrayIcon"=c:\program files\Oxigen\bin\OxiTray.exe
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe"
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" /runkey
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):02,50,02,85,56,c2,ca,01
R1 MpKslcd5f9de1;MpKslcd5f9de1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F31B883-96A5-4DCF-AE17-C65637DB7517}\MpKslcd5f9de1.sys
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-01-31 599040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\HUB\ServicepointService.exe [2009-12-14 668912]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551730455-2682397126-331062045-1000Core.job
- c:\users\SUNDAR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 16:11]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551730455-2682397126-331062045-1000UA.job
- c:\users\SUNDAR\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-12 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\SUNDAR\AppData\Roaming\Mozilla\Firefox\Profiles\85ydxb79.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Virgin Media\HUB\nprpspa.dll
FF - plugin: c:\users\SUNDAR\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\SUNDAR\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\SUNDAR\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\SUNDAR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 22:27
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2632)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-08-10 22:36:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-10 21:36
ComboFix2.txt 2010-08-10 19:31
Pre-Run: 6,396,895,232 bytes free
Post-Run: 6,384,508,928 bytes free
- - End Of File - - FBBDCC6371CC4DD5B4EF0865042C304A
KASPERSKY
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 11, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 10, 2010 17:50:47
Records in database: 4128652
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 264576
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 05:27:07
No threats found. Scanned area is clean.
Selected area has been scanned.
Regards
Sundar
kevinf80_1d0ac6
1.1K Posts
0
August 10th, 2010 23:00
Hi Sundar,
Please proceed as follows :-
Step 1
Remove Combofix now that we're done with it
Step 2
Step 3
Your version of Java is outdated, Select > Start > Control Panel > Programs. You will see the Java icon ( looks like a coffee cup) Select the icon to open Java console. Select update tab and follow the prompts.
Step 4
Download and scan with CCleaner
1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
In the Applications Tab:
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Step 5
Post a final HJT log for me please and let me know how your system is responding, any issues. It will be safe to install Windows updates now when you`re ready.
Kevin
sm1025
9 Posts
0
August 11th, 2010 01:00
Hi Kevin,
I followed your instructions and here is my final HJT log. Windows Update is working properly, without any error.
Thank you for spending your valuable time in helping me with this problem.
Regards
Sundar
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:27:02, on 11/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SmartVoip.com\SmartVoip\smartvoip.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517235954.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: TextSpeech Pro Web Browser Toolbar - {FA2711A9-D91E-4395-B200-010631857587} - C:\Windows\system32\TextSpeechProIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VirginMediaHUB.exe] "C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe" /AUTORUN
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Google Update] "C:\Users\SUNDAR\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SmartVoip] "C:\Program Files\SmartVoip.com\SmartVoip\smartvoip.exe" -nosplash -minimized
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\HUB\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9209 bytes
kevinf80_1d0ac6
1.1K Posts
0
August 11th, 2010 02:00
Hi Sundar,
Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.
Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
Make proper use of your antivirus and firewall
Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.
You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.
You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.
Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
Firefox,
Opera, and
Chrome.
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.
These browser add-ons will help to make your browser safer:
Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:
Available for Firefox and Internet Explorer.
Green to go,
Yellow for caution, and
Red to stop.
Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.
These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.
Here a couple of links by two security experts that will give some excellent tips and advice.
So how did I get infected in the first place by Tony Klein
How to prevent Malware by Miekiemoes
Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.
Please reply so I know you have read this and I will then close out the thread unless you have any other issues, its been a pleasure to work you.
take care,
Kevin
sm1025
9 Posts
0
August 11th, 2010 03:00
Hi Kevin
I have read your instructions and will try to follow it all the time. Thank you for the valuable help you have given me. It has been a great experience working with you.
Best of luck
Take care
Sundar
kevinf80_1d0ac6
1.1K Posts
0
August 11th, 2010 04:00
Since this issue appears to be resolved the topic has been closed. Glad we could help. :emotion-21:
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.
Roddy.Galecki
4 Posts
0
October 21st, 2010 04:00
I understand this part, Nice writing, Thanks for your instruction!