Solved Compromised + blue screen of death

[Peoplezz]

What is "s page"?


I still have a hard time to understand.

sorry I meant a page
when I have a page up in the browser its like there is another page behind it, the screen keeps jumping

 

[Broni]

What browser?

 

[Peoplezz]

Mozilla firefox

 

[Broni]

Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or 5 go Help>Restart Firefox with Add-ons Disabled.
Same issue?

 

[Peoplezz]

yep same issue

will a HJT log help or is my computer clean?

 

[Broni]

Well, it's hard for me to investigate something what I don't really have a clear picture of.

Other that that...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Peoplezz]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 35043 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50479035 bytes
->Flash cache emptied: 5909 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb


[EMPTYFLASH]

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 07172011_180526

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Peoplezz]

Ran Norton and it told me "nORTON POWER ERASER attempted to restore internet connection but was not succesful, please run NPE is safe mode with the networking option enabled,

is this anything to worry about?

Is my computer free of malware and rootkits?

thanks

 

[Broni]

I wouldn't worry about it.
Your computer is clean.
Are you having any issues?

 

[Peoplezz]

apart from the screen flickering no its cool

 

[Broni]

apart from the screen flickering

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck!

 

[Peoplezz]

sorry to be a pain again but my computer keeps locking up for no reason

 

[Broni]

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System

Under Select type to list, select:
Critical (Vista only)
Error

Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.

==================================================================

Download System Information for Windows (SIW free version)
No installation required.

After it scans your computer, navigate to Hardware>Sensors and post all info from there.

 

[Peoplezz]

will do that now, for some reason malware antibytes not responding

 

[Peoplezz]

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System

Under Select type to list, select:
Critical (Vista only)
Error

Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.

=================================================================]

I get following error " run time error 75. path/access file error"

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Peoplezz]

My SIW screen capture

 

[Broni]

That looks good.
Go ahead with Combofix.

 

[Peoplezz]

ComboFix 11-07-19.04 - Chris 20/07/2011 3:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1717 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Roaming\inst.exe
c:\users\Chris\AppData\Roaming\pcouffin.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 02:05 . 2011-07-20 02:06 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-07-20 02:05 . 2011-07-20 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-20 01:52 . 2011-07-20 01:52 -------- d-----w- c:\program files\SIW
2011-07-19 01:06 . 2011-07-19 01:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-07-19 01:06 . 2011-07-19 01:23 -------- d-----w- c:\users\Chris\AppData\Roaming\Vso
2011-07-19 01:06 . 2009-09-02 20:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2011-07-19 01:06 . 2009-09-02 20:58 65602 ----a-w- c:\windows\system32\cook3260.dll
2011-07-19 01:06 . 2009-09-02 20:58 217127 ----a-w- c:\windows\system32\drv43260.dll
2011-07-19 01:06 . 2009-09-02 20:58 208935 ----a-w- c:\windows\system32\drv33260.dll
2011-07-19 01:06 . 2009-09-02 20:58 176165 ----a-w- c:\windows\system32\drv23260.dll
2011-07-19 01:06 . 2009-09-02 20:58 102439 ----a-w- c:\windows\system32\sipr3260.dll
2011-07-19 01:06 . 2009-09-02 20:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2011-07-19 01:06 . 2011-07-19 01:06 -------- d-----w- c:\program files\VSO
2011-07-18 04:51 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-07-18 04:51 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-18 04:51 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-17 17:32 . 2011-07-17 17:32 -------- d-----w- c:\users\Chris\Tracing
2011-07-17 17:18 . 2011-07-17 17:25 -------- d-----w- c:\users\Chris\AppData\Local\Windows Live
2011-07-17 17:18 . 2011-07-17 17:18 -------- d-----w- c:\program files\Common Files\Windows Live
2011-07-17 17:12 . 2011-07-17 17:12 -------- d-----w- c:\program files\FileHippo.com
2011-07-17 01:00 . 2011-07-17 01:00 -------- d-----w- c:\users\Chris\AppData\Roaming\CyberLink
2011-07-16 00:30 . 2011-07-17 17:24 -------- d-----w- C:\Casino
2011-07-14 01:51 . 2011-07-14 02:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-07-14 01:51 . 2011-07-14 01:59 -------- d-----w- c:\program files\Symantec
2011-07-14 01:51 . 2011-07-14 01:59 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-14 01:51 . 2011-07-14 02:02 -------- d-----w- c:\windows\system32\drivers\NIS
2011-07-14 01:51 . 2011-07-14 01:51 -------- d-----w- c:\program files\Norton Internet Security
2011-07-14 01:51 . 2011-07-14 01:51 -------- d-----w- c:\program files\NortonInstaller
2011-07-14 00:41 . 2011-07-14 00:41 -------- d-----w- c:\program files\CCleaner
2011-07-14 00:35 . 2011-07-14 00:35 -------- d-----w- c:\users\Chris\AppData\Local\GoTrusted.com
2011-07-14 00:34 . 2011-07-14 00:34 -------- d-----w- c:\program files\GoTrusted.com
2011-07-13 19:02 . 2011-07-19 03:30 -------- d-----w- c:\users\Chris\AppData\Local\CrashDumps
2011-07-13 18:02 . 2011-07-18 04:27 -------- d-----w- c:\users\Chris\AppData\Local\NPE
2011-07-13 17:10 . 2011-07-13 17:10 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2011-07-13 17:09 . 2011-07-13 17:09 -------- d-----w- c:\program files\VideoLAN
2011-07-13 15:54 . 2011-07-13 15:54 -------- d-----w- c:\windows\PRIndex
2011-07-13 15:54 . 2011-07-13 15:54 -------- d-----w- c:\users\Chris\AppData\Roaming\NewspaperDirect
2011-07-13 08:58 . 2011-07-20 01:58 -------- d-----w- c:\program files\PeerBlock
2011-07-13 08:56 . 2011-07-20 01:09 -------- d-----w- c:\program files\uTorrent
2011-07-13 08:56 . 2011-07-20 01:58 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2011-07-13 08:56 . 2011-07-13 08:56 -------- d-----w- c:\users\Chris\AppData\Local\uTorrent
2011-07-13 08:44 . 2011-07-13 08:44 -------- d-----w- c:\program files\ESET
2011-07-12 23:51 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-12 23:45 . 2011-07-12 23:45 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla
2011-07-12 23:45 . 2011-07-12 23:45 -------- d-----w- c:\program files\Common Files\xing shared
2011-07-12 23:44 . 2011-07-12 23:44 -------- d-----w- c:\program files\real
2011-07-12 23:40 . 2011-07-12 23:40 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2011-07-12 23:39 . 2011-07-12 23:39 -------- d-----w- c:\programdata\Malwarebytes
2011-07-12 23:39 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-12 23:39 . 2011-07-17 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-12 23:39 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-12 23:38 . 2011-07-12 23:38 -------- d-----w- c:\users\Chris\AppData\Local\Secunia PSI
2011-07-12 23:37 . 2011-07-12 23:37 -------- d-----w- c:\program files\Secunia
2011-07-12 23:36 . 2011-07-12 23:36 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-12 23:34 . 2011-07-12 23:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-07-12 23:34 . 2011-07-12 23:35 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
2011-07-12 23:32 . 2011-07-13 00:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 23:24 . 2011-07-12 23:24 -------- d-----w- c:\program files\Common Files\Java
2011-07-12 23:24 . 2011-05-04 03:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-12 23:01 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-07-12 23:01 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-07-12 22:59 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-12 22:58 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-12 22:55 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-12 22:55 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-12 22:55 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 22:53 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-07-12 22:53 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-07-12 22:53 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-12 22:53 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-12 22:53 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 22:53 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 22:43 . 2011-07-12 22:43 -------- d-----w- c:\programdata\Symantec
2011-07-12 22:43 . 2011-07-14 01:51 -------- d-----w- c:\programdata\Norton
2011-07-12 22:37 . 2011-07-12 22:37 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 17:19 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-12 23:44 . 2008-10-23 12:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-12 23:44 . 2008-10-23 12:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-13 15:03 . 2011-05-13 15:03 49016 ----a-w- c:\windows\system32\sirenacm.dll
2011-07-08 07:31 . 2011-07-12 23:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"GoTrusted"="c:\program files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.0.5\GoTrusted Secure Tunnel.exe" [2011-04-12 188488]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-12 273544]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\MOSUMAC.SYS [2009-12-10 43520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [2011-06-30 810616]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110716.031\IDSvix86.sys [2011-07-13 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-14 105592]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys [2008-03-18 20480]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 87184967
*NewlyCreated* - MODEM
*Deregistered* - 87184967
*Deregistered* - pbfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.visagecomputers.co.uk/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3co3mo8b.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-20 03:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
Completion time: 2011-07-20 03:07:27
ComboFix-quarantined-files.txt 2011-07-20 02:07
.
Pre-Run: 184,649,793,536 bytes free
Post-Run: 184,620,732,416 bytes free
.
- - End Of File - - C2C55E7AF98010694BD2811C3B3B4CBC

 

[Peoplezz]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 20/07/2011 at 3:09:38.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 20/07/2011 at 3:09:43.

 

[Broni]

Looks clean.

What happens when you try to run MBAM?

 

[Peoplezz]

IT stops responding but then eventually works after a while

 

[Broni]

Run FULL scan with MBAM.

 

[Peoplezz]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7207

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20/07/2011 04:17:22
mbam-log-2011-07-20 (04-17-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 225333
Time elapsed: 25 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

Well....

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.