Unauthorized bank card charges - Possible virius/spyware

Solved
By logangb345
Sep 13, 2010
Topic Status:
Not open for further replies.
  1. This past Thursday, I had two un-authorized charges to my bank account. The privious night I had a virius quarantined which I deleted immediately. I think that something may have happened and it wasn't fully deleted, or deleted too late (I'm not sure how that sort of thing works, so I can't be certain).

    My bank has taken care of the charges so that's not an issue any longer, I just want to be certain that whatever it was that stole my bank account number is gone. I have also found multiple iexplore.exe processes in my task manager that I heard wasn't a good thing. I scanned past threads about this, but I knew the situations weren't identical to mine and weren't necessarily on Vista. I wanted to post my own dilemma instead of using what they did in case it messed up my system even more.

    I have the logs of the "8-step Viruses/Spyware/Malware Preliminary Removal Instructions" if it's helpful to have them.

    Thanks to anyone willing to help with expert knowledge in this area,
    Logan
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, post your logs...
  3. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4602

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    9/12/2010 8:51:11 PM
    mbam-log-2010-09-12 (20-51-11).txt

    Scan type: Quick scan
    Objects scanned: 138039
    Time elapsed: 11 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    For some reason, the GMER file didn't have anything saved in it. I will re-do the scan and post the log then.



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/19/2009 3:35:30 AM
    System Uptime: 9/12/2010 8:16:08 PM (2 hours ago)

    Motherboard: Dell Inc. | | 0P792H
    Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | U2E1 | 1200/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 283 GiB total, 194.931 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 5.734 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    Acrobat.com
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Acrobat 9.3.4 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.4
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    Banctec Service Agreement
    Byki
    Byki Express
    Compatibility Pack for the 2007 Office system
    Dell-eBay
    Dell DataSafe Local Backup
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Video Chat
    Dell Webcam Central
    Download Updater (AOL LLC)
    GIMP 2.7.0
    Google Earth Plug-in
    Google SketchUp 7
    Google Update Helper
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ITECIR
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    kSolo Recorder
    LG USB Modem driver
    LimeWire 5.4.6
    Live! Cam Avatar Creator
    Malwarebytes' Anti-Malware
    Microsoft Age of Empires II
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.6.2)
    MSN Toolbar
    MSVCRT
    Musicnotes Software Suite 1.1
    Picasa 3
    PowerDVD DX
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Sibelius 6.1.0.3 Demo
    Sibelius Scorch (ActiveX Only)
    Sound Blaster X-Fi MB
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    V CAST Music with Rhapsody
    Viewpoint Media Player
    W Photo Studio
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer

    ==== End Of File ===========================
  4. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Logan at 22:30:46.75 on Sun 09/12/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6102.4057 [GMT -6:00]

    AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conime.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Logan\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.swagbucks.com/
    uDefault_Page_URL = hxxp://www.msn.com
    mLocal Page = c:\windows\syswow64\blank.htm
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.1203.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.1203.0\msneshellx.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
    mRun: [VolPanel] "c:\program files (x86)\creative\sb x-fi mb\volume panel\VolPanlu.exe" /r
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
    mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    mRunOnce: [Launcher] "c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent
    mRunOnce: [DellDatasafeLauncher] "c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe"
    StartupFolder: c:\users\logan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\users\logan\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files (x86)\limewire\LimeWire.exe
    StartupFolder: c:\users\logan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
    BHO-X64: Windows Live Family Safety Browser Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
    mRun-x64: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
    mRun-x64: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry
    mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\logan\appdata\roaming\mozilla\firefox\profiles\709xzgps.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\ksolo\npAVX.dll
    FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files (x86)\musicnotes\npmusicn.dll
    FF - plugin: c:\program files (x86)\musicnotes\NPSibelius.dll
    FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
  5. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-8-19 53488]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-10-3 192528]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-8-19 89600]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-7-13 42000]
    R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-10-3 277008]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2009-8-28 24652]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-19 172032]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-19 126464]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-8-19 59392]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-8-19 239104]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-8-19 4735488]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 159840]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 319840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-17 136176]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-8-19 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-8-19 79360]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-2 61280]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
    S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\common files\creative labs shared\service\XMBLicensing.exe [2009-8-19 79360]
    S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-8-28 587696]
    S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-8-28 854280]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

    ============== File Associations ===============

    JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2010-09-13 02:37:48 0 d-----w- c:\users\logan\appdata\roaming\Malwarebytes
    2010-09-13 02:37:12 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-13 02:37:12 0 d-----w- c:\programdata\Malwarebytes
    2010-09-13 02:37:12 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-09-13 02:15:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2010-08-21 14:29:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

    ==================== Find3M ====================

    2010-08-10 05:57:13 5659925 ----a-w- c:\windows\fonts\HDZB.TTF
    2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-23 23:29:41 82752 ----a-w- c:\windows\fonts\OPUSC___.TTF
    2010-07-23 23:29:41 66688 ----a-w- c:\windows\fonts\OPUSCS__.TTF
    2010-07-23 23:29:41 32608 ----a-w- c:\windows\fonts\INK2TEXT.TTF
    2010-07-23 23:29:41 27896 ----a-w- c:\windows\fonts\OPUS____.TTF
    2010-07-23 23:29:39 79336 ----a-w- c:\windows\fonts\INK2SCRI.TTF
    2010-07-23 23:29:38 30900 ----a-w- c:\windows\fonts\HELST___.TTF
    2010-07-23 23:29:38 15116 ----a-w- c:\windows\fonts\INK2METR.TTF
    2010-07-23 23:29:38 14396 ----a-w- c:\windows\fonts\HELSM___.TTF
    2010-07-23 23:29:38 106220 ----a-w- c:\windows\fonts\INK2CHOR.TTF
    2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
    2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
    2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
    2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
    2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
    2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
    2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
    2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
    2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2010-06-21 14:05:22 2752000 ----a-w- c:\windows\system32\win32k.sys
    2010-06-18 17:48:21 50688 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-18 17:31:29 36864 ----a-w- c:\windows\syswow64\rtutils.dll
    2009-12-08 10:19:50 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-12-08 10:19:50 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-12-08 10:19:50 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-12-08 10:19:50 143360 ----a-w- c:\windows\inf\infstrng.dat
    2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
    2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-08-19 15:37:56 75 --sh--r- c:\windows\CT4CET.bin
    2010-02-10 05:20:34 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-10-14 09:18:23 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-08-19 17:07:56 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 22:31:09.52 ===============
  6. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    I ran GMER again and still had no information saved in the file.
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    That's fine....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    Thank you for the fast responses!

    I can't run Combofix. I tried downloading from both links. I try to run the program, but I get a message that says "Incompatible OS." and something about only working with Windows 2000 and XP.

    Here's the MBRCheck:



    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Studio 1737
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 156):
    0x01C60000 \SystemRoot\system32\ntoskrnl.exe
    0x01C1A000 \SystemRoot\system32\hal.dll
    0x00603000 \SystemRoot\system32\kdcom.dll
    0x0060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00648000 \SystemRoot\system32\PSHED.dll
    0x0065C000 \SystemRoot\system32\CLFS.SYS
    0x006B9000 \SystemRoot\system32\CI.dll
    0x00807000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E1000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008EF000 \SystemRoot\system32\drivers\acpi.sys
    0x00945000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094E000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00958000 \SystemRoot\system32\drivers\pci.sys
    0x00988000 \SystemRoot\System32\drivers\partmgr.sys
    0x0099D000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x009A1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009AD000 \SystemRoot\system32\drivers\volmgr.sys
    0x0076B000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009C1000 \SystemRoot\System32\drivers\mountmgr.sys
    0x009D4000 \SystemRoot\system32\drivers\atapi.sys
    0x009DC000 \SystemRoot\system32\drivers\ataport.SYS
    0x007D1000 \SystemRoot\system32\drivers\msahci.sys
    0x007DB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00A0A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00A51000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00A65000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x00A71000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x00C06000 \SystemRoot\system32\drivers\ndis.sys
    0x00AF8000 \SystemRoot\system32\drivers\msrpc.sys
    0x00B48000 \SystemRoot\system32\drivers\NETIO.SYS
    0x00E06000 \SystemRoot\System32\drivers\tcpip.sys
    0x00F7C000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0100F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
    0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
    0x011DB000 \SystemRoot\System32\Drivers\mup.sys
    0x00FA8000 \SystemRoot\System32\drivers\ecache.sys
    0x00FD4000 \SystemRoot\system32\drivers\disk.sys
    0x00DC9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x011ED000 \SystemRoot\system32\drivers\crcdisk.sys
    0x00BA1000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x011F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x02001000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x0280E000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x028F1000 \SystemRoot\System32\drivers\watchdog.sys
    0x02901000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0290D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02953000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x02C02000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
    0x03091000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
    0x030D0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x030E2000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x030F2000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x03112000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x03127000 \SystemRoot\system32\DRIVERS\rimspx64.sys
    0x0313E000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
    0x03195000 \SystemRoot\system32\DRIVERS\itecir.sys
    0x02AED000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x031F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x02B03000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x02B40000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02B4C000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02B68000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x02B75000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x02B88000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x02B91000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x02B96000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x02964000 \SystemRoot\system32\DRIVERS\storport.sys
    0x02BCF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02BDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x029C1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x029CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x027AB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x027BB000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x027D9000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x00BAE000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x031FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x00BC1000 \SystemRoot\system32\DRIVERS\ks.sys
    0x007EB000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x02800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x0320C000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0321C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03264000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x03278000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x032F1000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x0332C000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x0334F000 \SystemRoot\system32\drivers\ksthunk.sys
    0x03355000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x03379000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x03384000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x03396000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0339E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x033A9000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x033B4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x033BE000 \SystemRoot\System32\Drivers\Null.SYS
    0x033C7000 \SystemRoot\System32\drivers\vga.sys
    0x033D5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x03200000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x027F1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x00DF5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x07008000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x07019000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x07022000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0703F000 \SystemRoot\system32\DRIVERS\smb.sys
    0x0705A000 \SystemRoot\system32\drivers\afd.sys
    0x070C5000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x07109000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x07127000 \SystemRoot\system32\DRIVERS\tmlwf.sys
    0x0715A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x07169000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x07184000 \SystemRoot\system32\DRIVERS\tmtdi.sys
    0x0719A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x071E7000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x07206000 \SystemRoot\System32\Drivers\dfsc.sys
    0x07223000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0722C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0722E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0724A000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
    0x07299000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
    0x072C1000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
    0x072EB000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x072F9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x07305000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x0730F000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0731B000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x004C0000 \SystemRoot\System32\TSDDD.dll
    0x00690000 \SystemRoot\System32\cdd.dll
    0x008F0000 \SystemRoot\System32\ATMFD.DLL
    0x0732E000 \SystemRoot\system32\drivers\luafv.sys
    0x07350000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
    0x18A09000 \SystemRoot\system32\DRIVERS\vsapint.sys
    0x0735F000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
    0x19208000 \SystemRoot\system32\drivers\spsys.sys
    0x192A2000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x192B6000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x192EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x192F5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x1930D000 \SystemRoot\system32\drivers\HTTP.sys
    0x193B0000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x193D9000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x073B6000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x073D0000 \SystemRoot\system32\drivers\mrxdav.sys
    0x19601000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x1962A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x19673000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x19692000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x196C4000 \SystemRoot\System32\DRIVERS\srv.sys
    0x19C06000 \SystemRoot\system32\drivers\peauth.sys
    0x19CBC000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x19CC7000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x19CFC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x1A003000 \SystemRoot\system32\DRIVERS\tmwfp.sys
    0x1A1B3000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x771C0000 \Windows\System32\ntdll.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    488 C:\Windows\System32\smss.exe
    556 csrss.exe
    592 C:\Windows\System32\wininit.exe
    612 csrss.exe
    648 C:\Windows\System32\services.exe
    668 C:\Windows\System32\lsass.exe
    676 C:\Windows\System32\lsm.exe
    776 C:\Windows\System32\winlogon.exe
    848 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    376 C:\Windows\System32\svchost.exe
    512 C:\Windows\System32\svchost.exe
    548 C:\Windows\System32\svchost.exe
    672 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
    1056 C:\Windows\System32\audiodg.exe
    1092 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1132 C:\Windows\System32\svchost.exe
    1152 C:\Windows\System32\SLsvc.exe
    1200 C:\Windows\System32\svchost.exe
    1324 C:\Program Files\Dell\DellDock\DockLogin.exe
    1416 C:\Windows\System32\svchost.exe
    1592 C:\Windows\System32\spoolsv.exe
    1616 C:\Windows\System32\svchost.exe
    1792 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    1828 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1852 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1180 C:\Windows\System32\svchost.exe
    832 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2108 C:\Windows\System32\svchost.exe
    2360 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
    2380 C:\Windows\System32\svchost.exe
    2396 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2428 C:\Windows\System32\SearchIndexer.exe
    2800 C:\Windows\System32\taskeng.exe
    2856 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3032 C:\Windows\System32\taskeng.exe
    3060 C:\Windows\System32\dwm.exe
    2388 C:\Windows\explorer.exe
    1392 C:\Program Files\Windows Defender\MSASCui.exe
    2676 C:\Program Files\DellTPad\Apoint.exe
    2652 C:\Windows\System32\hkcmd.exe
    2684 C:\Windows\System32\igfxpers.exe
    2696 C:\Windows\System32\rundll32.exe
    2952 C:\Program Files\IDT\WDM\sttray64.exe
    3092 C:\Program Files\Windows Sidebar\sidebar.exe
    3116 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    3136 C:\Windows\ehome\ehtray.exe
    3164 C:\Program Files\Dell\QuickSet\quickset.exe
    3184 C:\Program Files\Dell\DellDock\DellDock.exe
    3192 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    3208 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    3216 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    3224 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    3232 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
    3248 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    3260 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3276 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3296 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3580 C:\Windows\ehome\ehmsas.exe
    3604 C:\Windows\System32\wbem\unsecapp.exe
    3684 WmiPrvSE.exe
    3904 C:\Program Files\iPod\bin\iPodService.exe
    524 C:\Windows\System32\igfxsrvc.exe
    4244 C:\Program Files\DellTPad\ApMsgFwd.exe
    4352 C:\Program Files\DellTPad\hidfind.exe
    4388 WmiPrvSE.exe
    4608 C:\Program Files\DellTPad\ApntEx.exe
    4724 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    4876 C:\Windows\System32\conime.exe
    4524 C:\Windows\System32\wbem\WMIADAP.exe
    2076 C:\Users\Logan\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c4f00000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC4FC

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I'm sorry, my fault. Combofix won't run on 64-bit system.

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):

    • Close browsers before scanning.
      Scan for tracking cookies.
      Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.

    • Click Preferences, then click the Statistics/Logs tab.
      Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    =======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    Well, this seemed to make everything a little bit faster, I think...

    Thanks again for all your help!

    Attached Files:

  11. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    Here is the OTL file:

    Attached Files:

    • OTL.Txt
      File size:
      101.8 KB
      Views:
      1
  12. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    And the Extras file:

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\Run: []  File not found
      O4 - Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O20:[b]64bit:[/b] - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
      O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
      O33 - MountPoints2\{03d19f7e-b5a8-11de-83b5-002219f874b7}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
      O33 - MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\Shell - "" = AutoRun
      O33 - MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\Shell - "" = AutoRun
      O33 - MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe -- File not found
      O33 - MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\Shell - "" = AutoRun
      O33 - MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
      @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:73CF0D7D
      @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:FAFEC4B9
      @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5C90B77C
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  14. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    I can't believe how much faster my computer is running now! Thanks!

    Here's the OTL log:
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
    File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
    File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
    File move failed. C:\Windows\SysNative\igfxdev.dll scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d19f7e-b5a8-11de-83b5-002219f874b7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03d19f7e-b5a8-11de-83b5-002219f874b7}\ not found.
    File F:\setupSNK.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03d19f83-b5a8-11de-83b5-002219f874b7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d19f83-b5a8-11de-83b5-002219f874b7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03d19f83-b5a8-11de-83b5-002219f874b7}\ not found.
    File G:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe510-9449-11de-b4be-002219f874b7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe510-9449-11de-b4be-002219f874b7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe510-9449-11de-b4be-002219f874b7}\ not found.
    File F:\VZAccess_Manager.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe6e7-9449-11de-b4be-002219f874b7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da1fe6e7-9449-11de-b4be-002219f874b7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da1fe6e7-9449-11de-b4be-002219f874b7}\ not found.
    File F:\LaunchU3.exe not found.
    ADS C:\ProgramData\TEMP:73CF0D7D deleted successfully.
    ADS C:\ProgramData\TEMP:FAFEC4B9 deleted successfully.
    ADS C:\ProgramData\TEMP:5C90B77C deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Logan
    ->Temp folder emptied: 5312173 bytes
    ->Temporary Internet Files folder emptied: 65353659 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 53459939 bytes
    ->Flash cache emptied: 2843 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2437310 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 4581083 bytes

    Total Files Cleaned = 125.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Logan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.12.0 log created on 09142010_194033

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\SysNative\igfxdev.dll scheduled to be moved on reboot.
    C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JVPWQGPQ\topic153264[1].html moved successfully.
    C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78UCW9UN\ads[1].htm moved successfully.
    C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3QDT4LOZ\sh23[1].html moved successfully.
    C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...



    Security Check log:
    Results of screen317's Security Check version 0.99.5
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player 10.0.32.18
    Adobe Reader 8.1.4
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.2) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSASCui.exe
    Windows Defender MSASCui.exe
    Trend Micro Internet Security SfCtlCom.exe
    Trend Micro BM TMBMSRV.exe
    Trend Micro Internet Security UfSeAgnt.exe
    TRENDM~1 INTERN~1 TmPfw.exe
    Trend Micro Internet Security TmProxy.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I'm glad to hear good news :)
  16. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    I couldn't finish the Kaspersky thing. It finished the Program Download and Update, but when it tries to do the Database Update it gets to about 14% and gives me this message:

    Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Connection to updates source cannot be established]
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  18. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    Ok that worked.

    Here is the log:

    C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application
    C:\Users\Logan\AppData\Roaming\Desktopicon\eBayShortcuts.exe a variant of Win32/Adware.ADON application
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe 
      C:\Users\Logan\AppData\Roaming\Desktopicon\eBayShortcuts.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    1. Update Firefox.

    2. Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    ========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 2!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
  20. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    OTL log:

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe moved successfully.
    C:\Users\Logan\AppData\Roaming\Desktopicon\eBayShortcuts.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Logan
    ->Temp folder emptied: 63343067 bytes
    ->Temporary Internet Files folder emptied: 46991764 bytes
    ->Java cache emptied: 128101 bytes
    ->FireFox cache emptied: 13240255 bytes
    ->Flash cache emptied: 1957 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49632 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 118.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Logan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.12.0 log created on 09142010_225154

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Logan\AppData\Local\Temp\Low\hsperfdata_Logan\4032 not found!

    Registry entries deleted on Reboot...
  21. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    So far, my computer is in great shape!

    I have just one more question for you: My Trend Micro Internet Security is going to expire November 27 and I don't really want to pay to renew it if there is something else I can use that works just as good (if not better). So, what combination of programs should I use for my all of my security?

    Thank you so much for all of your help with everything! I can't thank you enough!
  22. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    Another thing, I can't view PDF files now. I get this message when I try:

    "The Adobe Acrobat/Reader that is running can not be used to view PDF files in a Web Browser.
    Adobe Acrobat/Reader version 8 or 9 is required. Please exit and try again."
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Very good :)

    Trend Micro alternatives...

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

    - free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
    NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

    If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
    If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.


    As for PDF files, I strongly suggest, you switch to FoxIt (reply #19).
  24. logangb345

    logangb345 Newcomer, in training Topic Starter Posts: 19

    Ok cool. Now, I know you mentioned using Malwarebytes, TFC, and Secunia regularly; should I also continue to use SUPERAntiSpyware?

    The only reason I didn't install FoxIt is because I don't really use Firefox ever. Will it work with IE?
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Superantispyware is an excellent program.
    If you have time to run MBAM and Super once in a while, that's even better.

    You can have as many browsers, as you want.
    Having at least two is a very good idea, just in case you need to do some troubleshooting.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.