Attached Files
-
Attach.txt 11.37KB
740 downloads
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] Trojan.Script.Iframer possible infection
Started by
stargazercece
, Oct 11 2009 06:36 PM
-
This topic is locked
15 replies to this topic
#1
stargazercece
-
- Authentic Member
-
- 31 posts
Authentic Member
Posted 11 October 2009 - 06:36 PM
Register to Remove
#2
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 12 October 2009 - 11:23 AM
Hello stargazercece,
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.
I am checking over your logs now, I will post back shortly with instructions.
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.
I am checking over your logs now, I will post back shortly with instructions.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#3
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 12 October 2009 - 06:16 PM
Hello stargazercece,
the Trojan.Script.Iframer and your Kaspersky protection acted properly. You can read more about it here
But I would like to dig a bit deeper to be sure we aren't missing anything.
- - - - - Next - - - - -
Please download Sysprot Antirootkit from here
Unzip it into a folder on your desktop.
On your next post please provide the following:
- You may want to print out these instructions for reference prior to proceeding.
- This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
- If you have any questions, or are uncertain about any steps please ask 'before' proceeding.
It appears that the page you were attempting to view was infected withTrojan.Script.Iframer - and to cancel the page. I did but my IE is acting strange. Some scripts on the page aren't working and my add-ons will not work either.
On kaspersky it says that the virus threat is detected but I'm worried my machine might have still gotten it.
the Trojan.Script.Iframer and your Kaspersky protection acted properly. You can read more about it here
But I would like to dig a bit deeper to be sure we aren't missing anything.
- - - - - Next - - - - -
Please download Sysprot Antirootkit from here
Unzip it into a folder on your desktop.
- Right click Sysprot.exe and select "Run as Administrator" to start the program.
- Click on the Log tab.
- In the Write to log box select all items.
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to.
- Open the text file and copy/paste the log here.
On your next post please provide the following:
- Sysprot log
- Tell me how your computer is running at the moment.
Edited by OCD, 12 October 2009 - 06:22 PM.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#4
stargazercece
-
- Authentic Member
-
- 31 posts
Authentic Member
Posted 13 October 2009 - 08:48 PM
I am able to turn on my add-on but the scripts aren't working. For example when I go to any site certain pictures and links do not show up and I have the WOT add-on and I can't see the circles that appear by links or the whole settings page. And on my vista desktop the slide-show and the feeds gadget aren't showing properly. Also a lot of free space on my C drive disappeared (so things are running slow) the same time this virus showed up. Could everything be tied together?
Here's the log:
SysProt AntiRootkit v1.0.1.0
by swatkat
********************************************************************************
**********
********************************************************************************
**********
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: D:\Windows\System32\smss.exe
PID: 508
Hidden: No
Window Visible: No
Name: D:\Windows\System32\csrss.exe
PID: 640
Hidden: No
Window Visible: No
Name: D:\Windows\System32\wininit.exe
PID: 692
Hidden: No
Window Visible: No
Name: D:\Windows\System32\csrss.exe
PID: 700
Hidden: No
Window Visible: No
Name: D:\Windows\System32\services.exe
PID: 744
Hidden: No
Window Visible: No
Name: D:\Windows\System32\lsass.exe
PID: 756
Hidden: No
Window Visible: No
Name: D:\Windows\System32\lsm.exe
PID: 764
Hidden: No
Window Visible: No
Name: D:\Windows\System32\winlogon.exe
PID: 888
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 972
Hidden: No
Window Visible: No
Name: D:\Windows\System32\nvvsvc.exe
PID: 1024
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1064
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1112
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1200
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1292
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1336
Hidden: No
Window Visible: No
Name: D:\Windows\System32\audiodg.exe
PID: 1416
Hidden: No
Window Visible: No
Name: D:\Windows\System32\SLsvc.exe
PID: 1456
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1532
Hidden: No
Window Visible: No
Name: D:\Windows\System32\rundll32.exe
PID: 1648
Hidden: No
Window Visible: No
Name: D:\Windows\System32\wlanext.exe
PID: 1852
Hidden: No
Window Visible: No
Name: D:\Windows\System32\spoolsv.exe
PID: 1952
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1996
Hidden: No
Window Visible: No
Name: D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PID: 760
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1120
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 1768
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 2840
Hidden: No
Window Visible: No
Name: D:\Windows\System32\svchost.exe
PID: 2976
Hidden: No
Window Visible: No
Name: D:\Windows\System32\SearchIndexer.exe
PID: 3040
Hidden: No
Window Visible: No
Name: D:\Windows\System32\taskeng.exe
PID: 3944
Hidden: No
Window Visible: No
Name: D:\Windows\System32\dwm.exe
PID: 2708
Hidden: No
Window Visible: Yes
Name: D:\Windows\explorer.exe
PID: 1244
Hidden: No
Window Visible: Yes
Name: D:\Program Files\Windows Defender\MSASCui.exe
PID: 3500
Hidden: No
Window Visible: No
Name: D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 3496
Hidden: No
Window Visible: No
Name: D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PID: 1424
Hidden: No
Window Visible: No
Name: D:\Windows\System32\rundll32.exe
PID: 3168
Hidden: No
Window Visible: No
Name: D:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 3324
Hidden: No
Window Visible: No
Name: D:\Windows\vsnp2uvc.exe
PID: 3692
Hidden: No
Window Visible: No
Name: D:\Program Files\Java\jre6\bin\jusched.exe
PID: 2692
Hidden: No
Window Visible: No
Name: D:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PID: 2212
Hidden: No
Window Visible: No
Name: D:\Program Files\Windows Sidebar\sidebar.exe
PID: 2364
Hidden: No
Window Visible: No
Name: D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3016
Hidden: No
Window Visible: No
Name: D:\Program Files\OpenOffice.org 3\program\soffice.exe
PID: 1232
Hidden: No
Window Visible: No
Name: D:\Program Files\OpenOffice.org 3\program\soffice.bin
PID: 3180
Hidden: No
Window Visible: No
Name: D:\Windows\System32\taskeng.exe
PID: 2276
Hidden: No
Window Visible: No
Name: D:\Program Files\Internet Explorer\ieuser.exe
PID: 3976
Hidden: No
Window Visible: No
Name: D:\Program Files\Internet Explorer\iexplore.exe
PID: 3892
Hidden: No
Window Visible: No
Name: D:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PID: 2568
Hidden: No
Window Visible: No
Name: D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PID: 1520
Hidden: No
Window Visible: No
Name: D:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PID: 1680
Hidden: No
Window Visible: No
Name: D:\Program Files\Mozilla Firefox\firefox.exe
PID: 548
Hidden: No
Window Visible: No
Name: D:\Users\Cece_Phoenix\Desktop\Downloads\SysProt\SysProt.exe
PID: 4372
Hidden: No
Window Visible: No
Name: D:\Windows\System32\mobsync.exe
PID: 5320
Hidden: No
Window Visible: No
Name: D:\Users\Cece_Phoenix\Desktop\Downloads\SysProt\SysProt.exe
PID: 5952
Hidden: No
Window Visible: Yes
Name: D:\Windows\System32\WerFault.exe
PID: 5888
Hidden: No
Window Visible: No
Name: D:\Windows\System32\SearchProtocolHost.exe
PID: 5440
Hidden: No
Window Visible: No
Name: D:\Windows\System32\SearchFilterHost.exe
PID: 5972
Hidden: No
Window Visible: No
********************************************************************************
**********
********************************************************************************
**********
Kernel Modules:
Module Name: \??\D:\Users\Cece_Phoenix\Desktop\Downloads\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A0DCE000
Module End: A0DD9000
Hidden: No
Module Name: D:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8241C000
Module End: 827D5000
Hidden: No
Module Name: D:\Windows\system32\hal.dll
Service Name: ---
Module Base: 827D5000
Module End: 82808000
Hidden: No
Module Name: D:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80600000
Module End: 80608000
Hidden: No
Module Name: D:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80608000
Module End: 80619000
Hidden: No
Module Name: D:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80619000
Module End: 80621000
Hidden: No
Module Name: D:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 80621000
Module End: 80662000
Hidden: No
Module Name: D:\Windows\system32\CI.dll
Service Name: ---
Module Base: 80662000
Module End: 80742000
Hidden: No
Module Name: D:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80742000
Module End: 807BE000
Hidden: No
Module Name: D:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 807BE000
Module End: 807CB000
Hidden: No
Module Name: D:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 82A01000
Module End: 82A47000
Hidden: No
Module Name: D:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 82A47000
Module End: 82A50000
Hidden: No
Module Name: D:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 82A50000
Module End: 82A58000
Hidden: No
Module Name: D:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 82A58000
Module End: 82A7F000
Hidden: No
Module Name: D:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 82A7F000
Module End: 82A8E000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 82A8E000
Module End: 82A91000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 82A91000
Module End: 82A9B000
Hidden: No
Module Name: D:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 82A9B000
Module End: 82AAA000
Hidden: No
Module Name: D:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 82AAA000
Module End: 82AF4000
Hidden: No
Module Name: D:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 82AF4000
Module End: 82AFB000
Hidden: No
Module Name: D:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 82AFB000
Module End: 82B09000
Hidden: No
Module Name: D:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 82B09000
Module End: 82B19000
Hidden: No
Module Name: D:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 82B19000
Module End: 82B21000
Hidden: No
Module Name: D:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 82B21000
Module End: 82B3F000
Hidden: No
Module Name: D:\Windows\system32\drivers\nvstor.sys
Service Name: nvstor
Module Base: 82B3F000
Module End: 82B4C000
Hidden: No
Module Name: D:\Windows\system32\drivers\storport.sys
Service Name: ---
Module Base: 82B4C000
Module End: 82B8D000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\nvstor32.sys
Service Name: nvstor32
Module Base: 82B8D000
Module End: 82BA7000
Hidden: No
Module Name: D:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 82BA7000
Module End: 82BD9000
Hidden: No
Module Name: D:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 82BD9000
Module End: 82BE9000
Hidden: No
Module Name: D:\Windows\system32\drivers\klbg.sys
Service Name: klbg
Module Base: 82BE9000
Module End: 82BF4000
Hidden: No
Module Name: D:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 82BF4000
Module End: 82BFD000
Hidden: No
Module Name: D:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 87E07000
Module End: 87E78000
Hidden: No
Module Name: D:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 87E78000
Module End: 87F83000
Hidden: No
Module Name: D:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 87FAE000
Module End: 87FE8000
Hidden: No
Module Name: D:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8800E000
Module End: 880F7000
Hidden: No
Module Name: D:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 880F7000
Module End: 88112000
Hidden: No
Module Name: D:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8820A000
Module End: 88319000
Hidden: No
Module Name: D:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 88319000
Module End: 88352000
Hidden: No
Module Name: D:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 88352000
Module End: 8835A000
Hidden: No
Module Name: D:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8835A000
Module End: 88369000
Hidden: No
Module Name: D:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 88369000
Module End: 88390000
Hidden: No
Module Name: D:\Windows\System32\DRIVERS\fvevol.sys
Service Name: fvevol
Module Base: 88390000
Module End: 883B4000
Hidden: No
Module Name: D:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 883B4000
Module End: 883C5000
Hidden: No
Module Name: D:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 883C5000
Module End: 883E6000
Hidden: No
Module Name: D:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 883E6000
Module End: 883EF000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8813D000
Module End: 88148000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 88148000
Module End: 88151000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 88151000
Module End: 88161000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 883FC000
Module End: 88400000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\cpqbttn.sys
Service Name: HBtnKey
Module Base: 88161000
Module End: 88164000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 88164000
Module End: 88174000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 88174000
Module End: 8817B000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 8817B000
Module End: 88184000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XV
Module Base: 8D60A000
Module End: 8D752000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8D80D000
Module End: 8DF4F000
Hidden: No
Module Name: D:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8DF4F000
Module End: 8DFEE000
Hidden: No
Module Name: D:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8DFEE000
Module End: 8DFFB000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\nvsmu.sys
Service Name: nvsmu
Module Base: 8DFFB000
Module End: 8DFFE000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8D800000
Module End: 8D80A000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8D752000
Module End: 8D790000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8D790000
Module End: 8D79F000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8D79F000
Module End: 8D7B7000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8D7B7000
Module End: 8D7C7000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8D7C7000
Module End: 8D7D5000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 8D7D5000
Module End: 8D7EF000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 8D7EF000
Module End: 8D7FD000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 88184000
Module End: 88198000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 88198000
Module End: 881E9000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 881E9000
Module End: 881FB000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\nvmfdx32.sys
Service Name: NVENETFD
Module Base: 8E006000
Module End: 8E106000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8E106000
Module End: 8E119000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8E119000
Module End: 8E124000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\klmouflt.sys
Service Name: klmouflt
Module Base: 8E124000
Module End: 8E12D000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8E12D000
Module End: 8E138000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8E138000
Module End: 8E166000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8E166000
Module End: 8E171000
Hidden: No
Module Name: D:\Windows\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: 8E171000
Module End: 8E179000
Hidden: No
Module Name: D:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8E179000
Module End: 8E186000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8E186000
Module End: 8E19D000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8E19D000
Module End: 8E1A8000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8E1A8000
Module End: 8E1CB000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8E1CB000
Module End: 8E1DA000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8E1DA000
Module End: 8E1EE000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 87FE8000
Module End: 87FFD000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\RimSerial.sys
Service Name: RimVSerPort
Module Base: 8E1EE000
Module End: 8E1F5000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: 8E409000
Module End: 8E492000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8E492000
Module End: 8E4A2000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8E4A2000
Module End: 8E4A4000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8E4A4000
Module End: 8E4CE000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8E4CE000
Module End: 8E4D8000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8E4D8000
Module End: 8E4E5000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8E4E5000
Module End: 8E4EE000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8E4EE000
Module End: 8E522000
Hidden: No
Module Name: D:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8E522000
Module End: 8E533000
Hidden: No
Module Name: D:\Windows\system32\drivers\HdAudio.sys
Service Name: HdAudAddService
Module Base: 8E533000
Module End: 8E572000
Hidden: No
Module Name: D:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8E572000
Module End: 8E59F000
Hidden: No
Module Name: D:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8E59F000
Module End: 8E5C4000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\VSTAZL3.SYS
Service Name: HSFHWAZL
Module Base: 8E5C4000
Module End: 8E600000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\VSTDPV3.SYS
Service Name: HSF_DPV
Module Base: 8E609000
Module End: 8E70D000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\VSTCNXT3.SYS
Service Name: winachsf
Module Base: 8E70D000
Module End: 8E7C0000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\klif.sys
Service Name: KLIF
Module Base: 8E80E000
Module End: 8E857000
Hidden: No
Module Name: D:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8E867000
Module End: 8E86E000
Hidden: No
Module Name: D:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8E86E000
Module End: 8E87A000
Hidden: No
Module Name: D:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8E87A000
Module End: 8E89B000
Hidden: No
Module Name: D:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8E89B000
Module End: 8E8A3000
Hidden: No
Module Name: D:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8E8A3000
Module End: 8E8AB000
Hidden: No
Module Name: D:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8E8B6000
Module End: 8E8C4000
Hidden: No
Module Name: D:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8E8C4000
Module End: 8E8CD000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8E8CD000
Module End: 8E8E3000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8E8E3000
Module End: 8E8F7000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\kl1.sys
Service Name: kl1
Module Base: 8EA02000
Module End: 8EF22000
Hidden: No
Module Name: D:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8EF22000
Module End: 8EF6A000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8EF6A000
Module End: 8EF81000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8EF81000
Module End: 8EF83000
Hidden: No
Module Name: D:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8EF83000
Module End: 8EFB5000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\snp2uvc.sys
Service Name: SNP2UVC
Module Base: 8F20B000
Module End: 8F55E000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\STREAM.SYS
Service Name: ---
Module Base: 8F55E000
Module End: 8F56B000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\sncduvc.SYS
Service Name: ---
Module Base: 8F56B000
Module End: 8F572000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8F572000
Module End: 8F588000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\klim6.sys
Service Name: KLIM6
Module Base: 8F588000
Module End: 8F58F000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8F58F000
Module End: 8F59D000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8F59D000
Module End: 8F5B0000
Hidden: No
Module Name: D:\Windows\System32\drivers\truecrypt.sys
Service Name: truecrypt
Module Base: 8F5B0000
Module End: 8F5E3000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8EFB5000
Module End: 8EFF1000
Hidden: No
Module Name: D:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8F5E3000
Module End: 8F5ED000
Hidden: No
Module Name: D:\Windows\system32\drivers\csc.sys
Service Name: CSC
Module Base: 8E8F7000
Module End: 8E951000
Hidden: No
Module Name: D:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8E951000
Module End: 8E968000
Hidden: No
Module Name: D:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8F5ED000
Module End: 8F5FA000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: 8F200000
Module End: 8F20A000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_nvstor32.sys
Service Name: ---
Module Base: 8E968000
Module End: 8E982000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 8E982000
Module End: 8E993000
Hidden: Yes
Module Name: D:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8EFF1000
Module End: 8EFFB000
Hidden: No
Module Name: D:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8E9A2000
Module End: 8E9BD000
Hidden: No
Module Name: D:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 9F602000
Module End: 9F6B1000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9F6B1000
Module End: 9F6C1000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9F6C1000
Module End: 9F6EB000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9F6EB000
Module End: 9F6F5000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9F6F5000
Module End: 9F708000
Hidden: No
Module Name: D:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9F708000
Module End: 9F773000
Hidden: No
Module Name: D:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9F773000
Module End: 9F790000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9F790000
Module End: 9F7A9000
Hidden: No
Module Name: D:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9F7A9000
Module End: 9F7BE000
Hidden: No
Module Name: D:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9F7BE000
Module End: 9F7DE000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9F7DE000
Module End: 9F7FD000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 8E9C5000
Module End: 8E9FE000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 8E7C0000
Module End: 8E7D8000
Hidden: No
Module Name: D:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 8E7D8000
Module End: 8E7FF000
Hidden: No
Module Name: D:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A0C08000
Module End: A0C54000
Hidden: No
Module Name: D:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A0C54000
Module End: A0D32000
Hidden: No
Module Name: D:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: A0D32000
Module End: A0D3C000
Hidden: No
Module Name: D:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: A0D3C000
Module End: A0D48000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: A0D48000
Module End: A0D5E000
Hidden: No
Module Name: D:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: A0D5E000
Module End: A0D6D000
Hidden: No
Module Name: D:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: A0D7F000
Module End: A0DA7000
Hidden: No
Module Name: D:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8E860000
Module End: 8E867000
Hidden: No
Module Name: D:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8E8AB000
Module End: 8E8B6000
Hidden: No
********************************************************************************
**********
********************************************************************************
**********
SSDT:
Function Name: ZwAlpcConnectPort
Address: 8E82CE06
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwAlpcCreatePort
Address: 8E82CF84
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwAlpcSendWaitReceivePort
Address: 8E82D014
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwClose
Address: 8E82BDF8
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwConnectPort
Address: 8E82C4EA
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreateEvent
Address: 8E82C816
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreateFile
Address: 8E82BF66
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreateMutant
Address: 8E82C6EE
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreateNamedPipeFile
Address: 8E82B9D2
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreatePort
Address: 8E82C5AA
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreateSection
Address: 8E82BB8C
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreateSemaphore
Address: 8E82C948
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwCreateWaitablePort
Address: 8E82C64C
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwFsControlFile
Address: 8E82C0C4
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwOpenEvent
Address: 8E82C8B8
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwOpenFile
Address: 8E82BE34
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwOpenMutant
Address: 8E82C786
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwOpenSection
Address: 8E82D45C
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwOpenSemaphore
Address: 8E82C9EA
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwQueryDirectoryObject
Address: 8E82D214
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwReplyPort
Address: 8E82CD74
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwReplyWaitReceivePort
Address: 8E82CC3A
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwSecureConnectPort
Address: 8E82C1F0
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
Function Name: ZwSetInformationToken
Address: 8E82D2C8
Driver Base: 8E80E000
Driver End: 8E857000
Driver Name: \SystemRoot\system32\DRIVERS\klif.sys
********************************************************************************
**********
********************************************************************************
**********
No Kernel Hooks found
********************************************************************************
**********
********************************************************************************
**********
No IRP Hooks found
********************************************************************************
**********
********************************************************************************
**********
Ports:
Local Address: CECE-PC.MYHOME.WESTELL.COM:55433
Remote Address: 65.55.25.60:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: CECE-PC.MYHOME.WESTELL.COM:55431
Remote Address: WER.MICROSOFT.COM:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: CECE-PC.MYHOME.WESTELL.COM:55429
Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: CECE-PC.MYHOME.WESTELL.COM:55427
Remote Address: WATSON.MICROSOFT.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: CECE-PC.MYHOME.WESTELL.COM:55425
Remote Address: 65.54.152.125:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: CECE-PC.MYHOME.WESTELL.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: CECE-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Windows\System32\services.exe
State: LISTENING
Local Address: CECE-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Windows\System32\lsass.exe
State: LISTENING
Local Address: CECE-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Windows\System32\svchost.exe
State: LISTENING
Local Address: CECE-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Windows\System32\svchost.exe
State: LISTENING
Local Address: CECE-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Windows\System32\wininit.exe
State: LISTENING
Local Address: CECE-PC:19780
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
State: LISTENING
Local Address: CECE-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: CECE-PC:NFSD-STATUS
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
State: LISTENING
Local Address: CECE-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: CECE-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: D:\Windows\System32\svchost.exe
State: LISTENING
Local Address: CECE-PC.MYHOME.WESTELL.COM:SSDP
Remote Address: NA
Type: UDP
Process: D:\Windows\System32\svchost.exe
State: NA
Local Address: CECE-PC.MYHOME.WESTELL.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: CECE-PC.MYHOME.WESTELL.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: CECE-PC:59767
Remote Address: NA
Type: UDP
Process: D:\Program Files\Windows Sidebar\sidebar.exe
State: NA
Local Address: CECE-PC:56429
Remote Address: NA
Type: UDP
Process: D:\Windows\System32\svchost.exe
State: NA
Local Address: CECE-PC:SSDP
Remote Address: NA
Type: UDP
Process: D:\Windows\System32\svchost.exe
State: NA
Local Address: CECE-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: D:\Windows\System32\svchost.exe
State: NA
Local Address: CECE-PC:500
Remote Address: NA
Type: UDP
Process: D:\Windows\System32\svchost.exe
State: NA
Local Address: CECE-PC:123
Remote Address: NA
Type: UDP
Process: D:\Windows\System32\svchost.exe
State: NA
********************************************************************************
**********
********************************************************************************
**********
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: D:\System Volume Information\SPP
Status: Access denied
Object: D:\System Volume Information\SystemRestore
Status: Access denied
Object: D:\System Volume Information\tracking.log
Status: Access denied
Object: D:\System Volume Information\_restore{A3A18297-422B-4257-8E7A-18B3BE2A92D0}
Status: Access denied
Object: D:\System Volume Information\{01897f7c-b2c3-11de-b631-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{063c0548-b46e-11de-b832-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{063c057e-b46e-11de-b832-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{5ed201df-b6f7-11de-ae0e-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{5ed201ed-b6f7-11de-ae0e-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{5ed20224-b6f7-11de-ae0e-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{5f20f613-b23a-11de-8161-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{690f814f-b69a-11de-83ea-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{a3a486eb-b191-11de-9dd6-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{a3a48724-b191-11de-9dd6-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{ed2c0e16-b3bc-11de-915d-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\System Volume Information\{ed2c0e42-b3bc-11de-915d-0016367d83e2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: D:\Users\Cece\Favorites\Jpopmusic.com • View topic - KAT-TUN - [Break the Records -by you & for you-] 29th Apr.url
Status: Hidden
Object: D:\Users\Cece_Phoenix\Favorites\Jpopmusic.com • View topic - KAT-TUN - [Break the Records -by you & for you-] 29th Apr.url
Status: Hidden
Object: D:\Windows\CSC\v2.0.6\namespace
Status: Access denied
Object: D:\Windows\CSC\v2.0.6\pq
Status: Access denied
Object: D:\Windows\CSC\v2.0.6\sm
Status: Access denied
Object: D:\Windows\CSC\v2.0.6\temp
Status: Access denied
Object: D:\Windows\CSC\v2.0.6
Status: Access denied
Object: D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl
Status: Access denied
Object: D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied
#5
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 14 October 2009 - 10:41 AM
Hi stargazercece,
Please update your Internet Explorer to Version 8 by going here and following the onscreen menu to select the correct version for your Operating System
If this solves your problem, skip the very next step and continue with the remainder of the steps.
- - - - - Next - - - - -
While browser add-ons can enhance your online experience, they can occasionally interfere or conflict with other software on your computer.
Try starting Internet Explorer without add-ons to see if the problem goes away. Here's how:
Click the Start button
, > > All Programs, > > Accessories, > > System Tools, and then click Internet Explorer (No Add-ons).
- - - - - Next - - - - -
Please download OTM by OldTimer.
- - - - - Next - - - - -
Run the following scan: Eset Online Scanner
(you will need Internet Explorer to run this scan)
You will need to run this scan with Administrator privileges:
On your next post please provide the following:
Please update your Internet Explorer to Version 8 by going here and following the onscreen menu to select the correct version for your Operating System
If this solves your problem, skip the very next step and continue with the remainder of the steps.
- - - - - Next - - - - -
While browser add-ons can enhance your online experience, they can occasionally interfere or conflict with other software on your computer.
Try starting Internet Explorer without add-ons to see if the problem goes away. Here's how:
Click the Start button
, > > All Programs, > > Accessories, > > System Tools, and then click Internet Explorer (No Add-ons).- - - - - Next - - - - -
Please download OTM by OldTimer.
- Save it to your desktop.
- Right - click OTM and select "Run as Administrator" to run this tool.
- Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
explorer.exe
:Services
0301941240878354mcinstcleanup
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"73F7F495-A325-4C52-BE48-5F97FA511E89"=-
[-HKEY_CLASSES_ROOT\CLSID\{73F7F495-A325-4C52-BE48-5F97FA511E89}]
[HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions]
"11316B13-33F0-4C9F-BD55-09994CCFA8EB"=-
:Files
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Return to OTM, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM
- - - - - Next - - - - -
Run the following scan: Eset Online Scanner
(you will need Internet Explorer to run this scan)
You will need to run this scan with Administrator privileges:
- Simply hit the button “Restart browser as Admin” in ESET Online Scanner or
- Right-click on the browser icon in the Start Menu and select "Run as administrator" from the context menu.
- Place a check mark in the box YES, I accept the Terms Of Use
- Click the Start button.
- Now click the Install button.
- Click Start. The scanner engine will initialize and update.
- Do Not place a check mark in the box beside Remove found threats.
- Click the Scan button. The scan will now run, please be patient.
- When the scan finishes click the Details tab.
- Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
On your next post please provide the following:
- OTM log
- ESET log.txt
- Any change in computer performance?
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#6
stargazercece
-
- Authentic Member
-
- 31 posts
Authentic Member
Posted 16 October 2009 - 09:48 PM
I was a little hesitant to put IE 8 so I checked 7 and when I removed and then reinstalled flash and java and the missing scripts showed back up. On my desktop things were still the same though. After some time however the scripts disappeared again so could it be the flash & java that's the problem? Every time I try the est scanner it kept stopping to complain about proxy so I ended up closing it.
But OTM worked
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver 0301941240878354mcinstcleanup deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\73F7F495-A325-4C52-BE48-5F97FA511E89 not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{73F7F495-A325-4C52-BE48-5F97FA511E89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73F7F495-A325-4C52-BE48-5F97FA511E89}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\\11316B13-33F0-4C9F-BD55-09994CCFA8EB not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Cece
->Temp folder emptied: 8186789 bytes
->Temporary Internet Files folder emptied: 30972653 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6026463 bytes
User: Cece_Phoenix
->Temp folder emptied: 1994131 bytes
->Temporary Internet Files folder emptied: 22840581 bytes
->Java cache emptied: 25538856 bytes
->FireFox cache emptied: 43199660 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 75364 bytes
RecycleBin emptied: 38816039 bytes
Total Files Cleaned = 169.42 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10162009_222047
#7
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 17 October 2009 - 09:38 AM
stargazercece,
Your last reply wasn't entire clear to me, therefore I have a few questions.
I'd like for you to try and run this online scan since you experienced difficulty with ESET
The below scan can take up to an hour or longer, please be patient.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.
Please do a scan with Kaspersky Online Scanner or from here
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
http://i275.photobuc...ng/KAS/KAS9.gif
(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozil...efox/addon/1419
- - - - - Next - - - - -
On your next post please provide the following:
Your last reply wasn't entire clear to me, therefore I have a few questions.
- What version of IE are your running - IE7 or IE8?
- Did you uninstall and reinstall Flash & Java, or was it a fresh install?
I'd like for you to try and run this online scan since you experienced difficulty with ESET
The below scan can take up to an hour or longer, please be patient.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.
Please do a scan with Kaspersky Online Scanner or from here
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run. (At times it may appear to stall)
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Once the scan is complete, click on View scan report To obtain the report:
- Click on: Save Report As
- Next, in the Save as prompt, Save in area, select: Desktop
- In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
- Then, click: Save
- Please post the Kaspersky Online Scanner Report in your reply.
http://i275.photobuc...ng/KAS/KAS9.gif
(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozil...efox/addon/1419
- - - - - Next - - - - -
On your next post please provide the following:
- Kaspersky log
- Answers to the questions posted above
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#8
stargazercece
-
- Authentic Member
-
- 31 posts
Authentic Member
Posted 19 October 2009 - 09:57 PM
I was running IE 7 and I uninstalled and reinstalled flash and java. Things went back to normal but then by the next evening everything was messed up again. So I have now installed IE 8 and so far things are working, but I'm keeping an eye open to see if the same problem will return again.
Argh! Kaspersky is giving trouble too. I shut off my anti-virus and anti-spyware programs but it still won't work. This is the message that I get :
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Key is expired]
Argh! Kaspersky is giving trouble too. I shut off my anti-virus and anti-spyware programs but it still won't work. This is the message that I get :
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Key is expired]
#9
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 20 October 2009 - 02:06 PM
Hello stargazercece,
Please re-run DDS and post the new logs generated.
Be sure to disable your script blocking software BEFORE running the DDS scan. Use the link below if you need assistance.
On your next post please provide the following:
Please re-run DDS and post the new logs generated.
Be sure to disable your script blocking software BEFORE running the DDS scan. Use the link below if you need assistance.
- Disable any script blocking protection (How to Disable your Security Programs) < - - Important
- Right click DDS icon and select "Run as Administrator" to run this tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
On your next post please provide the following:
- Post the contents of the DDS.txt report in your next reply
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#10
stargazercece
-
- Authentic Member
-
- 31 posts
Authentic Member
Posted 22 October 2009 - 09:48 PM
Here are the logs:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Cece at 23:40:47.72 on Thu 10/22/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1982.848 [GMT -4:00]
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\nvvsvc.exe
D:\Windows\system32\svchost.exe -k rpcss
D:\Windows\System32\svchost.exe -k secsvcs
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k GPSvcGroup
D:\Windows\system32\SLsvc.exe
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\rundll32.exe
D:\Windows\system32\WLANExt.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\system32\Dwm.exe
D:\Windows\system32\taskeng.exe
D:\Windows\Explorer.EXE
D:\Windows\system32\taskeng.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Windows\System32\rundll32.exe
D:\Windows\vsnp2uvc.exe
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\System32\svchost.exe -k WerSvcGroup
D:\Windows\system32\SearchIndexer.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Users\Cece_Phoenix\Downloads\dds.scr
D:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mStart Page = about:blank
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - d:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - d:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - d:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {73F7F495-A325-4C52-BE48-5F97FA511E89} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - d:\program files\wot\WOT.dll
uRun: [Sidebar] d:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] d:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] "d:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "d:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [snp2uvc] d:\windows\vsnp2uvc.exe
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [BlackBerryAutoUpdate] d:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "d:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRunOnce: [Uninstall Adobe Download Manager] "d:\windows\system32\rundll32.exe" "d:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [OTM] "d:\users\cece_phoenix\downloads\OTM.exe"
StartupFolder: d:\users\cece\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - d:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
mPolicies-explorer: NoAutorun = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - d:\program files\wot\WOT.dll
Notify: klogon - d:\windows\system32\klogon.dll
AppInit_DLLs: d:\progra~1\kasper~1\kasper~2\mzvkbd3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - d:\users\cece\appdata\roaming\mozilla\firefox\profiles\m8nai9rf.default\
FF - component: d:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;d:\windows\system32\drivers\klim6.sys [2008-3-26 21008]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
=============== Created Last 30 ================
2009-10-16 22:20 <DIR> --d----- D:\_OTM
2009-10-15 13:03 <DIR> --d----- d:\users\cece\appdata\roaming\Foxit
2009-10-15 13:03 <DIR> --d----- d:\program files\Foxit Software
2009-10-14 15:55 428,544 a------- d:\windows\system32\EncDec.dll
2009-10-14 15:55 293,376 a------- d:\windows\system32\psisdecd.dll
2009-10-14 15:55 217,088 a------- d:\windows\system32\psisrndr.ax
2009-10-14 15:55 177,664 a------- d:\windows\system32\mpg2splt.ax
2009-10-14 15:55 80,896 a------- d:\windows\system32\MSNP.ax
2009-10-14 15:55 213,504 a------- d:\windows\system32\msv1_0.dll
2009-10-14 15:55 3,597,896 a------- d:\windows\system32\ntkrnlpa.exe
2009-10-14 15:55 3,546,184 a------- d:\windows\system32\ntoskrnl.exe
2009-10-14 15:55 61,440 a------- d:\windows\system32\msasn1.dll
2009-10-14 15:54 144,896 a------- d:\windows\system32\drivers\srv2.sys
2009-10-14 15:54 604,672 a------- d:\windows\system32\WMSPDMOD.DLL
2009-10-12 02:50 <DIR> --d----- d:\program files\CCleaner
2009-10-10 12:32 <DIR> --d----- d:\program files\JRE
2009-10-10 12:31 <DIR> --d----- d:\program files\OpenOffice.org 3
2009-10-03 01:01 195,440 -------- d:\windows\system32\MpSigStub.exe
2009-09-27 21:00 <DIR> --d----- d:\programdata\NOS
==================== Find3M ====================
2009-10-22 23:13 56,800 a------- d:\programdata\nvModes.dat
2009-10-22 23:13 56,800 a------- d:\progra~2\nvModes.dat
2009-10-14 03:09 108,059 a------- d:\windows\system32\drivers\klin.dat
2009-10-14 03:09 95,259 a------- d:\windows\system32\drivers\klick.dat
2009-10-07 09:12 382,072 a------- d:\windows\system32\perfh011.dat
2009-10-07 09:12 101,350 a------- d:\windows\system32\perfc011.dat
2009-09-19 21:45 143,360 a------- d:\windows\inf\infstrng.dat
2009-09-19 21:45 51,200 a------- d:\windows\inf\infpub.dat
2009-09-19 21:45 86,016 a------- d:\windows\inf\infstor.dat
2009-09-15 21:45 835,616 a--sh--- d:\windows\system32\drivers\fidbox2.dat
2009-09-15 21:45 4,984 a--sh--- d:\windows\system32\drivers\fidbox2.idx
2009-09-15 21:45 4,150,304 a--sh--- d:\windows\system32\drivers\fidbox.dat
2009-09-15 21:45 34,552 a--sh--- d:\windows\system32\drivers\fidbox.idx
2009-09-14 02:12 229,888 a------- d:\windows\PEV.exe
2009-08-28 08:39 28,672 a------- d:\windows\system32\Apphlpdm.dll
2009-08-28 08:39 173,056 a------- d:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- d:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- d:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- d:\windows\apppatch\AcSpecfc.dll
2009-08-28 06:15 4,240,384 a------- d:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 01:22 916,480 a------- d:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- d:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- d:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- d:\windows\system32\ieUnatt.exe
2009-08-21 21:01 56 a---h--- d:\programdata\ezsidmv.dat
2009-08-21 21:01 56 a---h--- d:\progra~2\ezsidmv.dat
2009-08-14 12:29 104,960 a------- d:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- d:\windows\system32\netevent.dll
2009-08-14 10:16 17,920 a------- d:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- d:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- d:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- d:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- d:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- d:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- d:\windows\system32\HOSTNAME.EXE
2009-08-03 15:07 403,816 a------- d:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- d:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- d:\windows\system32\OGAEXEC.exe
2009-07-31 15:23 411,368 a------- d:\windows\system32\deploytk.dll
2009-05-05 20:04 12,978 a------- d:\users\cece\appdata\roaming\nvModes.dat
2009-03-26 03:08 665,600 a------- d:\windows\inf\drvindex.dat
2009-03-26 03:02 139,030 a------- d:\windows\inf\perflib\0411\perfi.dat
2009-03-26 03:02 139,030 a------- d:\windows\inf\perflib\0411\perfh.dat
2009-03-26 03:02 30,674 a------- d:\windows\inf\perflib\0411\perfd.dat
2009-03-26 03:02 30,674 a------- d:\windows\inf\perflib\0411\perfc.dat
2009-03-25 13:45 174 a--sh--- d:\program files\desktop.ini
2006-11-02 08:40 287,440 a------- d:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- d:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- d:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- d:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- d:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- d:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- d:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- d:\windows\inf\perflib\0000\perfc.dat
2009-05-12 04:47 16,384 a--sh--- d:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-05-12 04:47 32,768 a--sh--- d:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-05-12 04:47 16,384 a--sh--- d:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 23:42:15.73 ===============
Attached Files
-
Attach.txt 4.11KB
322 downloads
Register to Remove
#11
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 23 October 2009 - 10:41 AM
Hi stargazercece,
Your log shows remnants of a program called SiteHound.
Please go to Start > All Programs > Firetrust > SiteHound > Uninstall
- - - - - Next - - - - -
Congratulations, your logs appear clean.
Now for a little housekeeping and my recommendations to help you stay clean.
- - - - - Next - - - - -
Clean up with OTM
You can now delete any other tools I had you download and use, unless you wish to keep them.
(they should be located on your desktop, if they are no longer there just continue)
Here comes the "All Clean Speech":
You need to set a new clean System Restore Point
System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:
Click Start > Run > copy and paste the following into the run box:
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.
- - - - - Next - - - - -
Now remove all previous Restore Points:
Click Start > Run > copy and paste the following into the run box:
Click on the Yes button.
When finished, click on Cancel button to exit.
- - - - - Next - - - - -
You don't appear to have a Firewall enabled, please download one of these and install it before you continue.
Firewall:
Here are some tips to reduce the potential for spyware infection in the future:
Automatic Updates:
The easiest way to ensure you don't miss any of the critical Windows Updates is to set your computer up to receive Automatic Updates.
To set your computer up for Automatic Updates please do the following:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
For Firefox, I highly recommend this add-on to keep your PC even more secure.
NoScript - for blocking ads and other potential website attacks
You are using Kaspersky Anti-Virus as your anti virus software. It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Firewall - I cannot stress how important it is that you keep the Firewall on your computer active at all times. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Update all security programs regularly - Make sure you update all the programs regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.
Remember to have only one (1) Firewall and one (1) Anti-Virus program running at any one time.
I would also suggest you read "So how did I get infected in the first place"?: by Tony Klein
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Your log shows remnants of a program called SiteHound.
Please go to Start > All Programs > Firetrust > SiteHound > Uninstall
- - - - - Next - - - - -
Congratulations, your logs appear clean.
Now for a little housekeeping and my recommendations to help you stay clean.- - - - - Next - - - - -
Clean up with OTM
- Right-click OTM.exe and select Run As Administrator... to run it.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
You can now delete any other tools I had you download and use, unless you wish to keep them.
(they should be located on your desktop, if they are no longer there just continue)
- DDS
- Sysprot
Here comes the "All Clean Speech":
You need to set a new clean System Restore Point
System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
We need to set a new system restore point:
Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.
- - - - - Next - - - - -
Now remove all previous Restore Points:
Click Start > Run > copy and paste the following into the run box:
cleanmgr
Click on the Yes button.
When finished, click on Cancel button to exit.
- - - - - Next - - - - -
You don't appear to have a Firewall enabled, please download one of these and install it before you continue.
Firewall:
- Comodo - http://www.personalf...all.comodo.com/
- Outpost Firewall FREE - http://www.agnitum.c...ts/outpostfree/
Here are some tips to reduce the potential for spyware infection in the future:
Automatic Updates:
The easiest way to ensure you don't miss any of the critical Windows Updates is to set your computer up to receive Automatic Updates.
To set your computer up for Automatic Updates please do the following:
- Click Start button > All Programs > Windows Update > Change Settings.
- Make sure that Automatic Updating is checked.
- Click OK
- Close the Control Panel.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab.
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
For Firefox, I highly recommend this add-on to keep your PC even more secure.
NoScript - for blocking ads and other potential website attacks
You are using Kaspersky Anti-Virus as your anti virus software. It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Firewall - I cannot stress how important it is that you keep the Firewall on your computer active at all times. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Update all security programs regularly - Make sure you update all the programs regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.
Remember to have only one (1) Firewall and one (1) Anti-Virus program running at any one time.
I would also suggest you read "So how did I get infected in the first place"?: by Tony Klein
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#12
stargazercece
-
- Authentic Member
-
- 31 posts
Authentic Member
Posted 25 October 2009 - 10:29 AM
I don't understand how Sitehound is showing up when I can't find it anywhere on the system to uninstall. It gave me problems before and I tried to remove it but I guess it wasn't gone as I thought? Do you have any ideas how to get flash player installed on my laptop? Everytime I try to download I get the error notice: "Installation is corrupt! (16248.203.296-73272352.80040154.FFFFFFFF.80070424)" I have the latest java so I know that isn't causing it. I've followed the other instructions is your post too.
#13
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 26 October 2009 - 11:06 AM
Hi stargazercece,
For your general knowledge, this portion of the forum is for malware removal only.
Since the above issue is not malware related, if the above solution does not remedy the situation please feel free post in the Windows Help Forum.
Please be sure to include a link to this thread so the person that assists you can review what we have already tried.
Link to your thread: http://forums.whatth...on_t107557.html
You can try a complete Flash Player uninstall/reinstall as follows:Do you have any ideas how to get flash player installed on my laptop? Every time I try to download I get the error notice: "Installation is corrupt! (16248.203.296-73272352.80040154.FFFFFFFF.80070424)"
- Download the Flash Player Uninstaller (save to disk)
- Download the Offline ActiveX Installer (save to disk)
- Close all browser windows,
- Run the Flash Player Uninstaller
- Followed by the ActiveX Installer
- Reboot, if not prompted to do so.
For your general knowledge, this portion of the forum is for malware removal only.
Since the above issue is not malware related, if the above solution does not remedy the situation please feel free post in the Windows Help Forum.
Please be sure to include a link to this thread so the person that assists you can review what we have already tried.
Link to your thread: http://forums.whatth...on_t107557.html
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#14
stargazercece
-
- Authentic Member
-
- 31 posts
Authentic Member
Posted 26 October 2009 - 05:43 PM
Thank you. I was able to get flash installed. But the problem is the Sitehound. Kaspersky labeled it as a virus last time and I tried to remove it. If it shows in the log is it still there?
#15
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 27 October 2009 - 07:09 AM
Hi stargazercece,
Sometimes tools that are used to monitor attacks on your computer are flagged by other scanning tools as malicious because of the way they interpret each others actions.
Quote taken from http://www.firetrust...ducts/sitehound
You log is free of malware. SiteHound by Firetrust is not malware.But the problem is the Sitehound. Kaspersky labeled it as a virus last time and I tried to remove it. If it shows in the log is it still there?
Sometimes tools that are used to monitor attacks on your computer are flagged by other scanning tools as malicious because of the way they interpret each others actions.
Quote taken from http://www.firetrust...ducts/sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
Today the most common route for attacks on your computer is through your web browser as you surf the web. Everyday, people around the world fall victim to online fraud, scams, security vulnerabilities and malware while surfing the web, and most people realise before its too late.
SiteHound solves this alarming security gap by working with some of the world’s leading security watchdogs to provide you with instant and real-time protection for you as you surf the web.
Powered by a unique database created by a global community of users and experts who actively report potentially malicious websites, SiteHound ensures you surf the web safely by providing you with an unprecedented level of protection from fraud, phishing, spyware, adware, security risks, spam, viruses, online scams, adult and offensive sites and fake anti-spyware products.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
