Infection: pum.hijack.startmenu

[trippdudley]

Looks like I ended up with this malware. I have run malwarebytes several times in safe mode, regular boot will not allow it. First time thru it found 11 problems, clean those up and ran it again and it showed 2 problems "pum.hijack.startmenu". Cleaned those and ran again and it said all was good. Booted back up in non-safe mode and the problem came back....multiple pop up windows, HDD errors, RAM errors, etc. Ran malwarebytes again, found the same two problems, cleaned them, ran again and it was clean. Regular boot and the problem was back. All desktop and start menu programs have vanished but in safe mode I was able to view them by using the "show hidden files" option in the tool menu.

Anyway, I am stuck now and need some help. Below are the 2 files requested:

Thank you in advance!

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Kathy at 6:49:35 on 2012-03-06

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2694 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=15119&l=dis

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DwcShfdOUdbj.exe] c:\programdata\DwcShfdOUdbj.exe

StartupFolder: c:\users\kathy\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 66.18.32.2 66.18.32.3

TCP: Interfaces\{6A0BB197-5868-4813-B887-C9F118155A1D} : DhcpNameServer = 66.18.32.2 66.18.32.3

TCP: Interfaces\{EB151363-6E8F-4617-AEFC-C3438AC80A95} : DhcpNameServer = 66.18.32.2 66.18.32.3

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\4bt31n3v.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.signalmountainhighschool.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\4bt31n3v.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: PlaySushi TextLinks : textlinks@playsushi.com - %profile%\extensions\textlinks@playsushi.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-11-23 73728]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

S2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139400]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-11-23 111104]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-06 01:09:28 735056 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-03-05 01:47:16 338432 ---ha-w- c:\programdata\mRxLAjpOTH2mNo.exe

2012-03-04 23:54:53 -------- d--h--w- c:\users\kathy\appdata\roaming\Malwarebytes

2012-03-04 23:54:46 -------- d--h--w- c:\programdata\Malwarebytes

2012-03-04 23:54:45 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys

2012-03-04 23:54:45 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware

2012-03-04 23:35:06 430080 ---ha-w- c:\programdata\DwcShfdOUdbj.exe

2012-03-02 17:28:51 -------- d-sh--w- C:\found.000

2012-02-22 21:58:01 -------- d--h--w- c:\users\kathy\appdata\roaming\OpenOffice.org

2012-02-22 21:55:06 -------- d--h--w- c:\program files\OpenOffice.org 3

2012-02-22 21:54:17 472808 ---ha-w- c:\windows\system32\deployJava1.dll

2012-02-22 21:54:17 472808 ---ha-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2012-02-20 02:08:29 -------- d--h--w- c:\windows\Acronis

2012-02-20 01:50:36 170080 ---ha-w- c:\windows\system32\drivers\snapman.sys

2012-02-16 19:49:26 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 19:49:25 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 19:49:24 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2012-02-28 11:49:00 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 6:50:53.05 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/24/2010 1:06:47 AM

System Uptime: 3/6/2012 6:36:00 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0U990C

Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 1995/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 316 GiB total, 190.552 GiB free.

D: is FIXED (NTFS) - 150 GiB total, 62.786 GiB free.

E: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4AF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4AF0

Service:

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4BF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4BF0

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acronis Disk Director Home

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

Bejeweled Blitz

Bonjour

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

Costco Photo Organizer

Creative Memories Memory Manager 2

Creative Memories Memory Manager 3

Creative Memories StoryBook Creator Plus

Creative Memories StoryBook Creator Plus 3

D3DX10

Dell Resource CD

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java™ 6 Update 22

Junk Mail filter update

Laptop Integrated Webcam Driver (1.04.01.1011)

Malwarebytes Anti-Malware version 1.60.1.1000

Marvell Miniport Driver

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox (3.6.27)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org 3.3

QuickTime

Seagate Manager Installer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Segoe UI

SigmaTel Audio

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

3/6/2012 6:47:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:47:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/6/2012 6:47:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/6/2012 6:46:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/6/2012 6:46:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/6/2012 6:46:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/6/2012 6:46:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/6/2012 6:46:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/6/2012 6:38:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2012 6:38:01 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 6:31:36 AM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.

3/6/2012 6:21:51 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3/5/2012 7:32:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2600217).

3/4/2012 8:58:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/4/2012 8:53:16 PM, Error: EventLog [6008] - The previous system shutdown at 8:51:24 PM on 3/4/2012 was unexpected.

3/4/2012 2:32:05 PM, Error: EventLog [6008] - The previous system shutdown at 2:29:52 PM on 3/4/2012 was unexpected.

3/3/2012 2:36:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

3/2/2012 12:35:32 PM, Error: EventLog [6008] - The previous system shutdown at 12:34:29 PM on 3/2/2012 was unexpected.

2/29/2012 7:54:04 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/29/2012 7:54:04 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

2/29/2012 7:53:17 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

2/29/2012 7:52:33 AM, Error: EventLog [6008] - The previous system shutdown at 7:50:37 AM on 2/29/2012 was unexpected.

2/28/2012 9:49:37 PM, Error: EventLog [6008] - The previous system shutdown at 9:47:22 PM on 2/28/2012 was unexpected.

2/28/2012 6:48:19 AM, Error: EventLog [6008] - The previous system shutdown at 11:01:39 PM on 2/27/2012 was unexpected.

.

==== End Of File ===========================

[trippdudley]

Not sure if I should bump this or not but its been 72 hours with no reply. Can someone help me out plz?

Thanks

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

[LDTate]

Next:

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\programdata\mRxLAjpOTH2mNo.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Do the same for:

c:\programdata\DwcShfdOUdbj.exe

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky...anforvirus.html

[trippdudley]

Antivirus Result Update AhnLab-V3 Trojan/Win32.FakeAV 20120310 AntiVir TR/FakeSysdef.A.944 20120309 Antiy-AVL Trojan/Win32.FakeAV.gen 20120310 Avast Win32:FakeSysdefs-A [Trj] 20120310 AVG Downloader.Zlob.BHGM 20120310 BitDefender Gen:Variant.Graftor.16794 20120311 ByteHero - 20120309 CAT-QuickHeal - 20120310 ClamAV - 20120311 Commtouch - 20120310 Comodo TrojWare.Win32.Trojan.Agent.Gen 20120310 DrWeb Trojan.Fakealert.27220 20120311 Emsisoft Trojan-Downloader!IK 20120311 eSafe - 20120308 eTrust-Vet Win32/FraudSystemCheck.AE 20120310 F-Prot - 20120311 F-Secure Gen:Variant.Graftor.16794 20120310 Fortinet W32/FakeAV.OZ!tr 20120311 GData Gen:Variant.Graftor.16794 20120311 Ikarus Trojan-Downloader 20120310 Jiangmin - 20120301 K7AntiVirus Riskware 20120310 Kaspersky Trojan.Win32.FakeAV.lbkb 20120311 McAfee Generic FakeAlert.bz 20120308 McAfee-GW-Edition Heuristic.LooksLike.Win32.Winwebsec.B 20120310 Microsoft Trojan:Win32/FakeSysdef 20120310 NOD32 a variant of Win32/Kryptik.ABXW 20120311 Norman W32/Troj_Generic.AJYSD 20120310 nProtect - 20120310 Panda Generic Trojan 20120310 PCTools - 20120310 Prevx - 20120311 Rising - 20120309 Sophos Mal/FakeAV-OZ 20120311 SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20120308 Symantec UltraDefragFraud!gen11 20120311 TheHacker Trojan/FakeAV.lbkb 20120309 TrendMicro TROJ_SPNR.11C912 20120310 TrendMicro-HouseCall TROJ_SPNR.11C912 20120310 VBA32 - 20120307 VIPRE Trojan.Win32.Generic!BT 20120310 ViRobot - 20120310 VirusBuster Trojan.FakeAV!XDp5ydAExR4 20120309

[trippdudley]

Here are the results of the DWC scan:

AhnLab-V3 Trojan/Win32.FakeAV 20120310 AntiVir TR/FakeSysdef.A.892 20120309 Antiy-AVL Trojan/win32.agent.gen 20120310 Avast Win32:FakeSysdefs-A [Trj] 20120310 AVG Downloader.Zlob.BHFQ 20120310 BitDefender Trojan.Generic.7265840 20120311 ByteHero - 20120309 CAT-QuickHeal - 20120310 ClamAV - 20120311 Commtouch - 20120310 Comodo UnclassifiedMalware 20120311 DrWeb Trojan.Fakealert.27220 20120311 Emsisoft Trojan.Win32.FakeSysdef!IK 20120310 eSafe - 20120308 eTrust-Vet - 20120310 F-Prot - 20120311 F-Secure Trojan.Generic.7265840 20120310 Fortinet W32/FakeAV.OZ 20120310 GData Trojan.Generic.7265840 20120310 Ikarus Trojan.Win32.FakeSysdef 20120310 Jiangmin - 20120301 K7AntiVirus Riskware 20120310 Kaspersky Trojan.Win32.FakeAV.lcod 20120311 McAfee Generic FakeAlert.bz 20120308 McAfee-GW-Edition Generic FakeAlert.bz 20120310 Microsoft Trojan:Win32/FakeSysdef 20120310 NOD32 a variant of Win32/Kryptik.ABXW 20120311 Norman W32/Troj_Generic.AJNTX 20120310 nProtect Trojan.Generic.7265840 20120310 Panda Suspicious file 20120310 PCTools - 20120310 Prevx - 20120311 Rising - 20120309 Sophos Mal/FakeAV-OZ 20120311 SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert 20120308 Symantec UltraDefragFraud!gen11 20120311 TheHacker Trojan/FakeAV.lcod 20120309 TrendMicro TROJ_FAKEAV.ERX 20120310 TrendMicro-HouseCall TROJ_FAKEAV.ERX 20120311 VBA32 - 20120307 VIPRE Trojan.Win32.Generic!BT 20120310 ViRobot - 20120310 VirusBuster Trojan.Kryptik!0F6jca3oTj0 20120309

[LDTate]

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[trippdudley]

System seems to be stable after running combo fix. This is the 2nd log file. When the first scan was completed the battery on the laptop died and I had to restart and rerun combo fix:

ComboFix 12-03-11.01 - Kathy 03/11/2012 20:02:06.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2108 [GMT -4:00]

Running from: c:\users\Kathy\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))

.

.

2012-03-12 00:08 . 2012-03-12 00:08 -------- d-----w- c:\users\Kathy\AppData\Local\temp

2012-03-12 00:08 . 2012-03-12 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-04 23:54 . 2012-03-04 23:54 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes

2012-03-04 23:54 . 2012-03-04 23:54 -------- d-----w- c:\programdata\Malwarebytes

2012-03-04 23:54 . 2012-03-05 00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-04 23:54 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-04 23:31 . 2012-03-04 23:31 -------- d-----w- c:\windows\Sun

2012-03-02 17:28 . 2012-03-02 17:28 -------- d-----w- C:\found.000

2012-02-22 21:58 . 2012-02-22 21:58 -------- d-----w- c:\users\Kathy\AppData\Roaming\OpenOffice.org

2012-02-22 21:55 . 2012-02-22 21:55 -------- d-----w- c:\program files\OpenOffice.org 3

2012-02-22 21:54 . 2012-02-22 21:54 -------- d-----w- c:\program files\Common Files\Java

2012-02-22 21:54 . 2012-02-22 21:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-22 21:54 . 2012-02-22 21:54 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2012-02-22 21:53 . 2012-02-22 21:53 -------- d-----w- c:\program files\Java

2012-02-20 02:08 . 2012-02-24 23:46 -------- d-----w- c:\windows\Acronis

2012-02-20 02:01 . 2012-02-20 02:01 -------- d-----w- c:\program files\Common Files\Acronis

2012-02-20 01:50 . 2012-02-20 02:01 170080 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-02-20 01:50 . 2012-02-20 01:50 -------- d-----w- c:\program files\Acronis

2012-02-16 19:49 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 19:49 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-02-16 19:49 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-28 11:49 . 2011-11-14 14:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTAyMTY2MzQwLVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItTElDKzItU1AxKzEtU1AxVEIrMS1TVVArNC1GTDEwKzEtU1AxUzQrMS1ERFQrNjE3NzYtTFNEKzItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisxLVRCVlVQRysxMi1GMTBNMTJGVCsxLVRCTisxLUwxME1JKzEtRjEwTTEySVQrMQ∏=90&ver=10.0.1424" [?]

.

c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4143675979-210270141-2429935486-1000]

"EnableNotificationsRef"=dword:00000001

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=15119&l=dis

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 66.18.32.2 66.18.32.3

FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\4bt31n3v.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.signalmountainhighschool.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: PlaySushi TextLinks : textlinks@playsushi.com - %profile%\extensions\textlinks@playsushi.com

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-11 20:08

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-03-11 20:10:08

ComboFix-quarantined-files.txt 2012-03-12 00:10

ComboFix2.txt 2012-03-11 23:53

.

Pre-Run: 205,071,339,520 bytes free

Post-Run: 205,029,584,896 bytes free

.

- - End Of File - - 495777DB3EDB7F41DD98E867282CB18E

[trippdudley]

Just noticed that I am still missing my start menu programs...not the "all programs" menu.

[LDTate]

the all users start menu is C:\ProgramData\Microsoft\Windows\Start Menu\Programs and the all users desktop folder is C:\Users\Public\Desktop

Also you can use this option With Windows 7 / Vista:

You can restore the Start menu to its original, default settings.

1.Open Taskbar and Start Menu Properties by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Taskbar and Start Menu.

2.Click the Start Menu tab, and then click Customize.

3.In the Customize Start Menu dialog box, click Use Default Settings, and then click OK.

If that didn't work:

After running the unhide tool you may still be missing most of your start menu shortcuts… They can be found in a folder named smtmp inside:

(XP)- C:\Documents and Settings\Username\Local Settings\Temp

(W7)- C:\Users\Username\AppData\Local\Temp

C:\Windows\Temp

Example:

%Temp%\smtmp\1 "%AllUsersProfile%\Start Menu"

%Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch"

%Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar"

%Temp%\smtmp\4 "%AllUsersProfile%\Desktop

These will be there unless you have removed temp files / folders

There might be three numbered folders inside C:\Documents and Settings\Your User Name\Local Settings\Temp\smtmp folder. The folders will be numbered 1, 2 and 4.

Inside the 1 folder is a folder named “Programs.” This folder should be copied / pasted to (using XP) to C:\Documents and Settings\All Users\Start Menu, which will already have a folder named Programs but it is safe to overwrite it since Windows will replace the subfolders without creating duplicates.

Inside the 2 folder are the quick launch items specific for the user. Select ALL of these shortcuts and copy / paste to (using XP) C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch.

Inside the 4 folder are the desktop items that should be copied to C:\Documents and Settings\All Users\Desktop.

[trippdudley]

Thank you very much for all your help!

[LDTate]

Did that work?

[LDTate]

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
• 
  
• Securing Your Web Browser
  This paper will help you configure your web browser for safer internet surfing.
  
• Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
  •Free browser plug-in for Internet Explorer and Firefox
  •Real-time safety ratings
  •Ideal for Facebook, Twitter and LinkedIn
  
• JAVA Click this link and click on the Free JAVA Download
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.
  

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

• Dynamically Blocks Malware Sites & Servers
  
• Malware Execution Prevention
  

Save yourself the hassle and get protected.

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!