Jump to content

m01n83kjf7.com attack

christcg
 Share

Recommended Posts

christcg

christcg

Posted
Posted

I keep getting the m01n83kjf7.com attack from Norton 360.

You guys are great!

Here are the details:

Malwarebytes' Anti-Malware log file

alwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4142

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/25/10 3:12:27 PM

mbam-log-2010-05-25 (15-12-27).txt

Scan type: Full scan (C:\|D:\|F:\|)

Objects scanned: 245196

Time elapsed: 1 hour(s), 35 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS/GMER log files

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 15:21:56.87 on Tue 05/25/10

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1486 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\RTHDCPL.EXE

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\hphmon04.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =

uStart Page = hxxp://www.google.com/ig?hl=en/

uSearch Bar =

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant =

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HPHmon04] c:\windows\system32\hphmon04.exe

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iSUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start

mRun: [spyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter4.exe" -minimize

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [system tool] c:\program files\bhycvn\elunsysguard.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: christianaudio.com

Trusted Zone: constantcontact.com

Trusted Zone: constantcontact.com\ui

Trusted Zone: google.com\www

Trusted Zone: symantec.com\www

Trusted Zone: turbotax.com

DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261764515968

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182856617218

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} - hxxp://service.ringcentral.com/ActiveX/RCAXSetup.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 91.206.201.8 osadwarekill.microsoft.com

Hosts: 91.206.201.8 osadwarekill.com

Hosts: 91.206.201.8 www.osadwarekill.com

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100518.002\IDSXpx86.sys [2010-5-24 331640]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-1 47640]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-3-24 323992]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-18 102448]

R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100525.003\NAVENG.SYS [2010-5-25 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100525.003\NAVEX15.SYS [2010-5-25 1347504]

S2 gupdate1ca5361c3e830ac;Google Update Service (gupdate1ca5361c3e830ac);c:\program files\google\update\GoogleUpdate.exe [2009-10-22 133104]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S3 GoogleDesktopManager-090209-075101;Google Desktop Manager 5.9.909.2235;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-7 30192]

S4 a2AntiMalware;a-squared Anti-Malware Service;"c:\program files\a-squared anti-malware\a2service.exe" --> c:\program files\a-squared anti-malware\a2service.exe [?]

S4 LkWebLink;Inter-Tel Collaboration Remote Client;d:\inter-tel\collaboration client 2.0\lkWebLink.exe [2010-5-3 32768]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-05-25 19:13:37 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-05-25 13:21:40 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-05-25 13:21:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-25 13:21:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-25 13:21:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-25 13:21:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-25 13:15:59 77312 ----a-w- c:\windows\mbr.exe

2010-05-11 19:37:28 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-03 14:26:44 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys

2010-05-03 14:26:44 32000 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-05-03 14:26:44 10368 ----a-w- c:\windows\system32\drivers\pfc.sys

2010-05-03 14:26:43 8320 ----a-w- c:\windows\system32\drivers\grmnusb.sys

2010-05-03 14:26:43 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys

2010-05-01 10:29:16 13 ----a-w- c:\windows\system32\WinSys32.crc

2010-04-27 16:24:08 0 d-----w- c:\docume~1\alluse~1\applic~1\CoffeeCup Software

==================== Find3M ====================

2010-04-29 15:23:28 61440 ----a-w- c:\windows\system32\libfaac.dll

2010-04-29 15:23:28 53248 ----a-w- c:\windows\system32\ogg.dll

2010-04-29 15:23:28 36864 ----a-w- c:\windows\system32\DGRip.dll

2010-04-29 15:23:28 36352 ----a-w- c:\windows\system32\MP2enc.dll

2010-04-29 15:23:28 220160 ----a-w- c:\windows\system32\WnASPI32.dll

2010-04-29 15:23:28 172032 ----a-w- c:\windows\system32\lame_enc.dll

2010-04-29 15:23:28 1163264 ----a-w- c:\windows\system32\vorbis.dll

2010-04-29 15:23:28 1015808 ----a-w- c:\windows\system32\vorbisenc.dll

2010-04-19 21:04:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2010-04-02 10:42:25 796672 ----a-w- c:\windows\GPInstall.exe

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-04 17:57:13 1577352 ----a-w- c:\windows\askToolbarInstaller-1.3.3.0.exe

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2008-05-27 22:25:27 1918464 ----a-w- c:\program files\UninstallWPO.exe

2002-07-31 23:55:12 312 --sh--w- c:\windows\WSYS049.SYS

2009-01-12 21:11:10 665002 --sha-w- c:\windows\system32\baKklnmp.ini2

2009-08-21 00:45:45 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-08-22 10:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-08-21 00:45:40 65536 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082020090821\index.dat

2009-08-22 10:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082220090823\index.dat

2009-08-22 10:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 15:23:49.17 ===============

attach.zip

Link to post
Share on other sites
melboy

melboy

Posted
Posted

Hi and welcome to the Malwarebytes forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.

====================================

RE: BitTorrent

P2P downloads are likely to bring infections into the system. My recommendation is to uninstall these P2P file sharing programs (and others if present)

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate BitTorrent and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.

TDSSKiller

  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial)
  • Next double-click the tdsskiller Folder on your desktop.
  • Double click tdsskiller.exe to run the tool.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.3.0.0_20.04.2010_15.31.43_log.txt.
  • Please post the contents in your next reply

Link to post
Share on other sites
christcg

christcg

Posted
  • Author
Posted
Hi and welcome to the Malwarebytes forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.

====================================

RE: BitTorrent

P2P downloads are likely to bring infections into the system. My recommendation is to uninstall these P2P file sharing programs (and others if present)

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate BitTorrent and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.

TDSSKiller

  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial)
  • Next double-click the tdsskiller Folder on your desktop.
  • Double click tdsskiller.exe to run the tool.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.3.0.0_20.04.2010_15.31.43_log.txt.
  • Please post the contents in your next reply

20:41:37:609 2160 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14

20:41:37:609 2160 ================================================================================

20:41:37:609 2160 SystemInfo:

20:41:37:609 2160 OS Version: 5.1.2600 ServicePack: 3.0

20:41:37:609 2160 Product type: Workstation

20:41:37:609 2160 ComputerName: CHRISLAPTOP

20:41:37:609 2160 UserName: Administrator

20:41:37:625 2160 Windows directory: C:\WINDOWS

20:41:37:625 2160 Processor architecture: Intel x86

20:41:37:625 2160 Number of processors: 1

20:41:37:625 2160 Page size: 0x1000

20:41:37:625 2160 Boot type: Normal boot

20:41:37:625 2160 ================================================================================

20:41:38:140 2160 Initialize success

20:41:38:140 2160

20:41:38:140 2160 Scanning Services ...

20:41:38:875 2160 Raw services enum returned 389 services

20:41:38:906 2160

20:41:38:906 2160 Scanning Drivers ...

20:41:40:875 2160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:41:40:906 2160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

20:41:40:953 2160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:41:41:015 2160 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

20:41:41:109 2160 AR5211 (baa6b3cc74a4377d063c5a92dd9c4098) C:\WINDOWS\system32\DRIVERS\ar5211.sys

20:41:41:171 2160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:41:41:203 2160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:41:41:234 2160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:41:41:281 2160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:41:41:312 2160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:41:41:406 2160 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys

20:41:41:437 2160 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

20:41:41:453 2160 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

20:41:41:484 2160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:41:41:500 2160 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:41:41:546 2160 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys

20:41:41:609 2160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:41:41:625 2160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:41:41:640 2160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:41:41:671 2160 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:41:41:687 2160 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:41:41:734 2160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:41:41:781 2160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:41:41:843 2160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:41:41:875 2160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:41:41:906 2160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:41:41:953 2160 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

20:41:42:000 2160 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys

20:41:42:046 2160 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

20:41:42:062 2160 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys

20:41:42:093 2160 Dot4Storage HPH11 (df0a7516e9f803c1c64796b81605495c) C:\WINDOWS\system32\Drivers\hphs2k11.sys

20:41:42:125 2160 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

20:41:42:156 2160 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys

20:41:42:218 2160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:41:42:359 2160 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

20:41:42:406 2160 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys

20:41:42:484 2160 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys

20:41:42:515 2160 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:41:42:593 2160 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys

20:41:42:609 2160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:41:42:625 2160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:41:42:656 2160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:41:42:671 2160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:41:42:796 2160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:41:42:968 2160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:41:43:015 2160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:41:43:265 2160 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

20:41:43:453 2160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:41:43:515 2160 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

20:41:43:546 2160 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:41:43:562 2160 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:41:43:625 2160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:41:43:656 2160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:41:43:734 2160 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

20:41:44:015 2160 IDSxpx86 (1ca8e9bd3cb6d16e54d08240dd3a4f66) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100518.002\IDSxpx86.sys

20:41:44:062 2160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:41:44:328 2160 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:41:44:546 2160 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:41:44:578 2160 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:41:44:609 2160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:41:44:625 2160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:41:44:656 2160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:41:44:687 2160 IPSec (15c3d97a03a217381b30328ff240d002) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:41:44:687 2160 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 15c3d97a03a217381b30328ff240d002, Fake md5: 23c74d75e36e7158768dd63d92789a91

20:41:44:687 2160 File "C:\WINDOWS\system32\DRIVERS\ipsec.sys" infected by TDSS rootkit ... 20:41:45:906 2160 Backup copy found, using it..

20:41:46:093 2160 will be cured on next reboot

20:41:46:265 2160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:41:46:328 2160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:41:46:343 2160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:41:46:359 2160 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:41:46:390 2160 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys

20:41:46:437 2160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:41:46:468 2160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:41:46:546 2160 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

20:41:46:656 2160 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

20:41:46:781 2160 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

20:41:47:015 2160 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

20:41:47:109 2160 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

20:41:47:218 2160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:41:47:265 2160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:41:47:296 2160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:41:47:312 2160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:41:47:343 2160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:41:47:359 2160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:41:47:453 2160 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:41:47:515 2160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:41:47:531 2160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:41:47:546 2160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:41:47:562 2160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:41:47:671 2160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:41:47:703 2160 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:41:47:750 2160 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

20:41:47:781 2160 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:41:47:906 2160 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100525.003\NAVENG.SYS

20:41:47:984 2160 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100525.003\NAVEX15.SYS

20:41:48:046 2160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:41:48:093 2160 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:41:48:093 2160 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:41:48:140 2160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:41:48:156 2160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:41:48:187 2160 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

20:41:48:234 2160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:41:48:250 2160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:41:48:265 2160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:41:48:343 2160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:41:48:406 2160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:41:48:437 2160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:41:48:453 2160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:41:48:484 2160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

20:41:48:500 2160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:41:48:546 2160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:41:48:593 2160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:41:48:671 2160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:41:48:687 2160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:41:48:828 2160 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

20:41:48:953 2160 PNDIS5 (3ab95ecf07a0576a6be736cfbaa9619c) C:\PROGRA~1\LINKSY~1\PNDIS5.SYS

20:41:49:296 2160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:41:49:437 2160 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

20:41:49:453 2160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:41:49:515 2160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:41:49:546 2160 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:41:49:625 2160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:41:49:640 2160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:41:49:640 2160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:41:49:656 2160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:41:49:687 2160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:41:49:703 2160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:41:49:765 2160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:41:49:796 2160 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

20:41:49:812 2160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:41:49:843 2160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:41:49:875 2160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

20:41:49:890 2160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:41:49:937 2160 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:41:50:000 2160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:41:50:015 2160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:41:50:125 2160 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS

20:41:50:156 2160 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS

20:41:50:203 2160 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

20:41:50:250 2160 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys

20:41:50:281 2160 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys

20:41:50:328 2160 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys

20:41:50:359 2160 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

20:41:50:406 2160 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:41:50:437 2160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:41:50:453 2160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:41:50:578 2160 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS

20:41:50:640 2160 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

20:41:50:656 2160 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS

20:41:50:671 2160 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS

20:41:50:718 2160 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys

20:41:50:718 2160 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys

20:41:50:750 2160 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS

20:41:50:796 2160 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS

20:41:50:875 2160 SynTP (9d3611fa3bcca8090fdd1a45bd1ea586) C:\WINDOWS\system32\DRIVERS\SynTP.sys

20:41:50:953 2160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:41:51:015 2160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:41:51:046 2160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:41:51:078 2160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:41:51:109 2160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:41:51:156 2160 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys

20:41:51:250 2160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:41:52:093 2160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:41:52:531 2160 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys

20:41:53:109 2160 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

20:41:53:140 2160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:41:53:156 2160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:41:53:187 2160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:41:53:218 2160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:41:53:281 2160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:41:53:296 2160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:41:53:328 2160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:41:53:375 2160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:41:53:421 2160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:41:53:468 2160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:41:53:500 2160 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

20:41:53:531 2160 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

20:41:53:578 2160 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:41:53:609 2160 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:41:53:640 2160 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:41:53:671 2160 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:41:53:718 2160 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

20:41:53:734 2160 Reboot required for cure complete..

20:41:54:625 2160 Cure on reboot scheduled successfully

20:41:54:625 2160

20:41:54:625 2160 Completed

20:41:54:625 2160

20:41:54:625 2160 Results:

20:41:54:625 2160 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

20:41:54:625 2160 File objects infected / cured / cured on reboot: 1 / 0 / 1

20:41:54:625 2160

20:41:54:625 2160 KLMD(ARK) unloaded successfully

Link to post
Share on other sites
melboy

melboy

Posted
Posted

Hi

Please use the Add Reply button rather than the Reply button - thanks.

Give me an update on how things are running.

TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.

Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites
christcg

christcg

Posted
  • Author
Posted

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4146

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/26/10 5:06:48 PM

mbam-log-2010-05-26 (17-06-48).txt

Scan type: Quick scan

Objects scanned: 146564

Time elapsed: 10 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HAD A PROBLEM WITH ESET...

WHEN IT FINISHED, I CHECKED THE BOX TO UNINSTALL APPLICATION ON CLOSE, I CLICKED ON FINISH AND IT ASKED ME TO PURCHASE OR TRY A FREE TRIAL. THERE WAS NO OPTION TO CLOSE THE PROGRAM FROM THAT POINT or TO SAVE A LOG FILE.

I RAN THE PROGRAM A SECOND TIME THINKING I MISSED SOMETHING BUT IT DID THE SAME THING SHOWING THE SAME INFECTED FILES.

THE LOG FILE BELOW IS SOMETHING I FOUND IN THE CACHE USING GOOGLE DESKTOP.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=b882368e40347041b5cc9c72572783e2

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-05-27 03:30:43

# local_time=2010-05-26 11:30:43 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=3589 16777189 100 100 1636641 10812540 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=96668

# found=9

# cleaned=0

# scan_time=9804

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{48AB0415-815A-4850-BC27-3A48DD1866A4} Win32/Qhost trojan 00000000000000000000000000000000 I

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A8C7618E-D19B-4E64-ABC4-2A541F06BF4F} Win32/Qhost trojan 00000000000000000000000000000000 I

C:\WINDOWS\system32\baKklnmp.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\baKklnmp.ini2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\cvkymvmu.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\ebkbymvo.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\ejepivay.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\okometaf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

C:\WINDOWS\system32\ufxefqdn.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

Link to post
Share on other sites
melboy

melboy

Posted
Posted

Hi

How are things running?

Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.(System registry & Current user registry)
  • Click on OK
  • When the Question pop-up appears click on Yes to create the folder.
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Trusted Sites.

It is not advisable to give sites "trusted" status as it lowers your protection for sites in this zone. Even legitimate sites can be hacked. Visiting these sites whilst they are compromised would leave you at a greater risk of infection whilst they have trusted status.

DelDomains

Please download: DelDomains.inf and save it to your desktop.

  • Locate DelDomains.inf on your desktop.
  • Right-click and select Install
  • This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
  • Any previously added restricted zone entries (by SpywareBlaster, Spybot S&D etc) will need to be reapplyed.

NOTE: You will not see any on-screen action.

OTM

Download OTM by Old Timer and save it to your Desktop.

  • Double-click OTM.exe to run it.
  • Paste the following code under the pasteline.png area. Do not include the word Code.
    :Reg
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "system tool"=-


    :Files
    C:\WINDOWS\system32\baKklnmp.ini 
    C:\WINDOWS\system32\baKklnmp.ini2
    C:\WINDOWS\system32\cvkymvmu.ini
    C:\WINDOWS\system32\ebkbymvo.ini 
    C:\WINDOWS\system32\ejepivay.ini 
    C:\WINDOWS\system32\okometaf.ini 
    C:\WINDOWS\system32\ufxefqdn.ini 
    c:\program files\bhycvn

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [Reboot]


  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Push the large btnmoveit.png button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

After OTM has rebooted the machine:

Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt

    And post it in your next reply.

    In your next reply:

    1. OTM log
    2. DDS.txt

Link to post
Share on other sites
christcg

christcg

Posted
  • Author
Posted

Things seem to be running a bit faster... and the original problem does not seem to be coming back.

However, since trying to do this work you gave me, I have not been able to use the computer much.

But thanks... you are great!

I will get to this newer updates within 12-24 hours....

Thanks!!!!!

Chris

PS The trusted sites thing you mentioned... I guess you are referring to Norton360. Is that something that is easy to configure? Any suggestions?

Link to post
Share on other sites
melboy

melboy

Posted
Posted

Hi

No, the trusted sites to which I refer are in the trusted sites zone in Internet Explorer, which can can be found by opening Internet Explorer and going to Tools > Internet Options > Security tab > Trusted sites.

Your DDS log shows that the sites in this zone currently are as follows:

Trusted Zone: christianaudio.com

Trusted Zone: constantcontact.com

Trusted Zone: constantcontact.com\ui

Trusted Zone: google.com\www

Trusted Zone: symantec.com\www

Trusted Zone: turbotax.com

You may find that some programs automatically add their "home" website to the list, but generally - as I previously said - It is not advisable to give sites "trusted" status as it lowers your protection for sites in this zone.

Please post the requested logs as you are ready.

Link to post
Share on other sites
christcg

christcg

Posted
  • Author
Posted

OTM

All processes killed

========== REGISTRY ==========

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\system tool deleted successfully.

========== FILES ==========

C:\WINDOWS\system32\baKklnmp.ini moved successfully.

C:\WINDOWS\system32\baKklnmp.ini2 moved successfully.

C:\WINDOWS\system32\cvkymvmu.ini moved successfully.

C:\WINDOWS\system32\ebkbymvo.ini moved successfully.

C:\WINDOWS\system32\ejepivay.ini moved successfully.

C:\WINDOWS\system32\okometaf.ini moved successfully.

C:\WINDOWS\system32\ufxefqdn.ini moved successfully.

File/Folder c:\program files\bhycvn not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 1144027 bytes

->Temporary Internet Files folder emptied: 1086377 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 434 bytes

User: All Users

User: Backup

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Chris_2

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 51821 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 590 bytes

Total Files Cleaned = 2.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTM by OldTimer - Version 3.1.12.0 log created on 05272010_171346

Files moved on Reboot...

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L3G82Q94\index[1].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5NAXNY6K\iframe[1].html moved successfully.

File C:\WINDOWS\temp\JET12E7.tmp not found!

File C:\WINDOWS\temp\Perflib_Perfdata_4fc.dat not found!

Registry entries deleted on Reboot...

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 17:28:12.84 on Thu 05/27/10

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1437 [GMT -4:00]

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\hphmon04.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAP\DAP.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrator\Desktop\Virus Removal Software\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =

uStart Page = hxxp://www.google.com/ig?hl=en/

uSearch Bar =

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant =

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HPHmon04] c:\windows\system32\hphmon04.exe

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iSUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab

DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261764515968

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182856617218

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} - hxxp://service.ringcentral.com/ActiveX/RCAXSetup.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100520.001\IDSXpx86.sys [2009-10-28 329592]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-1 47640]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-3-24 323992]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100526.039\NAVENG.SYS [2010-5-27 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100526.039\NAVEX15.SYS [2010-5-27 1347504]

S2 gupdate1ca5361c3e830ac;Google Update Service (gupdate1ca5361c3e830ac);c:\program files\google\update\GoogleUpdate.exe [2009-10-22 133104]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]

S3 GoogleDesktopManager-090209-075101;Google Desktop Manager 5.9.909.2235;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-7 30192]

S4 a2AntiMalware;a-squared Anti-Malware Service;"c:\program files\a-squared anti-malware\a2service.exe" --> c:\program files\a-squared anti-malware\a2service.exe [?]

S4 LkWebLink;Inter-Tel Collaboration Remote Client;d:\inter-tel\collaboration client 2.0\lkWebLink.exe [2010-5-3 32768]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-05-27 21:13:46 0 d-----w- C:\_OTM

2010-05-25 19:13:37 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-05-25 13:21:40 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-05-25 13:21:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-25 13:21:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-25 13:21:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-25 13:21:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-25 13:15:59 77312 ----a-w- c:\windows\mbr.exe

2010-05-11 19:37:28 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-03 14:26:44 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys

2010-05-03 14:26:44 32000 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-05-03 14:26:44 10368 ----a-w- c:\windows\system32\drivers\pfc.sys

2010-05-03 14:26:43 8320 ----a-w- c:\windows\system32\drivers\grmnusb.sys

2010-05-03 14:26:43 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys

2010-05-01 10:29:16 13 ----a-w- c:\windows\system32\WinSys32.crc

==================== Find3M ====================

2010-05-26 00:44:04 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2010-04-29 15:23:28 61440 ----a-w- c:\windows\system32\libfaac.dll

2010-04-29 15:23:28 53248 ----a-w- c:\windows\system32\ogg.dll

2010-04-29 15:23:28 36864 ----a-w- c:\windows\system32\DGRip.dll

2010-04-29 15:23:28 36352 ----a-w- c:\windows\system32\MP2enc.dll

2010-04-29 15:23:28 220160 ----a-w- c:\windows\system32\WnASPI32.dll

2010-04-29 15:23:28 172032 ----a-w- c:\windows\system32\lame_enc.dll

2010-04-29 15:23:28 1163264 ----a-w- c:\windows\system32\vorbis.dll

2010-04-29 15:23:28 1015808 ----a-w- c:\windows\system32\vorbisenc.dll

2010-04-19 21:04:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2010-04-02 10:42:25 796672 ----a-w- c:\windows\GPInstall.exe

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-04 17:57:13 1577352 ----a-w- c:\windows\askToolbarInstaller-1.3.3.0.exe

2008-05-27 22:25:27 1918464 ----a-w- c:\program files\UninstallWPO.exe

2002-07-31 23:55:12 312 --sh--w- c:\windows\WSYS049.SYS

2009-08-21 00:45:45 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-08-22 10:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-08-21 00:45:40 65536 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082020090821\index.dat

2009-08-22 10:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082220090823\index.dat

2009-08-22 10:03:22 32768 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 17:29:01.65 ===============

Link to post
Share on other sites
melboy

melboy

Posted
Posted

Hi

OTM by OldTimer

  • Double-click OTM.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

You can also Delete TDSSKiller & DelDomains.

=

Your log now appears to be clean.

Your computer was infected with a ROOTKIT. In particular, the TDL3 rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it

==

Although not technically malware, the free version of Download Accelerator Plus (DAP) is ad supported.

You might want to read these articles the following articles:

http://sunbeltblog.blogspot.com/2006/01/do...plus-merit.html

http://www.safer-networking.org/en/article...d-managers.html

http://www.softpedia.com/user/licensing_adsupported.php

http://en.wikipedia.org/wiki/List_of_downl...nagers#Managers

===

This thread concerning Spyhunter may interest you. If you pay a fee/subscription for Spyhunter - in my opinion - your money would be better spent on MBAM.

=============================

This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

General Security and Computer Health

Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck Turn off System Restore on all drives.
    • Click Apply
    • Click each drive in turn where system restore is not required and click Settings
      Note: System restore is only needed on drives with an operating system installed
    • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.

    Note: only do this once, and not on a regular basis

    [*]Make sure that you keep your antivirus updated

    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    Uninstall Tools for Major Antivirus Products

    [*]Security Updates for Windows, Internet Explorer & Microsoft Office

    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

    [*]Update Non-Microsoft Programs

    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Link to post
Share on other sites
christcg

christcg

Posted
  • Author
Posted

Melboy,

My sincerest appreciation for your work and effort. You have put in alot of work and interest in me and my system and I appreciate it. You and Malwarebytes are truly unsung heroes. I mean, you saved a life... ok a computer but still...

My computer boots faster, runs faster, makes less noise, and is smoother on the web. I dont ever remember it being this way.

Thank You so Much....

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept