Jump to content

Malware Help Needed... I think Trojan TDSS


Recommended Posts

I read a few forums a couple weeks ago and thought I removed this a few weeks ago with TDSSKiller. Computer seemed fine for awhile, but is starting to show some symptoms again. Especially with Outlook

Just completed the I'm infected forum and below are the text and files:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jeremie Titletec at 22:17:43.25 on Wed 01/05/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1392 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: Online Armor Firewall *Enabled*

FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

C:WINDOWSSystem32svchost.exe -k netsvcs

C:WINDOWSsystem32svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:WINDOWSSystem32WLTRYSVC.EXE

C:WINDOWSSystem32bcmwltry.exe

C:Program FilesOnline ArmorOAcat.exe

C:Program FilesOnline Armoroasrv.exe

C:Program FilesAlwil SoftwareAvast5AvastSvc.exe

C:WINDOWSsystem32spoolsv.exe

svchost.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBroadcomASFIPMonAsfIpMon.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesCisco SystemsVPN Clientcvpnd.exe

C:Program FilesJavajre6binjqs.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesMcAfeeMcSvcHostMcSvHost.exe

C:Program FilesCommon FilesMcAfeeSystemCoremfevtps.exe

C:WINDOWSsystem32HPZipm12.exe

C:Program FilesCyberLinkShared FilesRichVideo.exe

C:Program FilesSigmaTelC-Major AudioWDMstsystra.exe

C:WINDOWSsystem32igfxpers.exe

C:WINDOWSsystem32igfxsrvc.exe

C:WINDOWSsystem32WLTRAY.exe

C:Program FilesMcAfee.comAgentmcagent.exe

C:WINDOWSsystem32spooldriversw32x863WrtMon.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:WINDOWSsystem32spooldriversw32x863WrtProc.exe

C:Program FilesOnline Armoroaui.exe

C:Program FilesSigmaTelC-Major AudioDellXPM_5515v131WDMStacSV.exe

C:Program FilesOnline ArmorOAhlp.exe

C:WINDOWSsystem32ctfmon.exe

C:WINDOWSsystem32svchost.exe -k imgsvc

C:Program FilesChromatic DragonToodledo Sync ApplicationSyncApp.exe

C:Documents and SettingsJeremie TitletecLocal SettingsApplication DataGoogleUpdate1.2.183.39GoogleCrashHandler.exe

C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe

C:Documents and SettingsJeremie TitletecDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:progra~1mcafeesitead~1mcieplg.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:progra~1mcafeemskmskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filescommon filesmcafeesystemcoreScriptSn.20101221155725.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.1.1309.3572swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:progra~1mcafeesitead~1mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:progra~1mcafeesitead~1mcieplg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe

uRun: [Google Update] "c:documents and settingsjeremie titleteclocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe

uRun: [Adobe Reader Synchronizer] "c:program filesadobereader 9.0readerAdobeCollabSync.exe"

mRun: [sigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMstsystra.exe

mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe

mRun: [Persistence] c:windowssystem32igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:windowssystem32WLTRAY.exe

mRun: [updatePPShortCut] "c:program filescyberlinkpowerproducermuitransfermuistartmenu.exe" "c:program filescyberlinkpowerproducer" update "softwarecyberlinkpowerproducer4.0"

mRun: [mcui_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey

mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe

mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 8.0acrobatAcrotray.exe"

mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"

mRun: [WrtMon.exe] c:windowssystem32spooldriversw32x863WrtMon.exe

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

mRun: [igfxTray] c:windowssystem32igfxtray.exe

mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"

mRun: [@OnlineArmor GUI] "c:program filesonline armoroaui.exe"

mRun: [TrojanScanner] c:program filestrojan removerTrjscan.exe /boot

StartupFolder: c:docume~1alluse~1startm~1programsstartuptoodle~1.lnk - c:windowsinstaller{9afa4423-d0e3-4f92-908e-d4c9ceeb3da3}_4EBBCD3A645B53E3579F1E.exe

StartupFolder: c:docume~1alluse~1startm~1programsstartupvpncli~1.lnk - c:windowsinstaller{4c271126-c295-4828-a901-5910ae0c258b}Icon3E5562ED7.ico

IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL

LSP: bmnet.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236175096515

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:progra~1mcafeesitead~1McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:progra~1mcafeesitead~1McIEPlg.dll

Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:progra~1online~2oaevent.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:docume~1jeremi~1applic~1mozillafirefoxprofilesssu71det.default

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - component: c:program filesmcafeesiteadvisorcomponentsMcFFPlg.dll

FF - plugin: c:documents and settingsjeremie titleteclocal settingsapplication datagoogleupdate1.2.183.39npGoogleOneClick8.dll

FF - plugin: c:program filescommon filesresearch in motionbbwebsllauncherNPWebSLLauncher.dll

FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:program filesgooglegoogle updater2.4.1536.6592npCIDetect13.dll

FF - plugin: c:program filesgoogleupdate1.2.183.39npGoogleOneClick8.dll

FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesmozilla firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationDotNetAssistantExtension

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:program filesmcafeeSiteAdvisor

FF - Ext: Java Quick Starter: jqs@sun.com - c:program filesjavajre6libdeployjqsff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%extensions{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:windowssystem32driversmfehidk.sys [2010-5-8 386840]

R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2011-1-5 293968]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:windowssystem32driversmfetdi2k.sys [2010-5-8 84072]

R1 OADevice;OADriver;c:windowssystem32driversOADriver.sys [2010-12-19 202064]

R1 oahlpXX;Online Armor helper driver;c:windowssystem32driversoahlp32.sys [2010-12-19 38856]

R1 OAmon;OAmon;c:windowssystem32driversOAmon.sys [2010-12-19 25000]

R1 OAnet;OAnet;c:windowssystem32driversOAnet.sys [2010-12-19 29272]

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:program filesbroadcomasfipmonAsfIpMon.exe [2006-12-19 79432]

R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2011-1-5 17744]

R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2011-1-5 40384]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:program filescommon filesmcafeemcsvchostMcSvHost.exe" /McCoreSvc [2010-5-8 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:program filescommon filesmcafeemcsvchostMcSvHost.exe" /McCoreSvc [2010-5-8 271480]

R2 McProxy;McAfee Proxy Service;"c:program filescommon filesmcafeemcsvchostMcSvHost.exe" /McCoreSvc [2010-5-8 271480]

R2 McShield;McShield;c:program filescommon filesmcafeesystemcoremcshield.exe [2010-5-8 171168]

R2 mfefire;McAfee Firewall Core Service;c:program filescommon filesmcafeesystemcoremfefire.exe [2010-5-8 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:program filescommon filesmcafeesystemcoremfevtps.exe [2010-5-8 141792]

R2 OAcat;Online Armor Helper Service;c:program filesonline armoroacat.exe [2010-12-19 380784]

R2 SvcOnlineArmor;Online Armor;c:program filesonline armoroasrv.exe [2010-12-19 3652696]

R3 cfwids;McAfee Inc. cfwids;c:windowssystem32driverscfwids.sys [2010-5-8 55840]

R3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmfeavfk.sys [2008-9-25 152960]

R3 mfefirek;McAfee Inc. mfefirek;c:windowssystem32driversmfefirek.sys [2010-5-8 313288]

R3 mfendiskmp;mfendiskmp;c:windowssystem32driversmfendisk.sys [2010-5-8 88544]

S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-1-6 135664]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesmcafeesiteadvisorMcSACore.exe [2010-1-20 88176]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:program filesat&tcommunication managerRcAppSvc.exe [2008-9-4 111896]

S3 mfebopk;McAfee Inc. mfebopk;c:windowssystem32driversmfebopk.sys [2008-9-25 52104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:windowssystem32driversmfendisk.sys [2010-5-8 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:windowssystem32driversmferkdet.sys [2010-5-8 84264]

S3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmferkdk.sys [2008-9-25 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmfesmfk.sys [2008-9-25 40552]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:windowssystem32driversNwUsbCdFil.sys [2008-7-7 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:windowssystem32driversnwusbser2.sys [2008-5-9 174336]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:progra~1verizo~1vzacce~1SMSIVZAM5.SYS [2009-3-20 32408]

S3 vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

==================== Find3M ====================

2010-12-31 20:06:36 38848 ----a-w- c:windowsavastSS.scr

2010-12-20 05:37:22 256 ----a-w- c:windowssystem32pool.bin

2010-12-20 04:43:58 73728 ----a-w- c:windowssystem32javacpl.cpl

2010-12-20 04:43:58 472808 ----a-w- c:windowssystem32deployJava1.dll

2010-11-29 22:38:30 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx

2010-11-29 22:38:30 69632 ----a-w- c:windowssystem32QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:windowssystem32isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:windowssystem32wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:windowssystem32licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:windowssystem32inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:windowssystem32html.iec

2010-10-28 13:13:22 290048 ----a-w- c:windowssystem32atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:windowssystem32win32k.sys

============= FINISH: 22:19:42.56 ===============

Sorry I didn't include MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5466

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/5/2011 10:02:45 PM

mbam-log-2011-01-05 (22-02-45).txt

Scan type: Quick scan

Objects scanned: 147076

Time elapsed: 15 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

Attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

Looks like you're running 2 anti-virus programs and 2 Firewalls.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: Online Armor Firewall *Enabled*

FW: McAfee Firewall *Enabled*

You need to uninstall a firewall and a anti-virus program.

After the above:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Didn't know that about the firewalls, but when I started the thread I had just downloaded Avast to run the Boot Scan. Mcafee uninstalled for now.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Jeremie Titletec at 21:57:42.62 on Fri 01/07/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1439 [GMT -5:00]

AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Online Armor Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Online Armor\OAcat.exe

C:\Program Files\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Online Armor\oaui.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\Online Armor\OAhlp.exe

C:\Documents and Settings\Jeremie Titletec\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Jeremie Titletec\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\jeremie titletec\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [iSUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler

uRun: [Adobe Reader Synchronizer] "c:\program files\adobe\reader 9.0\reader\AdobeCollabSync.exe"

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\4.0"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\toodle~1.lnk - c:\windows\installer\{9afa4423-d0e3-4f92-908e-d4c9ceeb3da3}\_4EBBCD3A645B53E3579F1E.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{4c271126-c295-4828-a901-5910ae0c258b}\Icon3E5562ED7.ico

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: bmnet.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236175096515

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeremi~1\applic~1\mozilla\firefox\profiles\ssu71det.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\jeremie titletec\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-7 165584]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-12-19 202064]

R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-12-19 38856]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-12-19 25000]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-12-19 29272]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-7 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-7 40384]

R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2010-12-19 380784]

R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2010-12-19 3652696]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-7 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-7 40384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-9-4 111896]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-25 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-25 40552]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2011-01-08 02:42:24 38848 ----a-w- c:\windows\avastSS.scr

2011-01-07 20:13:04 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-01-07 20:13:04 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-07 19:45:38 -------- d--h--w- c:\windows\$hf_mig$

2010-12-27 21:02:52 -------- d-----w- c:\program files\common files\eSellerate

2010-12-21 18:32:10 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2010-12-21 18:32:10 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2010-12-21 16:04:50 -------- d-----w- c:\docume~1\jeremi~1\locals~1\applic~1\Mozilla Firefox

2010-12-20 15:13:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 15:13:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 15:13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-20 04:54:35 -------- d-----w- c:\program files\SpywareBlaster

2010-12-20 04:44:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-20 04:36:30 -------- d-----w- c:\docume~1\jeremi~1\applic~1\OnlineArmor

2010-12-20 04:36:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor

2010-12-20 04:35:49 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2010-12-20 04:35:49 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys

2010-12-20 04:35:49 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys

2010-12-20 04:35:49 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys

2010-12-20 04:35:45 -------- d-----w- c:\program files\Online Armor

2010-12-20 03:59:16 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-20 03:10:53 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-20 00:07:56 -------- d-----w- c:\docume~1\jeremi~1\applic~1\SUPERAntiSpyware.com

2010-12-20 00:07:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-12-20 00:07:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-20 00:03:59 -------- d-----w- c:\program files\CCleaner

2010-12-17 23:21:51 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-12-17 23:21:48 -------- d-----w- c:\docume~1\jeremi~1\applic~1\Simply Super Software

2010-12-16 02:10:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-12-16 01:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-16 01:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-12-16 01:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-12-16 01:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-12-16 01:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-12-16 01:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-12-16 01:18:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

==================== Find3M ====================

2010-12-20 05:37:22 256 ----a-w- c:\windows\system32\pool.bin

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 22:02:20.51 ===============

Link to post
Share on other sites

PC Boots slowly. Anti-virus turns it self off randemly. Windows updates are blocked. If I update Mcafee or Avast (tried both with only one installed), they ask me to restart. As soon as I restart the PC reboots, but no programs will respond. An hour glass will appear and nothing will run. I have to reboot in Safe Mode and finally restore back to an earlier date. Malwarebytes will not always run or update. I uninstalled Mcafee, because it began to run a process needing access to the web every other second that the firewall had not previously recognized.

TrojanRemover found a Trojan TDSS in

c:\windows\system32\drivers\dlacdbhm.sys

hklm\system\currentcontrolset\services\dlacdbhm

I did have a Trojan a few weeks ago that I finally removed with TDSkiller, but most of the symptoms seemed to be while on the web.

Link to post
Share on other sites

If you still have TDSSKiller, run a new scan with it.

IF nothing is found, then run Combofix. If TDSSKiller finds something, post the results.

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

ComboFix 11-01-07.01 - Jeremie Titletec 01/08/2011 8:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1504 [GMT -5:00]

Running from: c:\documents and settings\Jeremie Titletec\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Jeremie Titletec\g2mdlhlpx.exe

c:\documents and settings\Jeremie Titletec\GoToAssistDownloadHelper.exe

.

((((((((((((((((((((((((( Files Created from 2010-12-08 to 2011-01-08 )))))))))))))))))))))))))))))))

.

2011-01-08 04:26 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-01-08 04:26 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-01-08 04:26 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-01-08 04:26 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-01-08 04:26 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-01-08 04:26 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-01-08 04:26 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-01-08 04:26 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr

2011-01-08 04:26 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2011-01-08 04:19 . 2011-01-08 04:19 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-08 02:42 . 2011-01-08 02:42 -------- d-----w- c:\program files\Alwil Software

2010-12-27 21:02 . 2010-12-27 21:03 -------- d-----w- c:\program files\Common Files\eSellerate

2010-12-21 18:32 . 2010-12-03 19:35 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2010-12-21 18:32 . 2010-12-03 19:35 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2010-12-21 16:04 . 2010-12-21 16:33 -------- d-----w- c:\documents and settings\Jeremie Titletec\Local Settings\Application Data\Mozilla Firefox

2010-12-20 15:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 15:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 15:13 . 2011-01-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-20 04:54 . 2010-12-28 20:34 -------- d-----w- c:\program files\SpywareBlaster

2010-12-20 04:44 . 2010-12-20 04:43 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-20 04:36 . 2010-12-20 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2010-12-20 04:36 . 2010-12-20 04:37 -------- d-----w- c:\documents and settings\Jeremie Titletec\Application Data\OnlineArmor

2010-12-20 04:35 . 2010-10-27 00:52 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2010-12-20 04:35 . 2010-10-27 00:52 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys

2010-12-20 04:35 . 2010-10-27 00:52 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys

2010-12-20 04:35 . 2010-10-27 00:52 202064 ----a-w- c:\windows\system32\drivers\OADriver.sys

2010-12-20 04:35 . 2011-01-08 04:25 -------- d-----w- c:\program files\Online Armor

2010-12-20 03:59 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-20 03:10 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-20 00:07 . 2010-12-20 00:07 -------- d-----w- c:\documents and settings\Jeremie Titletec\Application Data\SUPERAntiSpyware.com

2010-12-20 00:07 . 2010-12-20 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-12-20 00:07 . 2011-01-02 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-20 00:03 . 2010-12-20 00:04 -------- d-----w- c:\program files\CCleaner

2010-12-17 23:21 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-12-17 23:21 . 2010-12-17 23:21 -------- d-----w- c:\documents and settings\Jeremie Titletec\Application Data\Simply Super Software

2010-12-16 02:10 . 2011-01-05 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-12-16 01:18 . 2010-12-16 01:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2010-12-16 01:18 . 2010-12-16 01:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2010-12-16 01:18 . 2010-12-16 01:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2010-12-16 01:18 . 2010-12-16 01:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2010-12-16 01:18 . 2010-12-16 01:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2010-12-16 01:18 . 2010-12-16 01:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2010-12-16 01:18 . 2010-12-16 01:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2010-12-16 01:17 . 2010-12-16 01:18 -------- d-----w- c:\program files\QuickTime

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12 . 2008-09-25 21:13 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Jeremie Titletec\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-16 133104]

"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-06-03 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]

"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-07-18 20480]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-05-22 151552]

"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-10-27 2345000]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Toodledo Sync Tool.lnk - c:\windows\Installer\{9AFA4423-D0E3-4F92-908E-D4C9CEEB3DA3}\_4EBBCD3A645B53E3579F1E.exe [2010-5-3 894]

VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-6-9 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2010-10-27 353992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jeremie Titletec^Start Menu^Programs^Startup^DSmobileSCAN II.lnk]

path=c:\documents and settings\Jeremie Titletec\Start Menu\Programs\Startup\DSmobileSCAN II.lnk

backup=c:\windows\pss\DSmobileSCAN II.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]

2008-09-05 21:10 33280 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]

2010-07-22 12:08 39816 ----a-w- c:\program files\Citrix\GoToMeeting\457\g2mstart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-09-13 19:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-10-11 16:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2008-02-26 14:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2008-01-22 18:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]

2006-10-06 14:14 53248 ----a-w- c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"YahooAUService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/7/2011 11:26 PM 165584]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/19/2010 11:35 PM 202064]

R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [12/19/2010 11:35 PM 38856]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/19/2010 11:35 PM 25000]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/19/2010 11:35 PM 29272]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2011 11:26 PM 17744]

R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [12/19/2010 11:35 PM 380784]

R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [12/19/2010 11:35 PM 3652696]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 3:59 PM 135664]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/4/2008 1:09 PM 111896]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

.

Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-29 20:52]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:58]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:58]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1390067357-839522115-1003Core.job

- c:\documents and settings\Jeremie Titletec\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-16 01:33]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1390067357-839522115-1003UA.job

- c:\documents and settings\Jeremie Titletec\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-16 01:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: bmnet.dll

FF - ProfilePath - c:\documents and settings\Jeremie Titletec\Application Data\Mozilla\Firefox\Profiles\ssu71det.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

HKCU-Run-Adobe Reader Synchronizer - c:\program files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

HKLM-Run-Acrobat Assistant 8.0 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-08 08:41

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(852)

c:\windows\system32\bmnet.dll

.

Completion time: 2011-01-08 08:46:23

ComboFix-quarantined-files.txt 2011-01-08 13:46

Pre-Run: 60,645,195,776 bytes free

Post-Run: 60,678,672,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F81874BC38301DCEBF947A097FDE2A13

Don't notice anything different so far.

Link to post
Share on other sites

That looks clean to me.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :blink:

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

While Uninstall Combobox my fire wall stops me saying "A Dangerous Program trying to run"

Product Name: Steelwerx Extended configurator ACLists

Google Search says win32 Trojan Downloader.

swxcacls.cfxxe

c:\32788r22fwjfw\swxcacls.cfxxee

Is this apart of Combo Box or something else

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.