Jump to content

Infected (Guard Online)


Recommended Posts

Windows Vista.

I have this Guard Online popping up. It's slowing down my connection, I can't even use search engines. At one point, it wouldn't allow me to open any programs.

I've attached the dds.txt file. The pop-up told me to attach the "Attach.txt" file as a zip file, but I don't have a program for that and it seems winzip is $30 now. Is it necessary that I zip it? Is there a free program that can do this? Google isn't working for me.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_18

Run by Aaron at 20:53:56 on 2011-10-10

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1840 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\4108714270:3791526155.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crss.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: adfabonppr Object: {26d02f99-ae5b-4533-ad67-e23b4b20d60d} - c:\windows\$blstun$\qgnnv.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: GetDislike: {3543619c-d563-43f7-95ea-4da7e1cc396a} - c:\program files\getdislike\ie\310041550getdisike.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: brumabonpgrm Object: {795f4311-02c9-4b7b-a9bb-78d4fe68a98d} - c:\windows\$blstun$\lmatn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [nivvDD3onF4am5W8234A] c:\windows\system32\pUUUVrrlOBtP0yS.exe

mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe

mRun: [hpp4aQQH6sW7fLg8234A] c:\windows\system32\tVrrzOttxAucSiD.exe

mRun: [TQ8ZXjrNx8234A] c:\windows\system32\g5QJ7dEKghXUeyu.exe

mRun: [COONNt0ucSiboG8234A] c:\windows\system32\HHHsWW7fEL9TZjY.exe

mRun: [uOONNt0ucSiboG8234A] c:\windows\system32\HHHsWW7fEL9TZjY.exe

mRun: [j444pG55s6E8fhT8234A] c:\windows\system32\yIIBzNc1vDb.exe

mRun: [z3oF4aHH5WERqYe8234A] c:\windows\system32\ygTZZqhwkUrOt1v.exe

mRun: [P77dg9XjlzcuDGs8234A] c:\windows\system32\yiivvD22onFpm5.exe

mRun: [kkIVrrzONtxAciD8234A] c:\windows\system32\xFF3pn55QKR9TXj.exe

mRun: [FpppmmH5s8234A] c:\windows\system32\ZUUVrrlOBtxPyc1.exe

mRun: [obbbDoonG4aH6WJ8234A] c:\windows\system32\UOONNtxxA0c3QK.exe

mRun: [mYCCwkIVrlONx0u8234A] c:\windows\system32\XHHH6sWJ7fE8gTq.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\mwb23\mbamgui.exe" /starttray

dRun: [-1508131379] c:\windows\temp\\jucheck.exe

dRun: [Apple Update] rundll32 "c:\windows\system32\config\systemprofile\appdata\local\microsoft\microsoftupdate\Microsoftupdt32.dll",DllRegisterServer

dRun: [intelBackupOnline] rundll32.exe "c:\programdata\IntelBackupOnline.dll",DllRegisterServer

StartupFolder: c:\users\aaron\appdata\roaming\microsoft\windows\start menu\programs\startup\crss.exe

StartupFolder: c:\users\aaron\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\whites~1.lnk - c:\users\aaron\desktop\WhiteSmokeWriterGeo5002_en.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{26C1F455-50F0-46E7-9B37-7F6802059031} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4C009B66-FB85-4843-BCF2-C8C92DB96BEE} : DhcpNameServer = 209.18.47.61 209.18.47.62

Hosts: 95.64.61.143 www.google.com

Hosts: 95.64.61.144 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\b1cs64uz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://pitchfork.com/|

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=

FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll

FF - component: c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\b1cs64uz.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\aaron\appdata\roaming\mozilla\firefox\profiles\b1cs64uz.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-5 22216]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]

S2 MBAMService;MBAMService;c:\program files\mwb23\mbamservice.exe [2011-10-10 366152]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-8-6 51712]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-11 01:44:54 -------- d-----w- c:\users\aaron\appdata\roaming\qqhYXwkUVlBz0c1

2011-10-11 01:44:53 -------- d-----w- c:\users\aaron\appdata\roaming\RD3onF4am5W7E8R

2011-10-11 01:44:39 -------- d-----w- c:\users\aaron\appdata\roaming\hnF4amH5s

2011-10-11 01:44:36 -------- d-----w- c:\users\aaron\appdata\roaming\qFms68fRZhXj

2011-10-11 01:44:36 -------- d-----w- c:\users\aaron\appdata\roaming\afRZ9hTXwUeIrPy

2011-10-11 01:44:35 -------- d-----w- c:\users\aaron\appdata\roaming\eeo4HJEg9XUltNu

2011-10-11 01:44:30 -------- d-----w- c:\users\aaron\appdata\roaming\Hy1Dbp5JEfhwCIz

2011-10-11 01:44:30 -------- d-----w- c:\users\aaron\appdata\roaming\bdEKg9XUlzy1Dbp

2011-10-11 01:44:29 -------- d-----w- c:\users\aaron\appdata\roaming\YgRZ9hYXwUeIt

2011-10-11 01:34:44 -------- d-----w- c:\users\aaron\appdata\roaming\t3pnG5aQHdKfLgX

2011-10-11 01:34:44 -------- d-----w- c:\users\aaron\appdata\roaming\ovinQKL9hXjCkBz

2011-10-11 01:34:44 -------- d-----w- c:\users\aaron\appdata\roaming\KS2F3pnG5Q6W7R9

2011-10-11 01:34:43 -------- d-----w- c:\users\aaron\appdata\roaming\DE9IySpKhCzxvin

2011-10-11 01:34:42 -------- d-----w- c:\users\aaron\appdata\roaming\F5JEg9XUltNAvo4

2011-10-11 01:34:41 -------- d-----w- c:\users\aaron\appdata\roaming\ItAvop5JE

2011-10-11 01:34:40 -------- d-----w- c:\users\aaron\appdata\roaming\r6sWJ7fEgqYwUlB

2011-10-11 01:34:35 -------- d-----w- c:\users\aaron\appdata\roaming\B2aTVunKqO

2011-10-11 01:34:33 -------- d-----w- c:\users\aaron\appdata\roaming\SHkiJyFKVushrvQ

2011-10-11 01:34:07 -------- d-----w- c:\users\aaron\appdata\roaming\XPFRr3fkcQTODJC

2011-10-11 01:34:03 -------- d-----w- c:\users\aaron\appdata\roaming\FzS49N48O4q0sXN

2011-10-11 01:06:57 -------- d-----w- c:\program files\MWB23

2011-10-11 01:01:08 -------- d-----w- c:\program files\MWB

2011-10-11 00:50:44 3042304 ----a-w- c:\windows\system32\XHHH6sWJ7fE8gTq.exe

2011-10-11 00:50:43 3042304 ----a-w- c:\windows\system32\UOONNtxxA0c3QK.exe

2011-10-11 00:48:43 3042304 ----a-w- c:\windows\system32\ZUUVrrlOBtxPyc1.exe

2011-10-11 00:46:22 101888 ----a-w- c:\programdata\IntelBackupOnline.dll

2011-10-11 00:45:56 3042304 ----a-w- c:\windows\system32\xFF3pn55QKR9TXj.exe

2011-10-11 00:45:53 3042304 ----a-w- c:\windows\system32\yiivvD22onFpm5.exe

2011-10-11 00:35:35 3042304 ----a-w- c:\windows\system32\ygTZZqhwkUrOt1v.exe

2011-10-11 00:35:27 3042304 ----a-w- c:\windows\system32\yIIBzNc1vDb.exe

2011-10-11 00:34:41 3042304 ----a-w- c:\windows\system32\HHHsWW7fEL9TZjY.exe

2011-10-11 00:34:38 3042304 ----a-w- c:\windows\system32\g5QJ7dEKghXUeyu.exe

2011-10-11 00:32:37 -------- d-----w- c:\program files\getdislike

2011-10-11 00:32:33 -------- d-----w- c:\windows\$BLSTUN$

2011-10-11 00:32:32 -------- d-----w- c:\programdata\WSTB

2011-10-11 00:11:16 -------- d-----w- c:\users\aaron\appdata\roaming\HgTZqjYCwIr

2011-10-11 00:11:16 -------- d-----w- c:\users\aaron\appdata\roaming\GONtxP0uc1b3n4m

2011-10-08 23:15:49 -------- d-----w- c:\users\aaron\appdata\roaming\UIVVrrzONtxA0c2

2011-10-08 23:15:49 -------- d-----w- c:\users\aaron\appdata\roaming\sbbDD3ppnGa

2011-10-08 23:15:42 69120 ----a-w- c:\users\aaron\appdata\roaming\microsoft\windows\start menu\programs\startup\crss.exe

2011-10-08 23:15:40 3037184 ----a-w- c:\windows\system32\pUUUVrrlOBtP0yS.exe

2011-10-08 23:15:40 -------- d-----w- c:\users\aaron\appdata\roaming\QEEELL8gTZqhCw

2011-10-02 01:59:50 -------- d-----w- c:\program files\RealTemp

2011-09-17 05:23:41 -------- d-----w- c:\program files\Diablo III Beta

2011-09-17 05:14:38 -------- d-----w- c:\programdata\Battle.net

2011-09-16 01:53:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2011-10-11 01:07:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-03 21:16:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec

2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 20:54:26.43 ===============

DDS.txt

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can also disable access to the internet when it's been removed.

It will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.