i think i have a hacker or virus!! please help

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

i think i have a hacker or virus!! please help

Options

elise025 View Member Profile	Jan 22 2010, 04:30 AM Post #61
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Make sure Combofix is named "combofix.exe" (if you downloaded it when there was still an old copy, it might have been automatically renamed). -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 22 2010, 01:30 PM Post #62
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	ComboFix 10-01-21.08 - Owner 01/22/2010 13:10:30.4.1 - x86 Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials On-access scanning disabled (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 ))))))))))))))))))))))))))))))) . 2010-01-19 13:43 . 2010-01-19 13:43 -------- d-----w- C:\_OTL 2010-01-18 21:27 . 2010-01-18 21:27 -------- d-----w- c:\program files\ESET 2010-01-15 00:53 . 2010-01-15 00:57 -------- dc-h--w- c:\windows\ie8 2010-01-14 22:48 . 2010-01-14 22:49 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-01-14 20:04 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-14 20:04 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-14 20:04 . 2010-01-14 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-12 17:03 . 2010-01-12 18:32 -------- d-----w- C:\ComboFix2 2010-01-12 04:26 . 2010-01-12 04:26 -------- d-----w- C:\677a6e0afe04d46de88eaefdba101e89 2010-01-11 19:22 . 2010-01-11 19:21 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-04 15:40 . 2010-01-04 15:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth 2010-01-04 09:01 . 2010-01-04 09:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-01-03 04:18 . 2010-01-03 04:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2010-01-03 03:33 . 2010-01-03 03:33 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-03 03:33 . 2010-01-03 03:33 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-03 03:33 . 2010-01-03 03:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-01-01 06:53 . 2010-01-01 06:53 -------- d-s---w- c:\documents and settings\Owner\%USERPROFILE% 2009-12-29 23:31 . 2009-12-29 23:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-12-29 23:19 . 2009-12-29 23:19 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-29 23:18 . 2009-12-29 23:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-12-29 13:20 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-12-29 13:20 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll 2009-12-29 09:43 . 2009-12-29 09:44 -------- d-----w- C:\8d1f879bc5941325460c55907fa7 2009-12-29 09:34 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2009-12-29 05:31 . 2009-12-29 05:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-12-29 05:06 . 2009-12-29 05:06 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2009-12-29 04:55 . 2008-04-13 19:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-12-29 04:54 . 2008-04-14 01:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2009-12-29 04:53 . 2008-04-13 19:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys 2009-12-29 04:52 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys 2009-12-29 04:51 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys 2009-12-29 04:50 . 2004-08-04 06:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys 2009-12-29 04:50 . 2001-08-17 17:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys 2009-12-29 04:50 . 2001-08-17 17:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys 2009-12-29 04:50 . 2002-09-03 16:56 132608 -c--a-w- c:\windows\system32\dllcache\rsvp.exe 2009-12-29 04:50 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll 2009-12-29 04:50 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys 2009-12-29 04:50 . 2008-04-13 19:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys 2009-12-29 04:50 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys 2009-12-29 04:50 . 2002-09-03 16:56 9728 -c--a-w- c:\windows\system32\dllcache\reset.exe 2009-12-29 04:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll 2009-12-29 04:50 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys 2009-12-29 04:50 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2009-12-29 04:50 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys 2009-12-29 04:48 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe 2009-12-29 04:47 . 2008-04-13 19:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys 2009-12-29 04:46 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys 2009-12-29 04:45 . 2001-08-18 03:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll 2009-12-29 04:45 . 2008-04-14 01:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll 2009-12-29 04:45 . 2008-04-14 01:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll 2009-12-29 04:44 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-12-29 04:44 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2009-12-29 04:44 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-12-29 04:44 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-12-29 04:44 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2009-12-29 04:42 . 2002-09-03 16:24 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll 2009-12-29 04:41 . 2002-09-03 16:24 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll 2009-12-29 04:40 . 2001-08-17 19:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll 2009-12-29 04:39 . 2001-08-17 17:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys 2009-12-29 04:39 . 2001-08-17 17:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys 2009-12-29 04:39 . 2001-08-17 17:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys 2009-12-29 04:39 . 2001-08-17 17:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys 2009-12-29 04:39 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys 2009-12-29 04:39 . 2001-08-17 17:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys 2009-12-29 04:37 . 2001-08-17 17:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys 2009-12-29 04:36 . 2001-08-17 17:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys 2009-12-29 04:35 . 2001-08-18 03:36 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll 2009-12-29 04:34 . 2001-08-17 17:13 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys 2009-12-29 04:33 . 2001-08-17 17:11 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys 2009-12-29 04:29 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys 2009-12-29 04:28 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2009-12-24 19:52 . 2009-12-24 19:52 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache 2009-12-24 18:39 . 2009-12-24 18:39 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-12-24 18:26 . 2009-12-24 18:26 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-12-24 17:54 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-24 17:54 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-24 17:54 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-24 17:54 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-24 17:54 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-24 17:54 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-24 17:54 . 2010-01-15 01:50 -------- d-----w- c:\windows\ie8updates 2009-12-24 17:53 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-14 20:05 . 2009-12-10 00:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-01-14 20:04 . 2009-12-10 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-14 15:26 . 2009-12-10 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2010-01-14 15:26 . 2009-12-10 00:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-11 19:26 . 2008-05-22 03:39 -------- d-----w- c:\program files\Java 2010-01-06 02:18 . 2008-05-22 06:09 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2009-12-16 18:55 . 2009-12-16 18:55 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-16 18:54 . 2009-12-16 18:54 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-16 18:51 . 2008-05-22 03:29 -------- d-----w- c:\program files\LimeWire 2009-12-13 22:54 . 2009-12-13 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-12-13 22:49 . 2009-12-13 22:49 -------- d-----w- c:\program files\NOS 2009-12-10 00:44 . 2009-12-10 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-07 05:10 . 2008-06-05 20:55 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-01 17:46 . 2008-05-22 03:09 13104 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-01 16:25 . 2009-12-01 16:25 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\MSBuild 2009-12-01 15:42 . 2009-12-01 15:42 -------- d-----w- c:\program files\Reference Assemblies 2009-11-30 05:45 . 2009-11-30 05:45 61224 ----a-w- c:\documents and settings\Owner\GoToAssistDownloadHelper.exe 2009-11-30 05:30 . 2009-11-30 05:30 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee 2009-11-30 01:31 . 2009-11-30 01:31 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8 2009-11-21 15:51 . 2002-09-03 16:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 04:48 . 2009-10-29 04:48 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-29 04:48 . 2009-10-29 04:48 348160 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-20 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-20 114688] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-11 149280] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0pgdfgsvc C 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] 2003-08-29 11:59 122880 ----a-w- c:\windows\BCMSMMSG.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-01-19 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] 2010-01-22 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/search?q=internet+explorer&rls=com.microsoft:en-us:IE-Address&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7ADBF_en uInternet Settings,ProxyOverride = 127.0.0.1 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: facebook.com\apps DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-22 13:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2812) c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . Completion time: 2010-01-22 13:27:52 ComboFix-quarantined-files.txt 2010-01-22 18:27 ComboFix2.txt 2010-01-12 18:26 ComboFix3.txt 2010-01-11 21:05 ComboFix4.txt 2010-01-10 23:07 Pre-Run: 28,879,482,880 bytes free Post-Run: 28,875,550,720 bytes free - - End Of File - - D6B63FF0F3C98F4BE4A8904C7CA7E037

elise025 View Member Profile	Jan 22 2010, 01:43 PM Post #63
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Well, everything looks okay there... Those CPU problems happened after we changed the page file size? If thats the case, lets change it back. It seems unlikely, but who knows... -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 22 2010, 05:21 PM Post #64
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	what do i change it to?

elise025 View Member Profile	Jan 23 2010, 03:29 AM Post #65
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Sorry, forgot to mention that Initial size 512 Maximum size 768 Click set after modifying the entries. Let me know if this changes anything. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 24 2010, 08:26 PM Post #66
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	i don't think it made much of a difference to be honest ....i just noticed combofix has some sort of bug...... does that mean my computer has that bug as well???

elise025 View Member Profile	Jan 25 2010, 05:35 AM Post #67
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	No worries about that Combofix bug, your computer was not affected by it Do you remember if your computer is more slow than before all problems started? -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 25 2010, 09:22 AM Post #68
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	uuummmmm, i wouldn't say that its more slow.....just slow! i think the main issue right now for me is the "not responding" issue.

elise025 View Member Profile	Jan 25 2010, 09:28 AM Post #69
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Well, slow it will be anyway because it has only 128 mb or RAM. There is little you can do about that except for buying more RAM. This can also cause the "non responding" errors if you try to open too many programs at a time. Is there a specific program that keeps freezing, or all of them. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

kshoney44 View Member Profile	Jan 25 2010, 03:43 PM Post #70
Member Group: Members Posts: 43 Joined: 28-December 09 Member No.: 425,342	its all of them. the thing is, i pretty much always only have one program running at a time....two tops. usually its facebook and bleeping...or one or the other. my CPU goes from 0,0,0,0, 4, 78,0,100,0,0,0...its just crazy!! my cousin is going to update mt RAM for my in 2 weeks.

elise025 View Member Profile	Jan 26 2010, 05:22 AM Post #71
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	In that case, please post me one last DDS log for review. If this is clean, we will finish things hereand if after you upgrade the RAM you still have those issues, you can send me a PM, so we can pick up this topic again. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

elise025 View Member Profile	Feb 2 2010, 01:30 PM Post #73
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	That was only attach.txt, can you please also post me the dds.txt log produced by DDS? (the one with running processes, pseudo HJT section, Services/Drivers and so on). -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

elise025 View Member Profile	Feb 3 2010, 11:14 AM Post #75
Bleepin' Blonde Group: Moderator Posts: 16,070 Joined: 5-October 07 From: Home Member No.: 160,991	Hello kshoney44, Things look okay. If problems still persist after upgrading the RAM, feel free to PM me so we can pick up things again. ALL CLEAN -------------- Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean Please do the following to remove the remaining programs from your PC: Delete the tools used during the disinfection: Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer. Delete DDS, GMER (this is a random named file) and RootRepeal. Run OTL and click Cleanup. Follow the prompts and allow a reboot. Please read these advices, in order to prevent reinfecting your PC: Install and update the following programs regularly: an outbound firewall A comprehensive tutorial and a list of possible firewalls can be found here. an AntiVirus Software It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. an Anti-Spyware program Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. Spyware Blaster A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating. MVPs hosts file A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file Keep Windows (and your other Microsoft software) up to date! I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!! Keep your other software up to date as well Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine. Stay up to date! The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing . Some more links you might find of interest: Miekies' prevention suggestions So How did I get infected? Microsoft - 'Security at home' Calendar of Updates: See which updates have been released. How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail Commonly UsedFreeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum. osalt: Find (free) open source alternatives to known commercial software. Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides