Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New tabs keep opening in IE to pages i've never been on


  • This topic is locked This topic is locked
7 replies to this topic

#1 racmoo99

racmoo99

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 08 February 2009 - 03:43 PM

When i'm on Interne Explorer a new tab randmly appears normally with an advertisement on it, every few minutes. I have a pop up blocker which makes no difference. I reset Internet Explorer to its original settings in case it was an add-on but that made no difference. I've run AVG, Adaware and Windows Defender and none of these have fixed the problem. I decided to download Firefox to use while i fxed the problem however it has the same problem. I'll be surfing the net and a new window will openup randomly every few minutes!


DDS (Ver_09-02-01.01) - NTFSx86
Run by Rach at 20:32:24.11 on 08/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3037.1965 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Rach\AppData\Local\tgbhepc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\ZTE Mobile Connection\datacard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rach\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_5535
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_5535
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [tgbhepc] "c:\users\rach\appdata\local\tgbhepc.exe" tgbhepc
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: {F8DD630E-F1BC-47BB-9612-701B288AB0CB} = 4.2.2.3 4.2.2.4
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rach\appdata\roaming\mozilla\firefox\profiles\c2alaybh.default\
FF - prefs.js: browser.startup.homepage - www.google.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-8 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-5 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-5 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 298264]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-19 24576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-10-4 22072]

=============== Created Last 30 ================

2009-02-08 19:19 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-08 18:32 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-08 18:32 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 18:32 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 18:32 <DIR> --d----- c:\programdata\Lavasoft
2009-02-08 18:32 <DIR> --d----- c:\program files\Lavasoft
2009-02-08 17:30 <DIR> --d----- c:\program files\NoAdware
2009-02-08 16:28 <DIR> --d----- C:\VundoFix Backups
2009-02-07 18:43 <DIR> --d----- c:\program files\Eternal Syndrome Entertainment
2009-02-05 22:31 <DIR> --d----- c:\users\rach\appdata\roaming\eSobi
2009-02-05 22:29 <DIR> --d----- c:\programdata\Sandlot Games
2009-02-05 22:29 <DIR> --d----- c:\progra~2\Sandlot Games
2009-02-05 22:24 <DIR> --d----- c:\programdata\Arcade Lab
2009-02-05 22:24 <DIR> --d----- c:\progra~2\Arcade Lab
2009-02-05 22:24 <DIR> a-d----- c:\programdata\TEMP
2009-02-05 21:43 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-05 21:16 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-05 21:16 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-05 21:16 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-05 21:16 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-05 21:16 <DIR> --d----- c:\program files\AVG
2009-02-05 19:38 <DIR> --d----- c:\programdata\avg8
2009-02-05 19:38 <DIR> --d----- c:\progra~2\avg8
2009-02-04 22:10 <DIR> --d----- C:\Downloads
2009-02-04 22:07 <DIR> --d----- c:\program files\Free Download Manager
2009-01-29 18:27 <DIR> --d----- c:\users\rach\Tracing
2009-01-29 18:26 <DIR> --d----- c:\program files\Microsoft
2009-01-29 18:26 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-29 18:17 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-27 20:24 <DIR> --d----- C:\My Downloads
2009-01-27 20:24 <DIR> --d----- c:\program files\BearShare
2009-01-27 19:28 483,328 a------- c:\windows\system32\actskn45.ocx
2009-01-27 19:28 <DIR> --d----- c:\program files\BearShare Applications
2009-01-27 18:45 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-01-27 18:40 2,048 a------- c:\windows\system32\tzres.dll
2009-01-27 18:36 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-27 18:27 827,392 a------- c:\windows\system32\wininet.dll
2009-01-27 18:20 428,544 a------- c:\windows\system32\EncDec.dll
2009-01-27 18:20 217,088 a------- c:\windows\system32\psisrndr.ax
2009-01-27 18:20 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-01-27 18:20 80,896 a------- c:\windows\system32\MSNP.ax
2009-01-27 18:20 293,376 a------- c:\windows\system32\psisdecd.dll
2009-01-27 18:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-27 18:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-27 18:17 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-01-27 18:15 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-27 18:15 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-27 18:15 2,868,736 a------- c:\windows\system32\mf.dll
2009-01-27 18:15 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-27 18:15 94,720 a------- c:\windows\system32\logagent.exe
2009-01-27 18:13 2,032,640 a------- c:\windows\system32\win32k.sys
2009-01-27 18:13 269,312 a------- c:\windows\system32\es.dll
2009-01-27 18:13 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-27 18:11 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-27 18:11 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-01-27 18:11 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-27 18:11 2,927,104 a------- c:\windows\explorer.exe
2009-01-27 18:11 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-01-27 18:11 296,960 a------- c:\windows\system32\gdi32.dll
2009-01-27 18:11 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-27 17:58 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-27 17:58 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-27 17:58 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-27 17:58 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-27 17:52 100,864 a------- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-01-27 17:52 100,864 a------- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-01-27 17:52 100,864 a------- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-01-27 17:52 <DIR> --d----- c:\windows\system32\SupportApp
2009-01-27 17:52 <DIR> --d----- c:\program files\ZTE Mobile Connection
2009-01-27 17:30 <DIR> --dsh--- c:\users\rach\appdata\roaming\.#
2009-01-27 17:29 <DIR> --d----- c:\programdata\ATI
2009-01-27 17:27 <DIR> --d----- c:\programdata\Google
2009-01-27 17:26 <DIR> --d----- c:\programdata\Partner
2009-01-27 17:26 <DIR> --d----- c:\progra~2\Partner
2009-01-27 17:22 <DIR> --d----- c:\users\rach\appdata\roaming\Acer GameZone Console
2009-01-27 17:22 <DIR> --d----- c:\users\Rach

==================== Find3M ====================

2009-01-27 17:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-27 17:52 51,200 a------- c:\windows\inf\infpub.dat
2009-01-27 17:52 86,016 a------- c:\windows\inf\infstor.dat
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-10-04 10:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:33:10.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 racmoo99

racmoo99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 19 February 2009 - 04:53 PM

Have managed to solve the original problem, used mbam, it got rid of most of it. However theres afew files it says it can't remove until i have restarted, so i restart like it says. Run it again to make sure and they are still there. Have done this afew times to be sure, its always the same 7 files. Any ides how i can get rid of them?

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:51 PM

Posted 20 February 2009 - 12:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 racmoo99

racmoo99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 20 February 2009 - 02:56 PM

I think i have kind of sorted the original problem. I was told i had the zlob trojan? and to download malwarebyres' anti malware t remove it. So i did as suggested, it found ALOT, and removed it all. I rescanned to be sure, but it still found 7 more infected files 4 backdoor.bot and 3 trojan.zlob Everytime i click remove it doesn't seem to remove them, as when i rescan they are stioll there, the exact same 7 files. It does say they need to be removed on restart and then makes me restart but its not removing them. I went in to safe mode to try and remove them, but when i scan in safe mode they aren't there? It's only when i boot up normally it finds them. I'm totally confused, heres my new log...


DDS (Ver_09-02-01.01) - NTFSx86
Run by Rach at 19:42:37.14 on 20/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3037.1909 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ZTE Mobile Connection\datacard.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rach\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OR2OEC27\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_5535
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_5535
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [tgbhepc] "c:\users\rach\appdata\local\tgbhepc.exe" tgbhepc
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
TCP: {C8ED3AB7-FE83-4922-B855-839146609CD7} = 4.2.2.4 4.2.2.3
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rach\appdata\roaming\mozilla\firefox\profiles\c2alaybh.default\
FF - prefs.js: browser.startup.homepage - www.google.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-8 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-5 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-5 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-5 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 298264]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-19 24576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-10-4 22072]

=============== Created Last 30 ================

2009-02-19 19:44 376 a------- c:\windows\ODBC.INI
2009-02-19 19:44 17,920 a------- c:\windows\system32\mdimon.dll
2009-02-19 19:43 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-02-19 19:21 <DIR> --d----- C:\sql2ksp3
2009-02-11 19:29 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-02-11 19:29 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-11 19:16 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-11 19:16 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-11 19:16 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 19:16 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-11 19:16 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-11 19:16 11,264 a------- c:\windows\system32\icardres.dll
2009-02-11 19:15 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-11 19:15 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-11 19:05 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-11 19:05 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-11 19:05 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-11 19:04 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-11 19:04 83,968 a------- c:\windows\system32\mscories.dll
2009-02-11 18:57 <DIR> --d----- c:\users\rach\appdata\roaming\Malwarebytes
2009-02-11 18:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-11 18:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:57 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-11 18:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 18:57 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-11 18:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-11 18:37 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-11 18:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-11 18:37 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-11 18:37 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 18:21 <DIR> --d----- c:\program files\Trend Micro
2009-02-11 17:54 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-11 17:54 827,392 a------- c:\windows\system32\wininet.dll
2009-02-08 19:19 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-08 18:32 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-08 18:32 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 18:32 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 18:32 <DIR> --d----- c:\programdata\Lavasoft
2009-02-08 18:32 <DIR> --d----- c:\program files\Lavasoft
2009-02-08 16:28 <DIR> --d----- C:\VundoFix Backups
2009-02-07 18:43 <DIR> --d----- c:\program files\Eternal Syndrome Entertainment
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-05 22:31 <DIR> --d----- c:\users\rach\appdata\roaming\eSobi
2009-02-05 22:29 <DIR> --d----- c:\programdata\Sandlot Games
2009-02-05 22:29 <DIR> --d----- c:\progra~2\Sandlot Games
2009-02-05 22:24 <DIR> --d----- c:\programdata\Arcade Lab
2009-02-05 22:24 <DIR> --d----- c:\progra~2\Arcade Lab
2009-02-05 22:24 <DIR> a-d----- c:\programdata\TEMP
2009-02-05 21:43 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-05 21:16 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-05 21:16 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-05 21:16 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-05 21:16 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-05 21:16 <DIR> --d----- c:\program files\AVG
2009-02-05 19:38 <DIR> --d----- c:\programdata\avg8
2009-02-05 19:38 <DIR> --d----- c:\progra~2\avg8
2009-02-04 22:10 <DIR> --d----- C:\Downloads
2009-02-04 22:07 <DIR> --d----- c:\program files\Free Download Manager
2009-01-29 18:27 <DIR> --d----- c:\users\rach\Tracing
2009-01-29 18:26 <DIR> --d----- c:\program files\Microsoft
2009-01-29 18:26 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-29 18:17 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-27 20:24 <DIR> --d----- C:\My Downloads
2009-01-27 20:24 <DIR> --d----- c:\program files\BearShare
2009-01-27 19:28 483,328 a------- c:\windows\system32\actskn45.ocx
2009-01-27 19:28 <DIR> --d----- c:\program files\BearShare Applications
2009-01-27 18:40 2,048 a------- c:\windows\system32\tzres.dll
2009-01-27 18:36 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-27 18:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-27 18:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-27 18:17 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-01-27 18:15 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-27 18:15 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-01-27 18:15 2,868,736 a------- c:\windows\system32\mf.dll
2009-01-27 18:15 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-27 18:15 94,720 a------- c:\windows\system32\logagent.exe
2009-01-27 18:13 2,032,640 a------- c:\windows\system32\win32k.sys
2009-01-27 18:13 269,312 a------- c:\windows\system32\es.dll
2009-01-27 18:13 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-27 18:11 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-27 18:11 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-01-27 18:11 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-27 18:11 2,927,104 a------- c:\windows\explorer.exe
2009-01-27 18:11 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-01-27 18:11 296,960 a------- c:\windows\system32\gdi32.dll
2009-01-27 18:11 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-27 17:58 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-27 17:58 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-27 17:58 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-27 17:58 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-27 17:52 100,864 a------- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-01-27 17:52 100,864 a------- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-01-27 17:52 100,864 a------- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-01-27 17:52 <DIR> --d----- c:\windows\system32\SupportApp
2009-01-27 17:52 <DIR> --d----- c:\program files\ZTE Mobile Connection
2009-01-27 17:30 <DIR> --dsh--- c:\users\rach\appdata\roaming\.#
2009-01-27 17:29 <DIR> --d----- c:\programdata\ATI
2009-01-27 17:27 <DIR> --d----- c:\programdata\Google
2009-01-27 17:26 <DIR> --d----- c:\programdata\Partner
2009-01-27 17:26 <DIR> --d----- c:\progra~2\Partner
2009-01-27 17:22 <DIR> --d----- c:\users\rach\appdata\roaming\Acer GameZone Console
2009-01-27 17:22 <DIR> --d----- c:\users\Rach

==================== Find3M ====================

2009-01-27 17:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-27 17:52 51,200 a------- c:\windows\inf\infpub.dat
2009-01-27 17:52 86,016 a------- c:\windows\inf\infstor.dat
2008-10-04 10:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:44:01.68 ===============

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 20 February 2009 - 05:27 PM

Hello.

Backdoors are very nasty.

Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 racmoo99

racmoo99
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 21 February 2009 - 05:52 PM

Hi, had CC fraud before, not risking it again, i'lkl reinstall OS, thanks for your help :thumbup2:

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 21 February 2009 - 05:58 PM

Hello.

Okay, good luck on the reinstall. After the reinstall you may need to reinstall some programs. Below are some prevention tips and security programs.

Install an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Some Free Anti-Virus software I recommend are: Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Install a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Some Firewall programs I recommend to others are:
Update your Firewall Program - It is imperitive that you update your Firewall at least once a week (Even more if you wish). If you do not update your firewall then it will not be able to catch any of the new variants that may come out.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Additional Security Programs

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbup2:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 24 February 2009 - 05:14 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users