Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans/Spyware, Internet Browser hijacked-please help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 EvanTheMagician

EvanTheMagician

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 25 May 2009 - 10:12 AM

**Copy from my post in the "Am I Infected?" forum.** Topic referenced is here. http://www.bleepingcomputer.com/forums/t/229181/cannot-run-or-download-any-antivirus-softwareinternet-is-infected/ Please read to see what has been done thus far. ~ OB

Hi!

I am desperately trying to get my computer working, I have done fresh installs of XP hoping to fix this. I have SP 2 on here, and I cannot run or download any antivirus software. Any major AntiVirus/Spyware site that I go to is blocked, getting a 404 Error message. This happens in Firefox, Internet Explorer, and Google Chrome
I also cannot run AVG, Spybot, Mcafee, and any other antivirus software that I have.

I cannot run BitDefender online, and trying to go to Microsoft Update leads me to Google English. I type in windowsupdate.microsoft.com and it redirects to Google English but still has windowsupdate.microsoft.com in the URL bar.

Please help me. I have tried everything. I managed to get some antivirus software to work, Ashampoo and SpySweeper and deleting what they find after scanning does not change the problems with the internet. I really want to get the malware/spyware/trojans removed so I can get the computer working for my mom.

Thank you!

Here is my log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Lisa at 11:09:22.45 on Mon 05/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.624 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uRun: [Google Update] "c:\documents and settings\lisa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRunOnce: [UninstallLockedSOSFiles] c:\docume~1\lisa\locals~1\temp\UninstallLockedSOSFiles.lnk
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-5-24 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-5-24 45416]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWareService.exe [2009-5-24 749400]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-24 38496]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
RUnknown ssfs0bbc;ssfs0bbc; [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-5-24 186625]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-24 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-24 185089]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-5-24 432897]

=============== Created Last 30 ================

2009-05-24 22:38 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-24 22:38 --d----- c:\program files\SUPERAntiSpyware
2009-05-24 22:38 --d----- c:\docume~1\lisa\applic~1\SUPERAntiSpyware.com
2009-05-24 22:38 --d----- c:\program files\common files\Wise Installation Wizard
2009-05-24 22:37 --d----- c:\docume~1\lisa\applic~1\Malwarebytes
2009-05-24 22:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-24 22:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 22:36 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-24 22:36 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-24 20:58 --d----- c:\documents and settings\lisa\DoctorWeb
2009-05-24 19:41 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-05-24 19:40 208,896 ac------ c:\windows\system32\dllcache\fpmmcsat.dll
2009-05-24 19:39 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-05-24 19:38 81,920 ac------ c:\windows\system32\dllcache\msado27.tlb
2009-05-24 19:38 18,432 ac------ c:\windows\system32\dllcache\iedw.exe
2009-05-24 19:35 588 a------- c:\windows\system32\settingsbkup.sfm
2009-05-24 19:35 588 a------- c:\windows\system32\settings.sfm
2009-05-24 19:33 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-05-24 19:33 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-05-24 19:33 24,661 a------- c:\windows\system32\spxcoins.dll
2009-05-24 19:33 13,312 a------- c:\windows\system32\irclass.dll
2009-05-24 19:23 --d----- c:\windows\setup.pss
2009-05-24 18:43 --d----- c:\program files\Avira
2009-05-24 18:43 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-24 15:25 --d----- c:\windows\Provisioning
2009-05-24 15:25 --d----- c:\windows\PeerNet
2009-05-24 15:25 --d----- c:\windows\dell
2009-05-24 12:58 775,168 a------- c:\windows\is-VKMM9.exe
2009-05-24 12:58 10,194 a------- c:\windows\is-VKMM9.msg
2009-05-24 12:58 312 a------- c:\windows\is-VKMM9.lst
2009-05-24 12:58 --d----- c:\program files\MSSOAP
2009-05-24 12:55 1,563,008 a------- c:\windows\WRSetup.dll
2009-05-24 12:55 --d----- c:\program files\Webroot
2009-05-24 12:52 0 a------- c:\windows\system32\8104297.jun
2009-05-24 12:52 --ds---- c:\windows\system32\Microsoft
2009-05-24 12:52 --d----- c:\program files\Browser Hijack Recover
2009-05-24 12:44 --d----- c:\program files\Ashampoo
2009-05-24 01:06 --ds---- c:\documents and settings\lisa\UserData
2009-05-24 01:03 212,992 a------- c:\windows\system32\CTDevCtrl.cpl
2009-05-24 01:03 90,112 a------- c:\windows\Updreg.EXE
2009-05-24 01:03 24,576 a------- c:\windows\system32\CTDevCRes.dll
2009-05-24 01:03 14,273 a------- c:\windows\system32\CTDEVCTRL.HLP
2009-05-24 01:03 274 a------- c:\windows\system32\ctdevctrl.CNT
2009-05-24 01:03 66 a------- c:\windows\SBWIN.INI
2009-05-24 01:03 0 a------- c:\windows\system32\CTDevctrl.gid
2009-05-24 01:03 0 a------- c:\windows\system32\CTDevctrl.fts
2009-05-24 01:03 0 a------- c:\windows\system32\CTDevctrl.ftg
2009-05-24 01:03 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-05-24 01:03 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-05-24 01:01 15,840 a------- c:\windows\system32\drivers\PFMODNT.SYS
2009-05-24 01:01 --d----- c:\program files\Creative
2009-05-24 01:00 140,288 a------- c:\windows\system32\drivers\e100b325.sys
2009-05-24 01:00 53,248 a------- c:\windows\system32\Prounstl.exe
2009-05-24 01:00 23,040 a------- c:\windows\system32\IntelNic.dll
2009-05-24 01:00 2,983 a------- c:\windows\system32\net82557.din
2009-05-24 00:59 --dsh--- c:\windows\Installer
2009-05-24 00:59 --d----- c:\documents and settings\Lisa
2009-05-24 00:58 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-24 00:56 618,605 ac------ c:\windows\system32\dllcache\fp4autl.dll
2009-05-24 00:56 --d----- c:\windows\system32\xircom
2009-05-24 00:56 --d----- C:\DELL
2009-05-24 00:53 --dsh--- c:\documents and settings\all users\DRM
2009-05-24 00:53 --d--r-- c:\windows\Offline Web Pages
2009-05-24 00:52 --d----- c:\program files\common files\MSSoap
2009-05-24 00:52 --d-h--- c:\program files\WindowsUpdate
2009-05-24 00:52 --d----- c:\program files\Online Services
2009-05-24 00:52 --d----- c:\program files\Messenger
2009-05-24 00:52 --d----- c:\program files\MSN Gaming Zone
2009-05-24 00:51 --d----- c:\program files\Windows NT
2009-05-23 20:49 --d----- c:\program files\common files\ODBC
2009-05-23 20:49 --d----- c:\program files\common files\SpeechEngines
2009-05-23 20:49 --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-05-25 01:57 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-24 19:38 22,720 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 11:09:31.06 ===============

Attached Files


Edited by Orange Blossom, 26 May 2009 - 01:40 AM.


BC AdBot (Login to Remove)

 


m

#2 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 27 May 2009 - 08:53 PM

Can anyone still help me with this?

I still cannot run AVG, Spybot, Avira, or any other antivirus software and the internet redirects to different pages when using it. It happens in Firefox, Google Chrome, and Internet Explorer.

Thanks!
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 27 May 2009 - 08:55 PM.


#3 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 07 June 2009 - 02:42 PM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#4 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 07 June 2009 - 08:14 PM

Hi again!

I have not used the computer at all since my last post, I have just left it.

I can now access windowsupdate.microsoft.com fine, but running the AntiVirus programs still does not work. I can download the programs online again but cannot run them. The only one I can run is AVG, I cannot run McAfee, SuperAntiSpyware, MalwareBytes, Ashampoo, or Avira.

Here are my logs.
The one is attached, the other is posted.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Lisa at 21:03:49.64 on Sun 06/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.519 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgfrw.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgupd.exe
C:\Documents and Settings\Lisa\My Documents\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [Google Update] "c:\documents and settings\lisa\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-5-24 22360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-7 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-7 27784]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-5-24 45416]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-7 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWareService.exe [2009-5-24 749400]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-7 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-7 298776]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-5-24 186625]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-24 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-24 185089]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-5-24 432897]

=============== Created Last 30 ================

2009-06-07 21:00 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-07 21:00 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-07 21:00 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-07 21:00 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-07 21:00 <DIR> --d----- c:\docume~1\lisa\applic~1\AVGTOOLBAR
2009-06-07 21:00 <DIR> --d----- c:\program files\AVG
2009-06-07 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-06-06 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-05 03:10 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-06-05 03:00 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-06-05 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-05 03:00 <DIR> --d-h--- c:\windows\$hf_mig$
2009-06-04 11:47 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-05-24 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-24 22:38 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-24 22:38 <DIR> --d----- c:\docume~1\lisa\applic~1\SUPERAntiSpyware.com
2009-05-24 22:38 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-24 22:37 <DIR> --d----- c:\docume~1\lisa\applic~1\Malwarebytes
2009-05-24 22:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-24 22:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 22:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-24 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-24 20:58 <DIR> --d----- c:\documents and settings\lisa\DoctorWeb
2009-05-24 19:41 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-05-24 19:40 208,896 ac------ c:\windows\system32\dllcache\fpmmcsat.dll
2009-05-24 19:39 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-05-24 19:38 81,920 ac------ c:\windows\system32\dllcache\msado27.tlb
2009-05-24 19:38 18,432 ac------ c:\windows\system32\dllcache\iedw.exe
2009-05-24 19:38 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-05-24 19:35 588 a------- c:\windows\system32\settingsbkup.sfm
2009-05-24 19:35 588 a------- c:\windows\system32\settings.sfm
2009-05-24 19:33 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-05-24 19:33 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-05-24 19:33 24,661 a------- c:\windows\system32\spxcoins.dll
2009-05-24 19:33 13,312 a------- c:\windows\system32\irclass.dll
2009-05-24 19:23 <DIR> --d----- c:\windows\setup.pss
2009-05-24 18:43 <DIR> --d----- c:\program files\Avira
2009-05-24 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-24 15:25 <DIR> --d----- c:\windows\Provisioning
2009-05-24 15:25 <DIR> --d----- c:\windows\PeerNet
2009-05-24 15:25 <DIR> --d----- c:\windows\dell
2009-05-24 12:58 775,168 a------- c:\windows\is-VKMM9.exe
2009-05-24 12:58 10,194 a------- c:\windows\is-VKMM9.msg
2009-05-24 12:58 312 a------- c:\windows\is-VKMM9.lst
2009-05-24 12:58 <DIR> --d----- c:\program files\MSSOAP
2009-05-24 12:55 <DIR> --d----- c:\program files\Webroot
2009-05-24 12:52 0 a------- c:\windows\system32\8104297.jun
2009-05-24 12:52 <DIR> --ds---- c:\windows\system32\Microsoft
2009-05-24 12:52 <DIR> --d----- c:\program files\Browser Hijack Recover
2009-05-24 12:44 <DIR> --d----- c:\program files\Ashampoo
2009-05-24 01:06 <DIR> --ds---- c:\documents and settings\lisa\UserData
2009-05-24 01:03 212,992 a------- c:\windows\system32\CTDevCtrl.cpl
2009-05-24 01:03 90,112 a------- c:\windows\Updreg.EXE
2009-05-24 01:03 24,576 a------- c:\windows\system32\CTDevCRes.dll
2009-05-24 01:03 14,273 a------- c:\windows\system32\CTDEVCTRL.HLP
2009-05-24 01:03 274 a------- c:\windows\system32\ctdevctrl.CNT
2009-05-24 01:03 66 a------- c:\windows\SBWIN.INI
2009-05-24 01:03 0 a------- c:\windows\system32\CTDevctrl.gid
2009-05-24 01:03 0 a------- c:\windows\system32\CTDevctrl.fts
2009-05-24 01:03 0 a------- c:\windows\system32\CTDevctrl.ftg
2009-05-24 01:03 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-05-24 01:03 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-05-24 01:01 15,840 a------- c:\windows\system32\drivers\PFMODNT.SYS
2009-05-24 01:01 <DIR> --d----- c:\program files\Creative
2009-05-24 01:00 140,288 a------- c:\windows\system32\drivers\e100b325.sys
2009-05-24 01:00 53,248 a------- c:\windows\system32\Prounstl.exe
2009-05-24 01:00 23,040 a------- c:\windows\system32\IntelNic.dll
2009-05-24 01:00 2,983 a------- c:\windows\system32\net82557.din
2009-05-24 00:59 <DIR> --dsh--- c:\windows\Installer
2009-05-24 00:59 <DIR> --d----- c:\documents and settings\Lisa
2009-05-24 00:58 8,192 a------- c:\windows\REGLOCS.OLD
2009-05-24 00:56 618,605 ac------ c:\windows\system32\dllcache\fp4autl.dll
2009-05-24 00:56 <DIR> --d----- c:\windows\system32\xircom
2009-05-24 00:56 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-05-24 00:56 <DIR> --d----- C:\DELL
2009-05-24 00:53 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-24 00:53 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-05-24 00:52 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-24 00:52 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-24 00:52 <DIR> --d----- c:\program files\Online Services
2009-05-24 00:52 <DIR> --d----- c:\program files\Messenger
2009-05-24 00:52 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-24 00:51 <DIR> --d----- c:\program files\Windows NT
2009-05-23 20:49 <DIR> --d----- c:\program files\common files\ODBC
2009-05-23 20:49 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-23 20:49 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-05-25 01:57 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-24 19:38 22,720 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 21:04:25.00 ===============


Thank you very much for your help!

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:21 PM

Posted 08 June 2009 - 05:03 PM

Hi EvanTheMagician,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will get back to you with your first instructions. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 08 June 2009 - 05:20 PM

I am here mOle and ready for your help! Thank you!

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:21 PM

Posted 08 June 2009 - 06:37 PM

Hi EvanTheMagician,

I have read through the previous topic and it seems that the malware is blocking known tools from running.

Please download this stronger tool and remember to rename it.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Let me know if you experience any problems. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 09 June 2009 - 01:37 PM

Here is my combofix.txt

ComboFix 09-06-09.01 - Lisa 06/09/2009 14:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.570 [GMT -4:00]
Running from: c:\documents and settings\Lisa\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo AntiSpyWare 2.lnk
c:\program files\Avira\AntiVir Desktop\avsda.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-08 01:13 . 2009-06-08 01:13 -------- d--h--w- c:\windows\PIF
2009-06-08 01:07 . 2009-06-08 01:10 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-08 01:00 . 2009-06-08 01:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-08 01:00 . 2009-06-08 01:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-08 01:00 . 2009-06-08 01:00 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 01:00 . 2009-06-08 01:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 01:00 . 2009-06-09 12:54 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-08 01:00 . 2009-06-08 01:00 -------- d-----w- c:\documents and settings\Lisa\Application Data\AVGTOOLBAR
2009-06-08 01:00 . 2009-06-08 01:00 -------- d-----w- c:\program files\AVG
2009-06-08 01:00 . 2009-06-08 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-06 07:00 . 2009-06-06 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-06-05 07:10 . 2009-06-05 07:16 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-05 07:08 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-05 07:08 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-05 07:08 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-05 07:08 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-05 07:08 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-05 07:08 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-05 07:08 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-05 07:00 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-05 07:00 . 2009-06-06 07:03 -------- d--h--w- c:\windows\$hf_mig$
2009-05-25 05:22 . 2009-05-25 05:22 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-05-25 03:04 . 2009-05-25 03:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-25 02:47 . 2009-05-25 02:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-25 02:47 . 2009-05-25 02:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-25 02:39 . 2009-06-09 18:34 117760 ----a-w- c:\documents and settings\Lisa\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\Lisa\Application Data\SUPERAntiSpyware.com
2009-05-25 02:38 . 2009-06-08 00:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 02:37 . 2009-05-25 02:37 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes
2009-05-25 02:37 . 2009-04-06 19:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 02:37 . 2009-04-06 19:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 02:36 . 2009-05-25 02:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-25 02:36 . 2009-05-25 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 00:58 . 2009-05-25 01:17 -------- d-----w- c:\documents and settings\Lisa\DoctorWeb
2009-05-25 00:54 . 2009-05-25 01:03 -------- d-----w- c:\windows\BDOSCAN8
2009-05-25 00:48 . 2009-05-25 00:49 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Google
2009-05-25 00:01 . 2009-05-25 00:01 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Identities
2009-05-24 23:41 . 2004-08-12 13:59 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-05-24 23:40 . 2003-03-24 20:52 208896 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-05-24 23:39 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-05-24 23:38 . 2009-02-19 09:58 18432 -c--a-w- c:\windows\system32\dllcache\iedw.exe
2009-05-24 23:38 . 2009-05-24 23:38 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-05-24 23:33 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-05-24 23:33 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-05-24 23:33 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-05-24 23:33 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2009-05-24 22:43 . 2009-02-13 18:22 95576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-24 22:43 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-24 22:43 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-24 22:43 . 2009-05-24 22:43 -------- d-----w- c:\program files\Avira
2009-05-24 22:43 . 2009-05-24 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-24 19:25 . 2009-05-24 19:30 -------- d-----w- c:\windows\PeerNet
2009-05-24 19:25 . 2009-05-24 19:25 -------- d-----w- c:\windows\Provisioning
2009-05-24 19:25 . 2009-05-24 19:25 -------- d-----w- c:\windows\dell
2009-05-24 16:58 . 2009-05-24 16:58 775168 ----a-w- c:\windows\is-VKMM9.exe
2009-05-24 16:58 . 2009-05-24 16:58 -------- d-----w- c:\program files\MSSOAP
2009-05-24 16:55 . 2009-05-24 16:55 -------- d-----w- c:\program files\Webroot
2009-05-24 16:53 . 2009-05-24 16:53 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Ashampoo
2009-05-24 16:52 . 2009-05-24 16:52 12328 ----a-w- c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 16:52 . 2009-05-24 16:52 -------- d-s---w- c:\windows\system32\Microsoft
2009-05-24 16:52 . 2009-05-25 05:36 -------- d-----w- c:\program files\Browser Hijack Recover
2009-05-24 16:44 . 2009-05-24 16:44 -------- d-----w- c:\program files\Ashampoo
2009-05-24 05:14 . 2009-05-24 22:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-24 05:06 . 2009-05-24 05:06 -------- d-s---w- c:\documents and settings\Lisa\UserData
2009-05-24 05:03 . 2002-02-15 13:00 24576 ----a-w- c:\windows\system32\CTDevCRes.dll
2009-05-24 05:03 . 2000-05-11 05:00 90112 ----a-w- c:\windows\Updreg.EXE
2009-05-24 05:03 . 2004-08-04 03:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-05-24 05:03 . 2004-08-04 03:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-05-24 05:01 . 2009-05-24 05:03 -------- d-----w- c:\program files\Creative
2009-05-24 05:01 . 2003-03-05 16:19 15840 ----a-w- c:\windows\system32\drivers\PFMODNT.SYS
2009-05-24 05:01 . 2009-05-24 05:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 05:00 . 2003-01-20 13:46 140288 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-05-24 05:00 . 2001-07-20 10:40 23040 ----a-w- c:\windows\system32\IntelNic.dll
2009-05-24 05:00 . 2001-06-22 14:25 53248 ----a-w- c:\windows\system32\Prounstl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 05:57 . 2009-05-24 04:53 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-24 23:38 . 2009-05-24 04:52 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-24 05:07 . 2009-05-24 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 04:56 . 2009-05-24 04:56 -------- d-----w- c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-25 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-08 1947928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-12 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-08 01:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [5/24/2009 6:43 PM 22360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/7/2009 9:00 PM 325896]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [5/24/2009 6:43 PM 45416]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/7/2009 9:00 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [5/24/2009 12:44 PM 749400]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/7/2009 9:00 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/7/2009 9:00 PM 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [5/24/2009 6:43 PM 186625]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/24/2009 6:43 PM 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [5/24/2009 6:43 PM 432897]
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1604221776-682003330-1004.job
- c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-25 00:48]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 14:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wpabaln.exe
.
**************************************************************************
.
Completion time: 2009-06-09 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 18:35

Pre-Run: 243,818,823,680 bytes free
Post-Run: 243,898,867,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

175 --- E O F --- 2009-06-06 07:03


Thank you!

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:21 PM

Posted 09 June 2009 - 01:47 PM

From the ComboFix log:

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)


This needs to be disabled while ComboFix is running.

Please rerun making sure AVG is disabled.

Then

Rerun MBAM on a Full Scan
Posted Image
m0le is a proud member of UNITE

#10 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 09 June 2009 - 04:28 PM

Here you go!

ComboFix 09-06-09.06 - Lisa 06/09/2009 17:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.673 [GMT -4:00]
Running from: c:\documents and settings\Lisa\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-08 01:13 . 2009-06-08 01:13 -------- d--h--w- c:\windows\PIF
2009-06-08 01:07 . 2009-06-08 01:10 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-08 01:00 . 2009-06-08 01:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-08 01:00 . 2009-06-08 01:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-08 01:00 . 2009-06-08 01:00 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 01:00 . 2009-06-08 01:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 01:00 . 2009-06-09 12:54 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-08 01:00 . 2009-06-08 01:00 -------- d-----w- c:\documents and settings\Lisa\Application Data\AVGTOOLBAR
2009-06-08 01:00 . 2009-06-08 01:00 -------- d-----w- c:\program files\AVG
2009-06-08 01:00 . 2009-06-08 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-06 07:00 . 2009-06-06 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-06-05 07:10 . 2009-06-05 07:16 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-05 07:08 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-05 07:08 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-05 07:08 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-05 07:08 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-05 07:08 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-05 07:08 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-05 07:08 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-05 07:00 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-05 07:00 . 2009-06-06 07:03 -------- d--h--w- c:\windows\$hf_mig$
2009-05-25 05:22 . 2009-05-25 05:22 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-05-25 03:04 . 2009-05-25 03:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-25 02:47 . 2009-05-25 02:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-25 02:47 . 2009-05-25 02:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-25 02:39 . 2009-06-09 18:34 117760 ----a-w- c:\documents and settings\Lisa\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\Lisa\Application Data\SUPERAntiSpyware.com
2009-05-25 02:38 . 2009-06-08 00:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 02:37 . 2009-05-25 02:37 -------- d-----w- c:\documents and settings\Lisa\Application Data\Malwarebytes
2009-05-25 02:37 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 02:37 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 02:36 . 2009-06-09 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-25 02:36 . 2009-05-25 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 00:58 . 2009-05-25 01:17 -------- d-----w- c:\documents and settings\Lisa\DoctorWeb
2009-05-25 00:54 . 2009-05-25 01:03 -------- d-----w- c:\windows\BDOSCAN8
2009-05-25 00:48 . 2009-05-25 00:49 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Google
2009-05-25 00:01 . 2009-05-25 00:01 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Identities
2009-05-24 23:41 . 2004-08-12 13:59 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2009-05-24 23:40 . 2003-03-24 20:52 208896 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2009-05-24 23:39 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-05-24 23:38 . 2009-02-19 09:58 18432 -c--a-w- c:\windows\system32\dllcache\iedw.exe
2009-05-24 23:38 . 2009-05-24 23:38 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-05-24 23:33 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-05-24 23:33 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-05-24 23:33 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-05-24 23:33 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2009-05-24 22:43 . 2009-02-13 18:22 95576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-24 22:43 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-24 22:43 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-24 22:43 . 2009-05-24 22:43 -------- d-----w- c:\program files\Avira
2009-05-24 22:43 . 2009-05-24 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-24 19:25 . 2009-05-24 19:30 -------- d-----w- c:\windows\PeerNet
2009-05-24 19:25 . 2009-05-24 19:25 -------- d-----w- c:\windows\Provisioning
2009-05-24 19:25 . 2009-05-24 19:25 -------- d-----w- c:\windows\dell
2009-05-24 16:58 . 2009-05-24 16:58 775168 ----a-w- c:\windows\is-VKMM9.exe
2009-05-24 16:58 . 2009-05-24 16:58 -------- d-----w- c:\program files\MSSOAP
2009-05-24 16:55 . 2009-05-24 16:55 -------- d-----w- c:\program files\Webroot
2009-05-24 16:53 . 2009-05-24 16:53 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Ashampoo
2009-05-24 16:52 . 2009-05-24 16:52 12328 ----a-w- c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 16:52 . 2009-05-24 16:52 -------- d-s---w- c:\windows\system32\Microsoft
2009-05-24 16:52 . 2009-05-25 05:36 -------- d-----w- c:\program files\Browser Hijack Recover
2009-05-24 16:44 . 2009-05-24 16:44 -------- d-----w- c:\program files\Ashampoo
2009-05-24 05:14 . 2009-05-24 22:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-24 05:06 . 2009-05-24 05:06 -------- d-s---w- c:\documents and settings\Lisa\UserData
2009-05-24 05:03 . 2002-02-15 13:00 24576 ----a-w- c:\windows\system32\CTDevCRes.dll
2009-05-24 05:03 . 2000-05-11 05:00 90112 ----a-w- c:\windows\Updreg.EXE
2009-05-24 05:03 . 2004-08-04 03:07 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-05-24 05:03 . 2004-08-04 03:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-05-24 05:01 . 2009-05-24 05:03 -------- d-----w- c:\program files\Creative
2009-05-24 05:01 . 2003-03-05 16:19 15840 ----a-w- c:\windows\system32\drivers\PFMODNT.SYS
2009-05-24 05:01 . 2009-05-24 05:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 05:00 . 2003-01-20 13:46 140288 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-05-24 05:00 . 2001-07-20 10:40 23040 ----a-w- c:\windows\system32\IntelNic.dll
2009-05-24 05:00 . 2001-06-22 14:25 53248 ----a-w- c:\windows\system32\Prounstl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 05:57 . 2009-05-24 04:53 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-24 23:38 . 2009-05-24 04:52 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-24 05:07 . 2009-05-24 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 04:56 . 2009-05-24 04:56 -------- d-----w- c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-25 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-08 1947928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-12 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-08 01:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [5/24/2009 6:43 PM 22360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/7/2009 9:00 PM 325896]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [5/24/2009 6:43 PM 45416]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/7/2009 9:00 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [5/24/2009 12:44 PM 749400]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/7/2009 9:00 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/7/2009 9:00 PM 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [5/24/2009 6:43 PM 186625]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/24/2009 6:43 PM 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [5/24/2009 6:43 PM 432897]
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1604221776-682003330-1004.job
- c:\documents and settings\Lisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-25 00:48]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 17:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-06-09 17:27
ComboFix-quarantined-files.txt 2009-06-09 21:27
ComboFix2.txt 2009-06-09 18:35

Pre-Run: 243,882,975,232 bytes free
Post-Run: 243,874,697,216 bytes free

152 --- E O F --- 2009-06-06 07:03

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:21 PM

Posted 11 June 2009 - 04:32 PM

Hello EvanTheMagician,

I think you may have forgotten to do the MBAM scan.

Please post one for me.

Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 11 June 2009 - 07:57 PM

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2

6/9/2009 5:39:23 PM
mbam-log-2009-06-09 (17-39-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 90876
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:21 PM

Posted 13 June 2009 - 03:21 AM

Clean MBAM log :)

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 EvanTheMagician

EvanTheMagician
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 13 June 2009 - 09:24 PM

Here you go!

BitDefender Online Scanner - Real Time Virus Report



Generated at: Sat, Jun 13, 2009 - 22:23:33


--------------------------------------------------------------------------------





Scan Info



Scanned Files
108564

Infected Files
0








Virus Detected



No virus found.











--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:21 PM

Posted 14 June 2009 - 03:37 AM

Hi EvanTheMagician,

Two in a row. That's cool. :thumbup2:

Let me know if you are still having any problems as this might indicate a non-malware issue, but...

Your log is clean. Good stuff! :)

Let's firstly do some housekeeping

Please reactivate your antivirus, antispyware and firewall programs.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

That's it EvanTheMagician, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users