Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus- I think


  • This topic is locked This topic is locked
15 replies to this topic

#1 gaaira

gaaira

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 18 October 2009 - 09:50 PM

Web pages are being redirected to off topic pages- have been directed to fake anti-virusware twice. I have run Malwarebytes and Avast boot scan but don't see anything. Here are the DDS, Attach, and Ark. I also have a highjackthis log here, if needed. I do not know what I am doing- any help greatly appreciated!
My OS is Windows XP. Browser is Firefox...
Thanks!


DDS (Ver_09-10-13.01) - NTFSx86
Run by HP_Administrator at 17:23:57.56 on Sun 10/18/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.365 [GMT -7:00]

AV: avast! antivirus 4.8.1356 [VPS 091018-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://www.java.com/
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
TCP: {04EA3BD4-2AAC-403E-AB7B-6CA31F190AB3} = 68.28.58.92 68.28.50.91

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-6 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-6 20560]

=============== Created Last 30 ================

2009-10-18 16:56 <DIR> --d----- c:\windows\system32\NtmsData
2009-10-18 16:49 <DIR> --d----- c:\program files\Trend Micro
2009-10-18 11:30 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-10-18 11:29 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 11:29 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-18 11:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 11:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-17 14:47 <DIR> --d----- c:\program files\MSECache
2009-10-14 15:39 5,632 a------- c:\windows\system32\ptpusb.dll
2009-10-14 15:39 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-10-14 15:39 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-10-14 15:39 159,232 a------- c:\windows\system32\ptpusd.dll
2009-10-14 15:35 <DIR> --d----- c:\program files\common files\Nikon
2009-10-14 15:35 <DIR> --d----- c:\program files\Nikon
2009-10-14 15:34 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-10-12 22:15 1,520,640 a------- c:\windows\system32\BrWia07a.dll
2009-10-12 22:15 45,568 a------- c:\windows\system32\BrUsi07a.dll
2009-10-12 22:15 15,295 a------- c:\windows\system32\drivers\BrScnUsb.sys
2009-10-12 22:03 <DIR> --d----- C:\brother scanner
2009-10-12 18:37 <DIR> --d--r-- c:\docume~1\hp_adm~1\applic~1\Brother
2009-10-12 18:35 419 a------- c:\windows\BRWMARK.INI
2009-10-12 18:35 27 a------- c:\windows\BRPP2KA.INI
2009-10-12 18:23 <DIR> --d----- C:\brother printer
2009-10-08 15:06 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-10-08 12:58 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-10-08 12:58 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-10-08 12:56 2,180,480 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-08 12:56 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-08 12:56 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-08 12:56 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-08 12:56 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-07 21:59 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-10-07 21:59 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2009-10-07 15:40 <DIR> --d----- c:\windows\system32\PreInstall
2009-10-07 13:19 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HpUpdate
2009-10-07 13:19 <DIR> --d----- c:\windows\Hewlett-Packard
2009-10-06 09:03 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-10-05 20:08 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Sprint
2009-10-05 19:41 27,072 a------- c:\windows\system32\drivers\PCASp50.sys
2009-10-05 19:40 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-10-05 19:40 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys
2009-10-05 19:40 17,920 a------- c:\windows\system32\apintfnt.dll
2009-10-05 19:39 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-10-05 19:09 <DIR> --dshr-- C:\cmdcons
2009-10-05 19:07 1,824 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_EX265AA-ABA a1510n_YC_0Pavi_QCNH628_E63NAemMPA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.4_#060820_N_Z11C10620_G10DE0241_OTSSTcorp CD DVDW TS-H652M.MRK
2009-10-05 19:02 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-10-05 19:02 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2009-10-05 19:02 <DIR> --d----- c:\documents and settings\HP_Administrator
2009-10-05 18:51 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-10-05 18:51 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-10-05 18:51 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-10-05 18:07 <DIR> --dshr-- c:\windows\system32\dllcache
2009-10-05 13:04 86,016 a------- c:\windows\unvise32qt.exe
2009-10-05 12:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-05 12:59 <DIR> --d----- c:\program files\AVG
2009-10-05 12:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-10-05 12:45 <DIR> --d----- c:\program files\Rosetta Stone
2009-10-05 11:08 <DIR> --d----- C:\Research in Motion
2009-10-05 11:08 <DIR> --d----- c:\program files\common files\Research in Motion
2009-10-05 11:08 <DIR> --d----- c:\program files\common files\Motorola Shared
2009-10-05 11:08 <DIR> --d----- c:\program files\Sierra Wireless
2009-10-05 11:08 <DIR> --d----- c:\program files\Sprint
2009-10-05 11:08 <DIR> --d----- c:\program files\Novatel Wireless
2009-10-05 11:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sprint

==================== Find3M ====================

2009-09-24 22:49 668,672 a------- c:\windows\system32\wininet.dll
2009-09-24 22:49 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-09-24 22:49 668,672 -------- c:\windows\system32\dllcache\wininet.dll
2009-09-24 22:49 628,224 -------- c:\windows\system32\dllcache\urlmon.dll
2009-09-24 22:49 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-09-24 22:49 3,070,976 -------- c:\windows\system32\dllcache\mshtml.dll
2009-09-24 22:49 532,480 -------- c:\windows\system32\dllcache\mstime.dll
2009-09-24 22:49 449,024 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-09-24 22:49 146,432 -------- c:\windows\system32\dllcache\msrating.dll
2009-09-24 22:49 39,424 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-09-24 22:48 251,904 -------- c:\windows\system32\dllcache\iepeers.dll
2009-09-24 22:48 96,256 -------- c:\windows\system32\dllcache\inseng.dll
2009-09-24 22:48 81,920 -------- c:\windows\system32\ieencode.dll
2009-09-24 22:48 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-09-24 22:48 55,808 -------- c:\windows\system32\dllcache\extmgr.dll
2009-09-24 22:48 16,384 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-09-24 22:48 1,054,208 -------- c:\windows\system32\dllcache\danim.dll
2009-09-24 22:48 357,888 -------- c:\windows\system32\dllcache\dxtmsft.dll
2009-09-24 22:48 205,312 -------- c:\windows\system32\dllcache\dxtrans.dll
2009-09-24 22:48 151,040 -------- c:\windows\system32\dllcache\cdfview.dll
2009-09-24 22:48 1,024,000 -------- c:\windows\system32\dllcache\browseui.dll
2009-09-18 02:46 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2009-09-11 07:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-11 07:33 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 13:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 13:45 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 01:16 247,326 -------- c:\windows\system32\strmdll.dll
2009-08-26 01:16 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-21 02:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2007-10-06 02:59 59,392 a------- c:\program files\moto4lin-0.3.tar.bz2
2007-04-27 08:11 0 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-10-26 09:27 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-10-26 09:27 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:24:56.10 ===============




Highjackthis log.........



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:14 PM, on 10/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{04EA3BD4-2AAC-403E-AB7B-6CA31F190AB3}: NameServer = 68.28.58.92 68.28.50.91
O17 - HKLM\System\CS4\Services\Tcpip\..\{04EA3BD4-2AAC-403E-AB7B-6CA31F190AB3}: NameServer = 68.28.58.92 68.28.50.91
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

--
End of file - 9769 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 29 October 2009 - 08:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 gaaira

gaaira
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 30 October 2009 - 02:48 PM

I ran DDS, here it is and I am attaching Attach.txt. Included is Root Repeal log also. In trying to fix it myself, I have performed a lot of tasks but none work. I have downloaded and ran SuperAntiSpyware, Malwarebytes, HighjackThis, CCleaner, Combofix, Free Window Registry Repair. I think that is it. I am still having webpages redirected.

Thank you for your help!!


DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Administrator at 12:30:29.42 on Fri 10/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.372 [GMT -7:00]

AV: avast! antivirus 4.8.1356 [VPS 091030-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://www.java.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} -

c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
TCP: {04EA3BD4-2AAC-403E-AB7B-6CA31F190AB3} = 68.28.58.92 68.28.50.91
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-6 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-6 20560]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-10-21 08:20:17 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-21 08:20:03 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-21 08:20:03 0 d-----w- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2009-10-21 08:19:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-21 08:01:40 0 d-----w- c:\program files\CCleaner
2009-10-21 07:03:27 0 d-----w- c:\program files\Free Window Registry Repair
2009-10-21 06:27:23 98816 ----a-w- c:\windows\sed.exe
2009-10-21 06:27:23 236544 ----a-w- c:\windows\PEV.exe
2009-10-21 06:27:23 161792 ----a-w- c:\windows\SWREG.exe
2009-10-18 23:56:22 0 d-----w- c:\windows\system32\NtmsData
2009-10-18 23:49:04 0 d-----w- c:\program files\Trend Micro
2009-10-18 18:30:08 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-10-18 18:29:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 18:29:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 18:29:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 18:29:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-17 21:47:08 0 d-----w- c:\program files\MSECache
2009-10-14 22:39:19 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-14 22:39:18 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-14 22:39:18 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-14 22:39:17 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-14 22:35:13 0 d-----w- c:\program files\common files\Nikon
2009-10-14 22:35:09 0 d-----w- c:\program files\Nikon
2009-10-14 22:34:35 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-10-13 05:15:31 45568 ----a-w- c:\windows\system32\BrUsi07a.dll
2009-10-13 05:15:31 1520640 ----a-w- c:\windows\system32\BrWia07a.dll
2009-10-13 05:15:30 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2009-10-13 05:03:26 0 d-----w- C:\brother scanner
2009-10-13 01:37:24 0 d-----r- c:\docume~1\hp_adm~1\applic~1\Brother
2009-10-13 01:35:00 419 ----a-w- c:\windows\BRWMARK.INI
2009-10-13 01:35:00 27 ----a-w- c:\windows\BRPP2KA.INI
2009-10-13 01:23:27 0 d-----w- C:\brother printer
2009-10-08 22:06:43 0 d-----w- c:\windows\system32\CatRoot_bak
2009-10-08 19:58:08 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-08 19:58:08 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-08 19:56:55 2180480 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-08 19:56:55 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-08 19:56:55 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-08 19:56:55 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-08 19:56:35 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-08 04:59:50 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-08 04:59:50 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-07 22:40:02 0 d-----w- c:\windows\system32\PreInstall
2009-10-07 20:19:04 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate
2009-10-07 20:19:02 0 d-----w- c:\windows\Hewlett-Packard
2009-10-06 16:03:39 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-06 03:08:53 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Sprint
2009-10-06 02:41:12 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2009-10-06 02:40:38 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-06 02:40:38 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-06 02:40:13 17920 ----a-w- c:\windows\system32\apintfnt.dll
2009-10-06 02:39:31 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-10-06 02:09:21 0 d-sha-r- C:\cmdcons
2009-10-06 02:07:02 1824 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX265AA-ABA a1510n_YC_0Pavi_QCNH628_E63NAemMPA2_48_INAGAMI2_SASUSTek

Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.4_#060820_N_Z11C10620_G10DE0241_OTSSTcorp CD DVDW TS-H652M.MRK
2009-10-06 02:02:10 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-10-06 01:51:37 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-10-06 01:51:34 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-06 01:51:27 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-10-06 01:07:10 0 d-sh--r- c:\windows\system32\dllcache
2009-10-05 20:04:49 86016 ----a-w- c:\windows\unvise32qt.exe
2009-10-05 19:59:25 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-05 19:59:01 0 d-----w- c:\program files\AVG
2009-10-05 19:59:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2009-10-05 19:45:13 0 d-----w- c:\program files\Rosetta Stone
2009-10-05 18:08:52 0 d-----w- C:\Research in Motion
2009-10-05 18:08:52 0 d-----w- c:\program files\common files\Research in Motion
2009-10-05 18:08:52 0 d-----w- c:\program files\common files\Motorola Shared
2009-10-05 18:08:51 0 d-----w- c:\program files\Sierra Wireless
2009-10-05 18:08:38 0 d-----w- c:\program files\Sprint
2009-10-05 18:08:38 0 d-----w- c:\program files\Novatel Wireless
2009-10-05 18:08:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Sprint

==================== Find3M ====================

2009-09-25 05:49:02 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-09-25 05:49:02 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:48:58 151040 ------w- c:\windows\system32\dllcache\cdfview.dll
2009-09-25 05:48:58 1054208 ------w- c:\windows\system32\dllcache\danim.dll
2009-09-25 05:48:57 1024000 ------w- c:\windows\system32\dllcache\browseui.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:33:52 133632 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:28:59 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:41 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:16:37 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 15:16:05 512000 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-08-05 09:11:47 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:11:47 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2007-10-06 09:59:34 59392 ----a-w- c:\program files\moto4lin-0.3.tar.bz2

============= FINISH: 12:31:59.34 ===============



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 12:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF357C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BC2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9184000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e76b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e7574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e7a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e714c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e764e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e708c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e70f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e776e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e772e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf35e78ae

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf37640b0

==EOF==

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 30 October 2009 - 07:47 PM

The logs look good.

Firefox redirects are sometimes down to something called Goored. Let's start there.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 03 November 2009 - 09:46 AM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 03 November 2009 - 08:38 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 16 November 2009 - 08:10 PM

Reopened at user's request

---------------------------------------------

Post away, gaaira :(
Posted Image
m0le is a proud member of UNITE

#8 gaaira

gaaira
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 18 November 2009 - 04:06 PM

Thank you. Here is Goored log. Also my Avast has popped up twice saying it has sign of WIN32: Alureon-EC [Rtk]. in C:\WINDOWS\system32\tdlwsp.dll, but I have searched computer and cannot find that file; whats the deal? Is the Goored log supposed to be so short? It scanned and the log popped up in about 5 seconds...?


GooredFix by jpshortstuff (09.11.09.1)
Log created at 17:30 on 16/11/2009 (HP_Administrator)
Firefox version 3.5.4 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:46 28/11/2006]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [17:51 13/05/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [14:27 04/10/2007]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:01 30/10/2009]

-=E.O.F=-

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 18 November 2009 - 04:35 PM

It is a short scan. Don't worry about that, Gooredfix found nothing. :(

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#10 gaaira

gaaira
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 18 November 2009 - 05:33 PM

Ok, here is Combofix log. I should tell you, my avast has been acting up, I just uninstalled it and I am installing AVG right now. I had Norton but it was worse...

ComboFix 09-11-18.06 - HP_Administrator 11/18/2009 14:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.550 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\comfix.exe
AV: avast! antivirus 4.8.1356 [VPS 091118-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

2009-11-18 20:01 . 2009-11-03 04:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-17 00:55 . 2009-11-17 01:01 8084968 ----a-w- c:\program files\Firefox Setup 3.5.5.exe
2009-10-30 20:01 . 2009-10-30 20:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-30 20:01 . 2009-10-30 20:01 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-23 07:48 . 2009-10-23 07:48 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth
2009-10-21 08:20 . 2009-10-21 08:20 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-21 08:20 . 2009-10-21 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-21 08:20 . 2009-10-21 08:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-21 08:20 . 2009-10-21 08:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-10-21 08:19 . 2009-10-21 08:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-21 08:01 . 2009-10-21 08:01 -------- d-----w- c:\program files\CCleaner
2009-10-21 07:03 . 2009-10-21 07:06 -------- d-----w- c:\program files\Free Window Registry Repair

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 01:41 . 2006-06-16 04:48 -------- d-----w- c:\program files\HP Games
2009-11-16 20:34 . 2006-06-16 05:13 -------- d-----w- c:\program files\Google
2009-10-30 22:02 . 2004-08-10 04:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-10-30 22:01 . 2009-10-05 19:45 -------- d-----w- c:\program files\Rosetta Stone
2009-10-30 20:01 . 2006-06-16 04:13 -------- d-----w- c:\program files\Java
2009-10-18 23:49 . 2009-10-18 23:49 -------- d-----w- c:\program files\Trend Micro
2009-10-18 18:30 . 2009-10-18 18:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-10-18 18:30 . 2009-10-18 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 18:29 . 2009-10-18 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-17 21:55 . 2006-06-16 04:45 55864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 21:47 . 2009-10-17 21:47 -------- d-----w- c:\program files\MSECache
2009-10-15 22:15 . 2009-10-15 22:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ArcSoft
2009-10-14 22:44 . 2009-10-14 22:34 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-10-14 22:38 . 2009-10-14 22:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Nikon
2009-10-14 22:38 . 2009-10-14 22:35 -------- d-----w- c:\program files\Common Files\Nikon
2009-10-14 22:36 . 2009-10-14 22:36 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-10-14 22:35 . 2009-10-14 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-10-14 22:35 . 2009-10-14 22:35 -------- d-----w- c:\program files\Nikon
2009-10-14 22:34 . 2009-10-14 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-10-14 22:34 . 2009-10-14 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-10-14 22:33 . 2009-10-14 22:33 -------- d-----w- c:\program files\ArcSoft
2009-10-14 22:33 . 2006-06-16 04:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 22:04 . 2009-10-07 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-10-13 20:03 . 2008-12-25 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-13 18:47 . 2006-08-20 22:50 -------- d-----w- c:\program files\QuickTime
2009-10-13 18:46 . 2008-12-25 01:31 -------- d-----w- c:\program files\Common Files\Apple
2009-10-13 01:37 . 2009-10-13 01:37 -------- d-----r- c:\documents and settings\HP_Administrator\Application Data\Brother
2009-10-08 00:47 . 2009-10-08 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-07 20:19 . 2006-06-16 04:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-07 18:15 . 2009-10-05 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-06 17:11 . 2006-06-16 05:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-06 17:11 . 2006-06-16 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-06 16:33 . 2009-10-06 16:33 -------- d-----w- c:\program files\Alwil Software
2009-10-06 03:08 . 2009-10-06 03:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sprint
2009-10-06 02:07 . 2009-10-06 02:07 1824 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX265AA-ABA a1510n_YC_0Pavi_QCNH628_E63NAemMPA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.4_#060820_N_Z11C10620_G10DE0241_OTSSTcorp CD DVDW TS-H652M.MRK
2009-10-06 00:36 . 2009-10-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-06 00:23 . 2009-10-06 00:23 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Netscape
2009-10-05 20:26 . 2007-10-24 01:16 -------- d-----w- c:\program files\THQ
2009-10-05 19:59 . 2009-10-05 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-05 19:59 . 2009-10-05 19:59 -------- d-----w- c:\program files\AVG
2009-10-05 19:25 . 2009-10-05 19:25 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-05 19:18 . 2009-10-05 19:18 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-05 19:11 . 2009-10-05 19:11 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AVG8
2009-10-05 18:19 . 2009-10-05 18:19 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sprint
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- c:\program files\Common Files\Research in Motion
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- c:\program files\Sierra Wireless
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- c:\program files\Sprint
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- c:\program files\Novatel Wireless
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2009-09-15 10:59 . 2009-10-06 16:33 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-10-06 16:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-10-06 16:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-06 16:34 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-06 16:34 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-10-06 16:34 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-10-06 16:34 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-10-06 16:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-10-06 16:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:33 . 2004-08-10 04:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 21:54 . 2009-10-18 18:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-10-18 18:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 04:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:16 . 2004-08-10 04:00 247326 ------w- c:\windows\system32\strmdll.dll
2007-10-06 09:59 . 2007-10-06 09:59 59392 ----a-w- c:\program files\moto4lin-0.3.tar.bz2
2005-01-07 23:20 . 2005-01-07 23:20 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 23:20 . 2005-01-07 23:20 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2009-03-06 01:08 . 2009-05-28 02:36 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2007-08-13 16:22 . 2007-08-13 16:22 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-04-12 21:23 . 2007-04-12 21:23 42032 c:\program files\Common Files\AOL\1156114155\EE\bak\AOLSoftware.exe

2006-10-23 12:50 . 2006-10-23 12:50 71216 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe

2006-06-16 04:45 . 2007-10-31 19:52 185632 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2006-06-16 04:45 . 2006-06-16 04:45 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-03-16 09:12 . 2006-03-16 09:12 1077248 c:\program files\DISC\bak\DISCover.exe
2006-03-16 09:12 . 2006-03-16 09:12 1077248 c:\program files\DISC\DISCover.exe

2006-03-16 09:11 . 2006-03-16 09:11 61440 c:\program files\DISC\bak\DiscUpdMgr.exe
2006-03-16 09:11 . 2006-03-16 09:11 61440 c:\program files\DISC\DISCUpdMgr.exe

2006-10-02 19:56 . 2007-08-13 21:46 1838592 c:\program files\Google\Google Desktop Search\bak\GoogleDesktop.exe

2008-03-02 17:09 . 2009-05-31 23:42 19195 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.csv
2005-08-16 23:35 . 2009-11-18 19:55 874 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.csv

2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
2006-02-16 05:34 . 2006-02-16 05:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

2006-06-16 03:57 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
2006-06-16 03:57 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

2005-12-16 01:18 . 2005-12-16 01:18 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe
2008-12-08 22:50 . 2008-12-08 22:50 54576 c:\program files\HP\HP Software Update\hpwuschd2.exe

2006-03-20 16:05 . 2006-03-20 16:05 90112 c:\program files\HP DigitalMedia Archive\bak\DMAScheduler.exe
2006-03-20 16:05 . 2006-03-20 16:05 90112 c:\program files\HP DigitalMedia Archive\DMAScheduler.exe

2007-10-04 14:27 . 2007-09-25 08:11 132496 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

2006-08-20 22:50 . 2006-08-20 22:50 98304 c:\program files\QuickTime\bak\qttask.exe
2009-09-05 08:54 . 2009-09-05 08:54 417792 c:\program files\QuickTime\QTTask.exe

2006-10-02 19:47 . 2002-02-05 05:32 53248 c:\program files\REGSHAVE\bak\REGSHAVE.EXE

2004-08-10 10:04 . 2005-09-30 04:01 67584 c:\windows\ehome\bak\ehtray.exe
2004-08-10 10:04 . 2005-09-30 04:01 67584 c:\windows\ehome\ehtray.exe

2006-06-16 04:58 . 2005-07-23 05:14 237568 c:\windows\SMINST\bak\RECGUARD.EXE
2006-06-16 04:58 . 2005-07-23 05:14 237568 c:\windows\SMINST\Recguard.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 17672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-30 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-25 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-5-10 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-6-15 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/6/2009 8:34 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/6/2009 8:34 AM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-11-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://www.java.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 14:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\HP_ADM~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-18 14:20
ComboFix-quarantined-files.txt 2009-11-18 22:20
ComboFix2.txt 2009-10-21 06:56

Pre-Run: 161,925,505,024 bytes free
Post-Run: 161,894,506,496 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - 5212CB2B326F84D2706D72739E24832F

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 18 November 2009 - 07:01 PM

Combofix replaced an infected system file which indicated rootkit activity.

No more though. :(

Let's run an online scanner to clean up any other infected files

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks, nearly there :(
Posted Image
m0le is a proud member of UNITE

#12 gaaira

gaaira
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 18 November 2009 - 09:27 PM

I am still running the online scan, it is crawling around 75% done...will post log soon!!

#13 gaaira

gaaira
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 18 November 2009 - 09:48 PM

Here is the log...


C:\Program Files\HP Rhapsody\rhapsody.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Program Files\On Hand Software\Living Will Made Easy\PDFCreator\PDFCreator-install.exe probably a variant of Win32/Genetik trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP46\A0008350.sys probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP46\A0008423.sys probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP49\A0008549.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP49\A0008550.exe probably a variant of Win32/Genetik trojan deleted - quarantined

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:53 AM

Posted 19 November 2009 - 07:56 AM

That's looking good. Any problems still?

If not here are the final instructions

Your log is clean. Good stuff! :(

Let's firstly do some housekeeping

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it gaaira, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#15 gaaira

gaaira
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 November 2009 - 09:32 AM

THANK YOU THANK YOU THANK YOU!!!!! Looks like we're good!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users