Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect virus


  • Please log in to reply
10 replies to this topic

#1 luprec

luprec

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 15 December 2009 - 01:51 AM

Hello,

Clicking on links in search engine results redirect to randome sites. I have tried several search engines (Google, Yahoo, Bing) and several Browsers (IE, Firefox, Chrome). All are affected.

I cannot boot to Safe Mode.

I have tried scanning with various antivirus scanners, and none detect any problem. I have tried: SpyBot, MacAfee, AdAware, Malware Bytes and PC Tools.

This began around the time I cleaned my PC of "AntiVirus System PRO", although I don't know if this event is related.

Thanks for the help,
-Cliff


DDS (Ver_09-12-01.01) - NTFSx86
Run by Young at 23:51:03.25 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2302.1780 [GMT -8:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB974417-x86.exe
f:\7d025c1f86d0a540cfc45f2fd751\HotFixInstaller.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Deleteme\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [Google Update] "c:\documents and settings\young\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/dragontales/berry_surprise/dberry_game.html"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8D619C19-0202-464A-9FA8-C8110D86B0A3} - hxxps://projectpoint.buzzsaw.com/!/download/ProjectPoint-BZ-EN.exe
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://maui.autodesk.com/dana-cached/setup/JuniperSetupSP1.cab
SSODL: guvevejaf - {884f1ddc-cb7d-4161-b3c3-1a0f41093ad3} - c:\windows\system32\tupuraso.dll
SSODL: pigebojev - {849a116d-ce1a-4e83-b3dc-8fe63121b345} - c:\windows\system32\susalade.dll
SSODL: niketopid - {cd640d1c-1a30-415b-b15c-41b85829cd62} - c:\windows\system32\gomopiwe.dll
SSODL: rofetalid - {8375ae8e-a8e9-4d70-807b-34a59dc8fb7d} - c:\windows\system32\lejekilu.dll
SSODL: tezivutos - {a1bf23b7-3c6f-41d5-9221-2fe5ee0a1d49} - c:\windows\system32\lunazuse.dll
SSODL: vesudowiy - {ade5c614-95dc-42c9-8e32-773ad781349a} - No File
STS: kupuhivus: {884f1ddc-cb7d-4161-b3c3-1a0f41093ad3} - c:\windows\system32\tupuraso.dll
STS: gahurihor: {849a116d-ce1a-4e83-b3dc-8fe63121b345} - c:\windows\system32\susalade.dll
STS: gahurihor: {cd640d1c-1a30-415b-b15c-41b85829cd62} - c:\windows\system32\gomopiwe.dll
STS: jugezatag: {8375ae8e-a8e9-4d70-807b-34a59dc8fb7d} - c:\windows\system32\lejekilu.dll
STS: mujuzedij: {a1bf23b7-3c6f-41d5-9221-2fe5ee0a1d49} - c:\windows\system32\lunazuse.dll
STS: {ade5c614-95dc-42c9-8e32-773ad781349a} - No File
LSA: Notification Packages = scecli fidamufa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\young\applic~1\mozilla\firefox\profiles\sznbo2au.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\mozilla firefox\components\FFSource.dll
FF - plugin: c:\documents and settings\young\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-30 206256]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2007-7-12 19478]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-8-27 214664]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2007-7-12 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2007-7-12 431236]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-11-30 21904]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-27 359952]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-11-30 28560]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2007-7-12 64093]
S2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-11-30 933720]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-8-27 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-8-27 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-27 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-27 40552]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-12-14 04:52:37 1152 ----a-w- c:\windows\system32\windrv.sys
2009-12-14 04:52:27 0 d-----w- c:\program files\SpyNoMore
2009-12-14 04:48:13 0 d-----w- c:\windows\pss
2009-12-13 10:10:22 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-13 10:10:22 1409 ----a-w- c:\windows\QTFont.for
2009-12-12 21:56:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-12-12 21:34:46 23552 ----a-w- c:\windows\system32\wdmaud.drv
2009-12-05 20:54:48 0 d-----w- c:\docume~1\young\applic~1\ZoomBrowser EX
2009-12-05 20:36:29 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-12-05 20:35:24 0 d-----w- c:\program files\Canon
2009-12-05 20:33:30 0 d-----w- c:\program files\common files\Canon
2009-12-02 01:50:52 0 d-----w- c:\docume~1\young\applic~1\Keynote Systems
2009-12-01 11:44:02 0 d-----w- C:\b9549c7954f3eb11c124
2009-12-01 11:07:54 0 d-----w- c:\windows\ie8updates
2009-12-01 07:11:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-01 07:11:13 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-01 05:41:57 0 d-----w- c:\docume~1\young\applic~1\PC Tools
2009-12-01 05:38:54 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-01 05:38:54 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-01 05:38:35 0 d-----w- c:\program files\common files\PC Tools
2009-12-01 05:38:34 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-12-01 05:38:34 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-12-01 05:38:34 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-12-01 05:38:14 0 d-----w- c:\program files\PC Tools AntiVirus
2009-12-01 05:38:14 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-30 06:43:17 0 d-----w- c:\program files\Trend Micro
2009-11-27 17:54:55 0 d-sh--w- c:\documents and settings\young\IECompatCache

==================== Find3M ====================

2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 07:45:35 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 07:45:35 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 07:45:34 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:33 11069952 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 07:45:32 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-22 06:52:36 45132 ------w- c:\docume~1\young\applic~1\JuniperExtXP.exe
2005-07-31 01:23:09 74304 ----a-w- c:\program files\MC
2005-04-28 07:21:15 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-31 07:29:03 301 --sh--w- c:\windows\system32\drivers\ios.sys

============= FINISH: 23:57:44.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:46 PM

Posted 26 December 2009 - 03:20 PM

hi luprec,

Your log is several days old. If you still need help simply reply to my post.

How Can I Reduce My Risk to Malware?


#3 luprec

luprec
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 26 December 2009 - 07:06 PM

Yep, still need help.

Thanks!

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:46 PM

Posted 26 December 2009 - 09:16 PM

ok. We will get a download to use. Its called combofix. There is a guide to read first before using it. Read the guide, download it to your desktop, disable any running antivrus or anit-malware as explained in the guide. Double click the saved icon on your desktop and follow the prompts. Post the log in your reply.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#5 luprec

luprec
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 27 December 2009 - 07:21 PM

Here are the contents of the ComboFix log. It looks like running this has solved the problem!


ComboFix 09-12-26.05 - Young 12/27/2009 13:46:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2302.1906 [GMT -8:00]
Running from: c:\documents and settings\Young\Desktop\ComboFix.exe
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Outdated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\AUTOLNCH.REG
c:\windows\cdmxtras
c:\windows\system32\18467.exe
c:\windows\system32\cache329
c:\windows\system32\cache329\B_134000.htm
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_0_0_446700.htm
c:\windows\system32\cache329\B_329_0_0_446800.htm
c:\windows\system32\cache329\B_329_0_0_446900.htm
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_2_0_446700.htm
c:\windows\system32\cache329\B_329_2_0_446800.htm
c:\windows\system32\cache329\B_329_2_0_446900.htm
c:\windows\system32\cache329\B_329_2_1_545900.htm
c:\windows\system32\cache329\B_329_2_1_545900.swf
c:\windows\system32\cache329\B_329_2_1_549000.htm
c:\windows\system32\cache329\B_329_2_1_549000.swf
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_446700.htm
c:\windows\system32\cache329\B_329_3_0_446800.htm
c:\windows\system32\cache329\B_329_3_0_446900.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\B_329_4_0_448200.htm
c:\windows\system32\cache329\B_329_4_0_448300.htm
c:\windows\system32\cache329\B_329_4_0_453400.htm
c:\windows\system32\cache329\B_329_4_0_517100.htm
c:\windows\system32\cache329\B_329_4_0_540900.htm
c:\windows\system32\cache329\B_329_4_0_543200.htm
c:\windows\system32\cache329\B_329_4_0_573500.htm
c:\windows\system32\cache329\B_329_4_2_510600.htm
c:\windows\system32\cache329\B_329_4_4_152400.htm
c:\windows\system32\cache329\B_329_4_4_155300.htm
c:\windows\system32\cache329\B_329_4_4_164100.htm
c:\windows\system32\cache329\B_502100.htm
c:\windows\system32\cache329\B_502600.htm
c:\windows\system32\cache329\B_518700.htm
c:\windows\system32\cache329\B_518800.htm
c:\windows\system32\cache329\B_519600.htm
c:\windows\system32\cache329\B_540500.htm
c:\windows\system32\cache329\B_540700.htm
c:\windows\system32\cache329\B_636500.htm
c:\windows\system32\cache329\t_B_134000.htm
c:\windows\system32\cache329\t_B_329_0_0_105300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_0_0_446700.htm
c:\windows\system32\cache329\t_B_329_0_0_446800.htm
c:\windows\system32\cache329\t_B_329_0_0_446900.htm
c:\windows\system32\cache329\t_B_329_1_0_449200.htm
c:\windows\system32\cache329\t_B_329_1_0_449600.htm
c:\windows\system32\cache329\t_B_329_1_0_454300.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_446700.htm
c:\windows\system32\cache329\t_B_329_2_0_446800.htm
c:\windows\system32\cache329\t_B_329_2_0_446900.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_446700.htm
c:\windows\system32\cache329\t_B_329_3_0_446800.htm
c:\windows\system32\cache329\t_B_329_3_0_446900.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_4_0_448200.htm
c:\windows\system32\cache329\t_B_329_4_0_448300.htm
c:\windows\system32\cache329\t_B_329_4_0_453400.htm
c:\windows\system32\cache329\t_B_329_4_0_517100.htm
c:\windows\system32\cache329\t_B_329_4_0_540900.htm
c:\windows\system32\cache329\t_B_329_4_0_543200.htm
c:\windows\system32\cache329\t_B_329_4_0_573500.htm
c:\windows\system32\cache329\t_B_329_4_2_510600.htm
c:\windows\system32\cache329\t_B_329_4_2_512000.htm
c:\windows\system32\cache329\t_B_329_4_2_517700.htm
c:\windows\system32\cache329\t_B_329_4_2_607000.htm
c:\windows\system32\cache329\t_B_329_4_4_152400.htm
c:\windows\system32\cache329\t_B_329_4_4_155300.htm
c:\windows\system32\cache329\t_B_329_4_4_164100.htm
c:\windows\system32\cache329\t_B_502100.htm
c:\windows\system32\cache329\t_B_502600.htm
c:\windows\system32\cache329\t_B_518700.htm
c:\windows\system32\cache329\t_B_518800.htm
c:\windows\system32\cache329\t_B_519600.htm
c:\windows\system32\cache329\t_B_540500.htm
c:\windows\system32\cache329\t_B_540700.htm
c:\windows\system32\cache329\t_B_553500.htm
c:\windows\system32\cache329\t_B_636500.htm
c:\windows\system32\cache329\t_B_654000.htm
F:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 22:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-27 22:01 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-12-24 17:33 . 2009-12-24 17:33 -------- d-----w- c:\documents and settings\Young\Local Settings\Application Data\PCHealth
2009-12-18 18:12 . 2009-12-18 18:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-18 18:08 . 2009-12-18 18:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-14 04:52 . 2009-12-14 04:52 1152 ----a-w- c:\windows\system32\windrv.sys
2009-12-14 04:52 . 2009-12-24 09:59 -------- d-----w- c:\program files\SpyNoMore
2009-12-12 21:56 . 2009-12-12 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-12 21:34 . 2008-04-14 01:12 23552 ----a-w- c:\windows\system32\wdmaud.drv
2009-12-11 11:04 . 2009-12-11 11:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-05 20:54 . 2009-12-05 20:54 -------- d-----w- c:\documents and settings\Young\Application Data\ZoomBrowser EX
2009-12-05 20:36 . 2009-12-05 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-12-05 20:35 . 2009-12-05 20:39 -------- d-----w- c:\program files\Canon
2009-12-05 20:33 . 2009-12-05 20:33 -------- d-----w- c:\program files\Common Files\Canon
2009-12-02 01:50 . 2009-12-02 01:50 -------- d-----w- c:\documents and settings\Young\Application Data\Keynote Systems
2009-12-01 11:44 . 2009-12-01 11:44 -------- d-----w- C:\b9549c7954f3eb11c124
2009-12-01 11:07 . 2009-12-10 11:12 -------- d-----w- c:\windows\ie8updates
2009-12-01 07:11 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-01 07:11 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-01 05:41 . 2009-12-01 05:41 -------- d-----w- c:\documents and settings\Young\Application Data\PC Tools
2009-12-01 05:38 . 2009-08-24 22:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-01 05:38 . 2009-08-19 19:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-01 05:38 . 2009-12-01 05:38 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-01 05:38 . 2009-02-10 18:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-12-01 05:38 . 2009-02-10 18:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-12-01 05:38 . 2009-02-10 18:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-12-01 05:38 . 2009-12-27 22:08 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-12-01 05:38 . 2009-12-01 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-30 06:43 . 2009-11-30 06:43 -------- d-----w- c:\program files\Trend Micro
2009-11-29 06:32 . 2009-11-29 15:15 -------- d-----w- c:\documents and settings\Young\Local Settings\Application Data\kedixf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 22:10 . 2008-01-08 15:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-27 02:21 . 2008-07-05 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-18 18:06 . 2005-09-10 23:10 -------- d-----w- c:\program files\Google
2009-12-16 00:50 . 2009-12-16 00:50 292704 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2009-12-16 00:50 . 2009-03-18 15:39 -------- d-----w- c:\documents and settings\Young\Application Data\Juniper Networks
2009-12-16 00:50 . 2009-03-18 15:39 37464 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\uninstall.exe
2009-12-14 07:45 . 2005-04-28 06:28 126888 ----a-w- c:\documents and settings\Young\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 07:14 . 2009-04-11 22:28 -------- d-----w- c:\program files\AutoCAD 2010
2009-12-14 07:14 . 2005-07-09 19:42 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-12-14 07:10 . 2005-07-09 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-12-13 23:55 . 2008-11-03 20:31 1956072 ----a-w- c:\documents and settings\Young\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-12-13 09:36 . 2008-02-24 20:06 -------- d-----w- c:\program files\Lavasoft
2009-12-13 09:27 . 2007-08-27 16:00 -------- d-----w- c:\program files\McAfee
2009-12-11 11:57 . 2008-02-25 01:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-09 13:35 . 2009-12-09 13:35 56000 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\uninstall.exe
2009-12-09 13:35 . 2009-12-09 13:35 156968 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\InstallHelper.exe
2009-12-09 13:35 . 2009-12-09 13:35 300328 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
2009-12-09 13:35 . 2009-12-09 13:35 234792 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
2009-12-09 13:35 . 2009-12-09 13:35 65536 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\CertAuthIMC.dll
2009-12-09 13:35 . 2009-12-09 13:35 40448 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\JSystemIMC.dll
2009-12-09 13:10 . 2009-12-16 00:50 548864 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcp80.dll
2009-12-09 13:10 . 2009-12-09 13:10 401462 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\msvcp60.dll
2009-12-07 08:30 . 2009-07-06 05:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 08:05 . 2009-11-30 07:27 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 00:14 . 2009-07-06 05:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13 . 2009-07-06 05:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-19 06:48 . 2009-11-19 06:48 33840 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2009-11-19 06:48 . 2009-11-19 06:48 293424 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2009-11-19 06:48 . 2009-11-19 06:48 18992 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2009-11-19 06:48 . 2009-11-19 06:48 14384 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2009-11-19 06:48 . 2009-01-05 19:22 882224 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2009-11-19 06:48 . 2009-01-05 19:22 85552 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2009-11-19 06:48 . 2009-01-05 19:22 35888 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2009-11-19 06:48 . 2009-01-05 19:22 31280 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2009-11-19 06:48 . 2009-01-05 19:22 170544 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\FWManager.dll
2009-11-13 16:00 . 2005-05-08 12:23 -------- d-----w- c:\program files\Kazaa
2009-11-13 02:14 . 2009-11-13 02:14 50776 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\uninstall.exe
2009-11-13 02:14 . 2009-11-13 02:14 132392 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmf.exe
2009-11-13 02:14 . 2009-11-13 02:14 496936 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
2009-11-13 02:14 . 2009-11-13 02:14 230696 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\JuniperSetupDLL.dll
2009-11-13 02:13 . 2009-11-13 02:13 329752 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
2009-11-13 02:13 . 2009-11-13 02:13 29696 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_de.dll
2009-11-13 02:13 . 2009-11-13 02:13 3072 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmfres_fr.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmfres_es.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmfres_de.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmfres_zh.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmfres_ko.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmfres_ja.dll
2009-11-13 02:13 . 2009-11-13 02:13 2560 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\dsmmfres_zh_cn.dll
2009-11-13 02:13 . 2009-11-13 02:13 23552 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_zh_cn.dll
2009-11-13 02:12 . 2009-11-13 02:12 23552 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_zh.dll
2009-11-13 02:12 . 2009-11-13 02:12 28160 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_en.dll
2009-11-13 02:12 . 2009-11-13 02:12 25088 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_ko.dll
2009-11-13 02:12 . 2009-11-13 02:12 29184 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_fr.dll
2009-11-13 02:12 . 2009-11-13 02:12 28672 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_es.dll
2009-11-13 02:12 . 2009-11-13 02:12 25088 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\setupResource_ja.dll
2009-11-13 02:12 . 2009-11-13 02:12 217800 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
2009-11-13 02:12 . 2009-11-13 02:12 116008 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\JuniperSetupClient.exe
2009-11-13 02:12 . 2009-11-13 02:12 62832 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmf.exe
2009-11-13 02:12 . 2009-11-13 02:12 42360 ------r- c:\documents and settings\Young\Application Data\Juniper Networks\setup\JuniperSetupApp.exe
2009-11-13 02:12 . 2009-11-13 02:12 116088 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\JuniperSetupDLL.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_zh_cn.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_zh.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_ko.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_fr.dll
2009-11-13 02:11 . 2009-11-13 02:11 28672 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_ja.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_es.dll
2009-11-13 02:11 . 2009-11-13 02:11 32768 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_en.dll
2009-11-13 02:10 . 2009-11-13 02:10 32768 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\setupResource_de.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmfres_zh_cn.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmfres_zh.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmfres_ko.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmfres_ja.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmfres_fr.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmfres_es.dll
2009-11-13 02:10 . 2009-11-13 02:10 12288 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\setup\dsmmfres_de.dll
2009-11-13 02:02 . 2009-11-13 02:02 16896 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_JA.dll
2009-11-13 02:00 . 2009-11-13 02:00 18944 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_DE.dll
2009-11-13 02:00 . 2009-11-13 02:00 18432 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ES.dll
2009-11-13 02:00 . 2009-11-13 02:00 18944 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_FR.dll
2009-11-13 02:00 . 2009-11-13 02:00 16384 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ZH_CN.dll
2009-11-13 02:00 . 2009-11-13 02:00 16896 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_KO.dll
2009-11-13 02:00 . 2009-11-13 02:00 24576 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_EN.dll
2009-11-13 02:00 . 2009-11-13 02:00 16384 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClientResource_ZH.dll
2009-11-13 02:00 . 2009-11-13 02:00 303104 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsWinClient.dll
2009-11-13 01:59 . 2009-11-13 01:59 290816 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\dsInstallerClient.dll
2009-11-13 01:15 . 2009-12-16 00:50 626688 ----a-w- c:\documents and settings\Young\Application Data\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcr80.dll
2009-11-11 06:51 . 2006-10-13 05:19 -------- d-----w- c:\program files\DivX
2009-11-11 06:49 . 2009-11-11 06:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 16:26 . 2009-09-20 01:49 425824 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-29 07:45 . 2004-08-10 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-20 16:20 . 2004-08-10 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-10 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2005-07-31 01:23 . 2005-07-31 01:23 74304 ----a-w- c:\program files\MC
2009-12-02 01:51 . 2009-12-02 01:51 149344 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-12-02 01:51 . 2009-12-02 01:51 279392 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-04-28 07:21 . 2005-04-28 07:21 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
2009-03-31 07:29 . 2009-03-31 07:29 301 --sh--w- c:\windows\SYSTEM32\DRIVERS\ios.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\Young\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-21 133104]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-15 257088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-30 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-26 8523776]
"nwiz"="nwiz.exe" [2008-05-26 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-26 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-12-14 1067472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-12 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-12 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-7-12 114688]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2006-11-3 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\CONF.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\dwwin.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [11/30/2009 9:38 PM 206256]
R0 sonypvl2;sonypvl2;c:\windows\SYSTEM32\DRIVERS\sonypvl2.sys [7/12/2007 2:18 PM 19478]
R1 sonypvf2;sonypvf2;c:\windows\SYSTEM32\DRIVERS\sonypvf2.sys [7/12/2007 2:18 PM 635017]
R1 sonypvt2;sonypvt2;c:\windows\SYSTEM32\DRIVERS\sonypvt2.sys [7/12/2007 2:18 PM 431236]
S1 sonypvd2;sonypvd2;c:\windows\SYSTEM32\DRIVERS\sonypvd2.sys [7/12/2007 2:18 PM 64093]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 10:06 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8D619C19-0202-464A-9FA8-C8110D86B0A3} - hxxps://projectpoint.buzzsaw.com/!/download/ProjectPoint-BZ-EN.exe
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Young\Application Data\Mozilla\Firefox\Profiles\sznbo2au.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\Mozilla Firefox\components\FFSource.dll
FF - plugin: c:\documents and settings\Young\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{884f1ddc-cb7d-4161-b3c3-1a0f41093ad3} - c:\windows\system32\tupuraso.dll
SharedTaskScheduler-{849a116d-ce1a-4e83-b3dc-8fe63121b345} - c:\windows\system32\susalade.dll
SharedTaskScheduler-{cd640d1c-1a30-415b-b15c-41b85829cd62} - c:\windows\system32\gomopiwe.dll
SharedTaskScheduler-{8375ae8e-a8e9-4d70-807b-34a59dc8fb7d} - c:\windows\system32\lejekilu.dll
SharedTaskScheduler-{a1bf23b7-3c6f-41d5-9221-2fe5ee0a1d49} - c:\windows\system32\lunazuse.dll
SharedTaskScheduler-{ade5c614-95dc-42c9-8e32-773ad781349a} - (no file)
SSODL-guvevejaf-{884f1ddc-cb7d-4161-b3c3-1a0f41093ad3} - c:\windows\system32\tupuraso.dll
SSODL-pigebojev-{849a116d-ce1a-4e83-b3dc-8fe63121b345} - c:\windows\system32\susalade.dll
SSODL-niketopid-{cd640d1c-1a30-415b-b15c-41b85829cd62} - c:\windows\system32\gomopiwe.dll
SSODL-rofetalid-{8375ae8e-a8e9-4d70-807b-34a59dc8fb7d} - c:\windows\system32\lejekilu.dll
SSODL-tezivutos-{a1bf23b7-3c6f-41d5-9221-2fe5ee0a1d49} - c:\windows\system32\lunazuse.dll
SSODL-vesudowiy-{ade5c614-95dc-42c9-8e32-773ad781349a} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-hp deskjet 5550 series - c:\program files\hp deskjet 5550 series\hpfiui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-874045207-954690645-2265122098-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1120)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2732)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-27 14:23:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 22:23

Pre-Run: 1,092,919,296 bytes free
Post-Run: 1,344,339,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 48B691CA169754C60D6DEED3E466C43A

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:46 PM

Posted 28 December 2009 - 04:36 PM

ok good. re-directs gone now?

How Can I Reduce My Risk to Malware?


#7 luprec

luprec
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 30 December 2009 - 12:58 AM

Yep, redirects are gone.

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:46 PM

Posted 30 December 2009 - 07:42 PM

ok good. Check Malwarebytes for updates then do a full scan and post the log:

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

NOTE: The free version must be updated manually.

How Can I Reduce My Risk to Malware?


#9 luprec

luprec
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 01 January 2010 - 01:44 PM

Updated Malwarebytes and ran Full Scan. Found no issues. Here's the log:

Malwarebytes' Anti-Malware 1.43
Database version: 3467
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/1/2010 10:41:38 AM
mbam-log-2010-01-01 (10-41-38).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 359557
Time elapsed: 9 hour(s), 36 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:46 PM

Posted 01 January 2010 - 08:07 PM

Ok good. you can use a utility for removing combofix:

Please download OTCleanIt and save it to desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Keep Malwarebytes and its good practice to keep it updated even if you dont do a scan with it that much. The free version must be updated manually and a scan started manually.

If all is good; A few tips for you;

10 Tips for Reducing/Preventing Your Risk To Malware:

1) It is essential to keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If these are constantly finding malware then you should review your computer habits.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Even if you get a E-Mail from someone you know, its possible that there computer or account information has been compromised.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.*

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.

10) Warez, cracks etc are very popular for carrying malware payloads. Using them will cause you all kinds of problems. If you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?


#11 luprec

luprec
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 05 January 2010 - 12:26 AM

Thank you so much for your help. Not only is the redirect problem gone, but the machine is running better than it has in a very long time!




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users