Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Genric Host Process for Win32 services encountered a problem


  • This topic is locked This topic is locked
5 replies to this topic

#1 Asheville Anna

Asheville Anna

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 20 January 2010 - 03:44 PM

About a week ago I noticed that clicking on links in google or yahoo search results was redirecting me to random websites instead of to the link I clicked on. Today when I booted up my computer it worked normally for about 45 minutes. Then I got a Windows error reporting screen that said "Generic Host Process for Win32 services has encountered a problem and needs to close." Immediatly after that I get another screen that says the system is shutting down in 60 seconds and says "NT Authority/System DCOM server process was terminated unexpectedly."

I ran Norton with no infections found. I ran Spyware Begone with no infections found. I downloaded and installed malwarebytes after reading a few posts here and it found over 20 problems, which is claims to have fixed. I had to run it in safe mode in order to keep the computer from shutting down in the middle of the scan. I ran another scan with malwarebytes after rebooting (again in safe mode) and it found no infections.

I rebooted normally and received the same error after about 45 minutes. Below are the following logs

1. Malwarebytes log from first scan
2. DDS logs

I tried to download and run the rootrepeal program, but it would not install. Fortunately the computer is still functional, but any help will be greatly appeciated.

Malwarebytes' Anti-Malware 1.44
Database version: 3602
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/20/2010 11:38:16 AM
mbam-log-2010-01-20 (11-38-10).txt

Scan type: Quick Scan
Objects scanned: 146902
Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\WMPDSR.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: wmpdsr.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Files Infected:
C:\WINDOWS\WMPDSR.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\Temp\upkvww.exe (Trojan.Hiloti) -> No action taken.
C:\Documents and Settings\Anna Stearns\Local Settings\Temp\5.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Anna Stearns\Local Settings\Temp\6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Anna Stearns\Local Settings\Temp\7.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Anna Stearns\Local Settings\Temp\8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Anna Stearns\Local Settings\Temp\AE.tmp (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Anna Stearns\Local Settings\Temp\B0.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\spool\prtprocs\w32x86\DC.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.

_____________________________________



DDS (Ver_09-12-01.01) - NTFSx86
Run by Anna Stearns at 15:27:43.76 on Wed 01/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.218 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROLAW\Binn\sqlservr.exe
C:\Program Files\Starfish\TrueSync\TSTool.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Anna Stearns\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://www.nclink.net/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search 2\toolbar\ToolbarContainer101000311.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search 2\toolbar\ToolbarContainer101000311.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DeskbandIntegration302000044.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spyware Begone] "c:\spywarebegone\SpywareBeGone.exe" -FastScan
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Ypozaz] rundll32.exe "c:\windows\irabebax.dll",Startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{f73e7b59-f951-11d4-884d-00902761a46d}\I_26dadCC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truesy~1.lnk - c:\program files\starfish\truesync\TSTool.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxps://a248.e.akamai.net/7/248/11498/v1/www.moveonpac.org/content/qt/qtplugin.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://madisonrod.com/view/tiffx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140725212937
DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} - hxxp://loandocs.swiftsend.com/RedirectHTTP.html?url=http%3A%2F%2Fproducts.swiftview.com%2Finstall.html%3Fid%3Dsv7%2FACTIVEX_CAB%26ctx%3D%26ref%3D
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://softprocorp.webex.com/client/T26L/support/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {68FEE17F-F132-47A1-B1E3-565B24E95214} = 192.0.0.1,192.168.254.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-19 47640]
R2 MSSQL$PROLAW;MSSQL$PROLAW;c:\program files\microsoft sql server\mssql$prolaw\binn\sqlservr.exe -sprolaw --> c:\program files\microsoft sql server\mssql$prolaw\binn\sqlservr.exe -sPROLAW [?]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-22 1245064]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\system32\TSSchBkpService.exe [2006-9-24 705024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100119.051\NAVENG.SYS [2010-1-20 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100119.051\NAVEX15.SYS [2010-1-20 1323568]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 SQLAgent$PROLAW;SQLAgent$PROLAW;c:\program files\microsoft sql server\mssql$prolaw\binn\sqlagent.exe -i prolaw --> c:\program files\microsoft sql server\mssql$prolaw\binn\sqlagent.EXE -i PROLAW [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-20 19:33:06 0 d-----w- c:\windows\pss
2010-01-20 15:43:02 0 d-----w- c:\docume~1\annast~1\applic~1\Malwarebytes
2010-01-20 15:42:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 15:42:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-20 15:42:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 15:42:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 12:30:55 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 12:23:41 0 ----a-w- c:\windows\Ipebamicun.bin
2010-01-12 12:23:40 120 ----a-w- c:\windows\Ebiwozahuy.dat

==================== Find3M ====================

2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 15:31:45.57 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2005 3:30:03 PM
System Uptime: 1/20/2010 3:08:26 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0WC297
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 12.681 GiB free.
D: is CDROM (CDFS)
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
AIM 7
AOL Uninstaller (Choose which Products to Remove)
AppCore
Apple Software Update
ccCommon
Compatibility Pack for the 2007 Office system
Component Framework
Copernic Desktop Search - Home
Critical Update for Windows Media Player 11 (KB959772)
Deed-Chek 6.0
Download Updater (AOL LLC)
eLynx Ltd. Web Post Printer
FoneSync
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
hp LaserJet 4250/4350/4240
HP Printer Access Tool
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Linksys PrintServer Driver
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LogMeIn
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2007
Microsoft Office Small Business Edition 2003
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft SQL Server Desktop Engine (PROLAW)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton Spyware Scan
Norton Spyware Scan provided by Yahoo!
Pdf995
PdfEdit995
Plaxo Toolbar for Windows
Quick View Plus
QuickBooks Pro 2008
QuickFile 4Outlook - Lawyers Edition Version 3.2.70
QuickTime
R-Viewer
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sidekick 99
SoftPro
SoftPro for Windows
SPBBC 32bit
Spyware Begone V6.95
SupportSoft Assisted Service
SwiftView Viewer
Symantec KB-DocID:2003093015493306
Symantec Real Time Storage Protection Component
SymNet
Timeslips 2007 Local
TOSHIBA e-STUDIO3510c Series Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (3821h)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 2002 Professional
Works Suite OS Pack
Works Synchronization
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/20/2010 9:47:26 AM, error: Service Control Manager [7022] - The Windows Time service hung on starting.
1/20/2010 9:47:26 AM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
1/20/2010 9:06:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
1/20/2010 8:58:21 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/20/2010 8:58:21 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/20/2010 2:11:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
1/20/2010 2:11:31 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/20/2010 11:42:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 eeCtrl Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip
1/20/2010 11:15:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/20/2010 11:15:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2010 11:12:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip
1/20/2010 11:12:58 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2010 11:12:58 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2010 11:12:58 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2010 11:12:58 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/20/2010 10:23:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/20/2010 10:23:28 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/19/2010 7:19:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FLEXnet Licensing Service service to connect.
1/19/2010 7:19:22 AM, error: Service Control Manager [7000] - The FLEXnet Licensing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2010 10:58:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
1/16/2010 10:58:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
1/16/2010 10:58:57 AM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2010 10:53:03 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/16/2010 10:53:03 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/15/2010 7:20:36 AM, error: Service Control Manager [7022] - The Server service hung on starting.
1/15/2010 7:20:36 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
1/15/2010 7:20:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect.
1/15/2010 7:20:35 AM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/15/2010 5:16:27 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).
1/15/2010 5:15:59 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
1/13/2010 8:28:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/13/2010 8:28:50 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:09:22 AM

Posted 25 January 2010 - 12:38 AM

Hi Asheville Anna
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.

Thanks
maranatha

Edited by maranatha, 25 January 2010 - 07:59 AM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:09:22 AM

Posted 25 January 2010 - 07:58 AM

Hi Asheville Anna

Your computer has a backdoor Trojan.
Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, collect confidential data and information from the computer, log activity on the computer and more.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would suggest you disconnect this PC from the Internet immediately, change all passwords using a Non-infected computer (Not this one) and refrain from any credit card or financial dealings until clean. If you do any financial dealings with this computer Contact any credit card or banks for possible fraud on your account.


Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

If you decide to clean your system please do the following.


You ran Malwarebytes Anti-malware but did not let it clean.

Please follow these instructions for MBAM.

Launch Malwarebytes' Anti-Malware, Click on the “Update” Tab.
  • Click on the "Check for Updates button".
  • If an update is found, it will download and install the latest version.
  • Once the program has Updated, select 'Perform Quick Scan', then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log and a new DDS log.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#4 Asheville Anna

Asheville Anna
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 25 January 2010 - 10:49 AM

Thank you for the response. Fortunately, we had been toying with the idea of new computers anyway since these are about 5 years old. It is a work computer, so sensitive data is an issue. We will be replacing the computer. In your opinion, will it be safe to transfer files, such as my Outlook .pst file, My Documents, etc., to the new computer or will I risk possibly infecting the new computer?

For what it's worth, I did allow Malwarebytes to clean the infected files and here is the log I got afterward.

Malwarebytes' Anti-Malware 1.44
Database version: 3602
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/20/2010 3:26:52 PM
mbam-log-2010-01-20 (15-26-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 28989
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
******************************************


Thanks again for your help!

Anna

#5 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:09:22 AM

Posted 27 January 2010 - 12:49 AM

Hi
I believe that is a good choice.

You can save and transfer those files.

I would do this to be on the safe side.
Move all files to a seperate folder on your hard drive and run a virus scan on that folder before transfering, then transfer the folder to the new machine and run a virus scan again on that folder.

Here are a few Preventive recommendations:

The following is a list of tools and utilities that we recommend to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  1. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.
    To do this just Click > Start > All Programs Click on > Windows Update, and follow the online instructions from there.
    (It is recommended that you have Windows Updates set to download and install automatically.)

  2. One of your first defenses against infections and hackers is an Anti-virus and Firewall
    These are a Must Have to help keep you protected in today’s Internet world.
    Here are some good ones and the best part, they are Free!

    Please Download and run only 1 AV and only 1 firewall.

    Anti-Virus
    AVGFree
    Avast
    Avira

    Firewall
    Comodo Firewall > During the setup process you will be given a choice, Please choose: Install the Firewall as a standalone
    Zonealarm Firewall

    Download, Update and scan your computer with the AV. Quarantine/Delete anything it finds.
    Check for updates at least once a week and do regular scans. Most AV’s can be scheduled to scan at a given time, this is also recommended.

    Also I suggest you read this.
    Understanding Firewalls

  3. Malwarebytes' Anti-Malware (MBAM)
    http://www.malwarebytes.org/mbam.php (Home page)
    Malwarebytes' Anti-Malware is considered to be the next step in the detection and removal of malware.
    Some Key Features:
    Operating Systems: Microsoft ® Windows 2000, XP, Vista.
    Database updates released daily.
    Works together with other anti-malware utilities.
    This is a free program with the option of Activating a full version, unlocking realtime protection, scheduled scanning, and scheduled updating. It is a one time fee of $24.95 for the full version.
    Remember to ALWAYS check for and install available updates prior to scanning!

  4. Spybot Search & Destroy- A well known and reputable, FREE (for personal use) adware, spyware and malware removal program. Spybot has some great features to help protect against future infection too, as well as several other useful utilities built in. Check out the FAQ and Tutuorial pages while you're there!
    Remember to ALWAYS check for and install available updates prior to scanning!

  5. Ad-Aware - Another well known and reputable, FREE (for personal use) adware, spyware and malware removal program, Ad-Aware and Spybot S & D compliment each other very well, each finding and/or removing things the other doesn't. Regular scans with these two applications will help to ensure that many nasties managing to sneek in get caught and removed. The first in anti-spyware packages, Ad-Aware has the experience to provide a powerful cleaning tool. Also available in a feature-rich Professional version, making Ad-Aware an attractive package for everyone from Home user to Enterprise.
    Remember to ALWAYS check for and install available updates prior to scanning!

  6. SpywareBlaster is a Freeware (for personal use) application that will help to prevent the installation of spyware and other potentially unwanted software. It accomplishes this by blocking the installation of many known bad ActiveX controls, spyware and tracking cookies, and restricting the actions of potentially unwanted sites. SpywareBlaster does not require any running or background processes to work once protections are enabled, which means it will not slow down your system in any way.

  7. SpywareGuard - A Spyware "Shield" to protect your computer, acting much like your antivirus real-time protection. It's features include scanning files for spyware before you open them, blocking spyware downloads in Internet Explorer and monitoring/preventing attempted browser hijacking. Small and lightweight, yet powerful! Compatible with Windows 98, ME, 2000 & XP
    FREEWARE (for personal use)

  8. The MVPS Hosts File or similar HOSTS file will actually block a list of known bad sites from even loading in your browser. It can also be used to block ads, banners, 3rd party cookies and more. Operating system compatibility and installation instructions are provided.

  9. Install WinPatrol to monitor some key registry locations, file system changes, and other important areas, and have it alert you of the changes BEFORE allowing them to take place.

  10. Another thing we would suggest is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites. When using a search engine, The Ratings show up as small dots next to the web site. Green for Good, Yellow for Caution, Red for bad. Set your cursor on the dot for a small pop up window that provides more information on that web site.
    Web Browser: Internet Explorer 6 or 7. : Also works with Firefox.
    Operating System: Windows 2000 (Service Pack 4) Windows XP and Windows Vista

  11. If you would prefer something other then McAfee SiteAdvisor, you can go with this.
    WOT Web Of Trust.
    This is also free and is a well respected tool.

Now just because you have security applications installed, they are useless unless updated regularly.
Most of the above recommended applications are updated periodically, and it's up to you to check for updates. Set aside time in a day each month to update all of your protections.


To find out more information about how you got infected in the first place and more great guidelines to follow to prevent future infections you can read
this article by Grinler

Surf Safely!
Maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:22 PM

Posted 31 January 2010 - 01:30 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users