Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google search redirect


  • Please log in to reply
7 replies to this topic

#1 xrrak

xrrak

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 28 May 2010 - 12:58 AM

My issue began with Antivirus soft. I removed that spyware in safemode using rkill and Malwarebytes. The issue remaining involves the Firefox browser and google search results. When selecting a link in the search results, rather than going to the selected page, I am taken to a random advertisement page. This happens whether I click the link or right click it and choose open in a new tab. I also cannot connect to windows update.

So far I have tried in, safe mode, rkill followed by Malwarebytes. Then I tried sdfix also in safemode. I then used spybot seek and destroy then AVG free 9.0, both in normal mode, all to no avail.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Xrrak at 0:46:15.60 on Fri 05/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.803 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Documents and Settings\Xrrak\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Xrrak\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\xrrak\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\documents and settings\xrrak\start menu\programs\startup\CurseClientStartup.ccip
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xrrak\applic~1\mozilla\firefox\profiles\7qj079z6.default\
FF - plugin: c:\documents and settings\xrrak\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-4-21 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-4-21 15856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-10 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-10 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-10 242896]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-4-21 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-16 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-3-10 10384]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
S4 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
S4 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]

=============== Created Last 30 ================


==================== Find3M ====================

2010-04-21 16:07:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-20 05:50:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-16 12:48:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 08:18:18 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

============= FINISH: 0:47:52.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:35 PM

Posted 30 May 2010 - 07:32 AM

hi xrrak,

We will get a download to use. Its called Combofix. There is a guide to read first. Read through the guide then apply the directions on your own computer. Post the combofix log in your reply.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#3 xrrak

xrrak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 31 May 2010 - 03:03 PM

ComboFix 10-05-30.09 - Xrrak 05/31/2010 15:41:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1115 [GMT -4:00]
Running from: c:\documents and settings\Xrrak\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-28 00:57 . 2010-05-28 00:57 388096 ----a-r- c:\documents and settings\Xrrak\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-27 18:53 . 2010-05-27 19:04 -------- d-----w- c:\documents and settings\Xrrak\Local Settings\Application Data\Temp
2010-05-27 18:53 . 2010-05-27 18:54 -------- d-----w- c:\documents and settings\Xrrak\Local Settings\Application Data\Google
2010-05-27 17:20 . 2010-05-29 19:15 63488 ----a-w- c:\documents and settings\Xrrak\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-27 17:20 . 2010-05-27 17:20 52224 ----a-w- c:\documents and settings\Xrrak\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-27 17:20 . 2010-05-29 19:15 117760 ----a-w- c:\documents and settings\Xrrak\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-27 17:20 . 2010-05-27 17:20 -------- d-----w- c:\documents and settings\Xrrak\Application Data\SUPERAntiSpyware.com
2010-05-27 17:20 . 2010-05-27 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-27 17:19 . 2010-05-27 17:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-27 08:44 . 2010-05-27 08:44 0 ----a-w- C:\SDFix.exe
2010-05-27 08:23 . 2010-05-27 08:23 -------- d-----w- c:\windows\nview
2010-05-27 08:23 . 2008-05-16 18:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-27 08:23 . 2008-05-16 15:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-26 08:52 . 2010-05-27 18:45 5 ----a-w- c:\windows\treeskp.sys
2010-05-26 08:52 . 2010-05-27 18:45 5 ----a-w- c:\windows\sbacknt.bin
2010-05-26 08:52 . 2010-05-26 08:52 152904 ----a-w- c:\windows\system32\vghd.scr
2010-05-26 08:52 . 2010-05-26 08:52 -------- d-----w- c:\program files\vghd
2010-05-26 06:14 . 2010-05-26 06:14 -------- d-----w- C:\$AVG
2010-05-26 01:18 . 2010-05-26 01:18 -------- d-sh--w- c:\documents and settings\Xrrak\IECompatCache
2010-05-26 01:09 . 2010-05-26 01:09 -------- d-----w- c:\windows\Sun
2010-05-25 17:53 . 2010-05-25 17:53 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Malwarebytes
2010-05-25 17:53 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 17:53 . 2010-05-25 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 17:53 . 2010-05-25 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-25 17:53 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 08:52 . 2010-05-25 08:52 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-05-25 08:42 . 2010-05-25 08:43 -------- d-----w- c:\windows\ERUNT
2010-05-25 08:42 . 2010-05-27 15:44 -------- d-----w- C:\SDFix
2010-05-25 08:35 . 2010-05-25 19:27 -------- d-----w- c:\documents and settings\Xrrak\Local Settings\Application Data\qujvnorec
2010-05-25 04:21 . 2010-05-25 04:21 -------- d-----w- c:\documents and settings\Xrrak\Local Settings\Application Data\CAPCOM
2010-05-25 03:46 . 2010-05-25 03:46 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-25 03:46 . 2010-05-25 03:46 -------- d-----w- c:\windows\system32\xlive
2010-05-21 06:12 . 2010-05-21 06:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 07:10 . 2010-05-18 07:49 -------- d-----w- c:\documents and settings\Guest
2010-05-13 06:34 . 2010-05-13 06:34 -------- d-----w- c:\documents and settings\Xrrak\Local Settings\Application Data\storage
2010-05-13 06:33 . 2010-05-13 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-05-13 06:07 . 2008-05-30 18:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-05-13 06:07 . 2008-05-30 18:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-05-13 06:07 . 2008-05-30 18:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-05-13 06:07 . 2008-03-05 20:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-05-13 06:07 . 2008-03-05 20:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-05-13 06:07 . 2008-03-05 20:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-05-13 06:07 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-05-13 06:07 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-05-13 06:07 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-05-13 05:29 . 2010-05-31 19:30 -------- d-----w- c:\documents and settings\Xrrak\Local Settings\Application Data\Deployment
2010-05-13 05:23 . 2010-05-13 05:23 -------- d-----w- c:\documents and settings\Xrrak\Local Settings\Application Data\Blizzard Entertainment
2010-05-13 04:26 . 2010-05-13 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-12 23:43 . 2010-05-12 23:43 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-12 23:37 . 2010-05-12 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-05-04 19:40 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-05-04 19:40 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-05-03 20:30 . 2010-05-03 20:30 -------- d-----w- c:\program files\iPod
2010-05-03 20:27 . 2010-05-03 20:27 -------- d-----w- c:\program files\Bonjour
2010-05-03 20:26 . 2010-05-03 20:26 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 17:18 . 2010-04-16 08:17 -------- d-----w- c:\documents and settings\Xrrak\Application Data\vlc
2010-05-31 07:27 . 2010-04-21 20:18 653208 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-31 07:02 . 2010-03-10 19:10 -------- d-----w- c:\documents and settings\Xrrak\Application Data\uTorrent
2010-05-27 08:19 . 2010-03-10 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-18 19:51 . 2010-04-21 16:01 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Roxio
2010-05-13 08:36 . 2010-03-10 11:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-04 19:40 . 2010-03-10 10:49 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Apple Computer
2010-05-04 19:40 . 2010-03-10 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-03 20:30 . 2010-03-10 10:47 -------- d-----w- c:\program files\Common Files\Apple
2010-05-03 19:03 . 2010-03-20 06:19 1 ----a-w- c:\documents and settings\Xrrak\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-22 14:01 . 2010-04-22 14:01 -------- d-----w- c:\program files\MSXML 4.0
2010-04-21 16:07 . 2010-03-10 10:36 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-21 16:04 . 2010-04-21 16:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-04-21 16:04 . 2010-04-21 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-04-21 16:03 . 2010-04-21 16:03 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Macrovision
2010-04-21 16:01 . 2010-03-10 19:12 34336 ----a-w- c:\documents and settings\Xrrak\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-21 07:11 . 2010-04-21 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-04-21 07:10 . 2010-04-21 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-04-21 07:08 . 2010-04-21 07:06 -------- d-----w- c:\program files\Roxio
2010-04-21 07:07 . 2010-04-21 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CinemaNow
2010-04-21 07:07 . 2010-04-21 07:07 -------- d-----w- c:\program files\CinemaNow
2010-04-21 07:06 . 2010-04-21 06:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-21 07:06 . 2010-04-21 07:06 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Simple Star
2010-04-21 07:06 . 2010-04-21 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoShow Shared Assets
2010-04-21 07:05 . 2010-04-21 07:05 -------- d-----w- c:\program files\SmartSound Software
2010-04-21 07:05 . 2010-03-10 11:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-21 07:04 . 2010-04-21 06:58 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-21 07:02 . 2010-04-21 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-21 06:58 . 2010-04-21 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2010-04-21 06:57 . 2010-04-21 06:57 10134 ----a-r- c:\documents and settings\Xrrak\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2010-04-21 01:21 . 2010-04-21 01:21 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Roxio Log Files
2010-04-20 23:58 . 2010-04-20 21:45 -------- d-----w- c:\program files\Common Files\Nero
2010-04-20 23:57 . 2010-04-20 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-20 22:45 . 2010-04-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2010-04-20 22:38 . 2010-04-20 22:38 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-20 21:49 . 2010-04-20 21:49 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Nero
2010-04-19 16:34 . 2010-04-19 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PrinterShare
2010-04-17 13:10 . 2010-04-17 13:10 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Leader Technologies
2010-04-17 03:01 . 2010-04-17 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-04-17 02:46 . 2010-04-17 02:46 -------- d-----w- c:\documents and settings\Xrrak\Application Data\Leadertech
2010-04-17 02:46 . 2010-04-17 02:30 -------- d-----w- c:\program files\epson
2010-04-17 02:45 . 2010-04-17 02:45 -------- d-----w- c:\program files\LTCM Client
2010-04-17 02:45 . 2010-04-17 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2010-04-17 02:44 . 2010-04-17 02:44 -------- d-----w- c:\program files\Epson Software
2010-04-17 02:31 . 2010-04-17 02:31 -------- d-----w- c:\documents and settings\Xrrak\Application Data\InstallShield
2010-04-11 10:14 . 2010-04-11 10:14 -------- d-----w- c:\program files\VideoLAN
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 10:05 . 2010-03-10 08:20 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-05 19:35 . 2010-04-05 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 19:33 . 2010-04-05 19:32 -------- d-----w- c:\program files\QuickTime
2010-04-03 08:17 . 2010-04-03 08:17 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-22 16:15 . 2010-03-22 16:15 61440 ----a-w- c:\documents and settings\Xrrak\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f2cfca9-n\decora-sse.dll
2010-03-22 16:15 . 2010-03-22 16:15 503808 ----a-w- c:\documents and settings\Xrrak\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f8cb38b-n\msvcp71.dll
2010-03-22 16:15 . 2010-03-22 16:15 499712 ----a-w- c:\documents and settings\Xrrak\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f8cb38b-n\jmc.dll
2010-03-22 16:15 . 2010-03-22 16:15 348160 ----a-w- c:\documents and settings\Xrrak\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5f8cb38b-n\msvcr71.dll
2010-03-22 16:15 . 2010-03-22 16:15 12800 ----a-w- c:\documents and settings\Xrrak\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f2cfca9-n\decora-d3d.dll
2010-03-20 05:50 . 2010-03-20 05:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-16 12:48 . 2010-03-16 12:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 12:48 . 2010-03-10 10:36 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 12:47 . 2010-03-10 10:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 10:39 . 2010-03-10 10:39 0 ----a-w- c:\windows\nsreg.dat
2010-03-10 08:18 . 2010-03-10 08:18 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"Google Update"="c:\documents and settings\Xrrak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

c:\documents and settings\Xrrak\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-5-13 0]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 12:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPointII.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk
backup=c:\windows\pss\SetPointII.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Xrrak^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\documents and settings\Xrrak\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Xrrak^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=c:\documents and settings\Xrrak\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=c:\windows\pss\Epson all-in-one Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Xrrak^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Xrrak\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Xrrak^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Xrrak\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 15:50 84464 ----a-w- f:\program files\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 05:18 494064 ----a-w- f:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX410 Series]
2008-10-01 06:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFCA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- f:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-11-11 23:04 1505144 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 14:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 16:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
2009-03-02 23:01 1583808 ----a-w- c:\program files\LTCM Client\ltcmClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 18:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 18:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 18:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 12:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"CinemaNow Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"RoxWatch12"=2 (0x2)
"RoxMediaDB12"=3 (0x3)
"9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\GAMES\\World of Warcraft\\Launcher.exe"=
"f:\\GAMES\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"f:\\GAMES\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Documents and Settings\\Xrrak\\Local Settings\\Apps\\2.0\\M07W5PMG.PWR\\2XM7ZZ24.B0M\\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25438:TCP"= 25438:TCP:pirate bay

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [4/21/2010 3:09 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [4/21/2010 3:09 AM 15856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/10/2010 6:36 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/10/2010 6:36 AM 242896]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [4/21/2010 3:09 AM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/16/2010 8:47 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 8:48 AM 308064]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/10/2010 7:51 AM 10384]
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200]
S4 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 5:40 PM 127352]
S4 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-413027322-682003330-1003Core.job
- c:\documents and settings\Xrrak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-27 18:53]

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-413027322-682003330-1003UA.job
- c:\documents and settings\Xrrak\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-27 18:53]

2010-05-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-03-12 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
FF - ProfilePath - c:\documents and settings\Xrrak\Application Data\Mozilla\Firefox\Profiles\zrsvkhy3.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/Login|http://www.comcast.net/|http://sz0138.wc.mail.comcast.net/zimbra/mail#3|http://www.google.com/
FF - plugin: c:\documents and settings\Xrrak\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-PrinterShare - d:\program files\PrinterShare\paConsole.exe
MSConfigStartUp-WinampAgent - d:\program files\Winamp\winampa.exe
AddRemove-Driver Genius Professional Edition_is1 - d:\program files\Driver-Soft\DriverGenius\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 15:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-31 15:59:32
ComboFix-quarantined-files.txt 2010-05-31 19:59

Pre-Run: 2,907,480,064 bytes free
Post-Run: 3,218,841,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EADE49D17B389B71A1429554C61C5BF5


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:35 PM

Posted 31 May 2010 - 03:41 PM

hi,

thanks for the info. Please check malwarebytes for updates then do a scan with it and post the log:

click the MBAM icon on your desktop. Once the program has loaded, click the Update tab, then check for updates. Select Scanner tab, Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click **Remove Selected.**

**A restart of your computer most likely will be required to remove some items. If prompted please chose yes to restart your computer.**

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

How Can I Reduce My Risk to Malware?


#5 xrrak

xrrak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 01 June 2010 - 02:03 AM

Thanks here's the Malwarebytes log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4160

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/1/2010 2:36:17 AM
mbam-log-2010-06-01 (02-36-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 162385
Time elapsed: 24 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:35 PM

Posted 01 June 2010 - 03:28 PM

ok. good. re-directs gone? One more download to get. Link and directions:


Please download: RootRepeal

http://ad13.geekstogo.com/RootRepeal.exe

Click the icon on your desktop to start.
Click on the Report tab at the bottom of the window
Next, Click on the Scan button
In the Select Scan Window check everything:

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click the OK button
In the next dialog window select all the drives that are listed
Click OK to start the scan

May take some time to complete.
When done click the Save Report button.
Save the report to your desktop
To Exit RootRepeal: click File>Exit
Post the report in your reply

How Can I Reduce My Risk to Malware?


#7 xrrak

xrrak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 01 June 2010 - 09:56 PM

I have tested google search a few times so far and have not had it redirect so far. Heres the next requested log.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/06/01 22:42
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4E7F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A07000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3F12000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\CurseClient.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\CurseClient.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.ClientService.Models.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.ClientService.Models.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.AddOns.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.AddOns.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.MurmurHash.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.MurmurHash.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\CurseClient.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\CurseClient.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Enumerations.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Enumerations.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\ICSharpCode.SharpZipLib.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\ICSharpCode.SharpZipLib.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Interop.NetFwTypeLib.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Interop.NetFwTypeLib.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Win32Interop.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Win32Interop.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\WPF.Themes.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\WPF.Themes.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Xceed.Wpf.DataGrid.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Xceed.Wpf.DataGrid.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Xceed.Wpf.Controls.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Xceed.Wpf.Controls.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\zlib.net.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\zlib.net.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Common.XmlSerializers.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Common.XmlSerializers.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.DownloadSecurity.Tokens.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.DownloadSecurity.Tokens.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Common.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Common.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Controls.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Controls.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\M07W5PMG.PWR\2XM7ZZ24.B0M\manifests\Curse.CurseClient.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\CurseClient.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\CurseClient.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.ClientService.Models.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.ClientService.Models.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.AddOns.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.AddOns.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.MurmurHash.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.MurmurHash.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\CurseClient.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\CurseClient.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Enumerations.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Enumerations.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\ICSharpCode.SharpZipLib.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\ICSharpCode.SharpZipLib.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Interop.NetFwTypeLib.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Interop.NetFwTypeLib.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Win32Interop.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Win32Interop.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\WPF.Themes.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\WPF.Themes.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Xceed.Wpf.DataGrid.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Xceed.Wpf.DataGrid.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Xceed.Wpf.Controls.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Xceed.Wpf.Controls.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\zlib.net.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\zlib.net.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Common.XmlSerializers.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Common.XmlSerializers.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.DownloadSecurity.Tokens.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.DownloadSecurity.Tokens.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Common.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Common.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Controls.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Controls.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Xrrak\Local Settings\Apps\2.0\W8P832T2.T69\ORHZGP6Y.0B6\manifests\Curse.CurseClient.Localization.cdf-ms
Status: Locked to the Windows API!

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xb5103620

==EOF==

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:35 PM

Posted 02 June 2010 - 04:32 PM

ok thanks for the info. Looks ok. You can get a utility that will remove Combofix for you. You can also delete the Gmer and Rootrepeal icons form the desktop. Keep Malwarebytes and note that it must be updated manually and a scan started manually.

Please download OTCleanIt and save it to desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


If all is good on your end, some tips to help you remain malware free:

10 Tips for Reducing/Preventing Your Risk To Malware:

In no special order

1) It is essential to keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. There is no reason why your computer can not stay malware free.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Or see a slideshow on how to configure IE 8.0.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users