Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

I am infected with CDFS


  • This topic is locked This topic is locked
9 replies to this topic

#1 Guest_f6e9a_*

Guest_f6e9a_*

  • Guests
  • OFFLINE
  •  

Posted 24 February 2011 - 09:56 PM

hello,

i am new here i read the pre instructions.
cd emulator is off
ddr stoped running halfway through the scan and stayed like that for 3 hours then froze
i ran gmer and found something called cdfs Attached File  gmer.log   1.03KB   5 downloads
i dont know what it is but i have been redirected like 40 times i did try the tdss thing but it didnt do anything.
i hope u can help me

thanks in advance,
f6e9a

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland

Posted 03 March 2011 - 05:48 AM

Hi,
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Guest_f6e9a_*

Guest_f6e9a_*

  • Guests
  • OFFLINE
  •  

Posted 05 March 2011 - 06:30 PM

thanks for replying blade

i want to let you know i removed the redirecting by reseting my router and i found Win32/Adware.Virtumonde.NHD application.

i will still run the otl scan right after this post.

#4 Guest_f6e9a_*

Guest_f6e9a_*

  • Guests
  • OFFLINE
  •  

Posted 05 March 2011 - 06:40 PM

OTL logfile created on: 3/5/2011 5:31:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 59.00% Memory free
625.00 Mb Paging File | 483.00 Mb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 8.49 Gb Free Space | 45.56% Space Free | Partition Type: NTFS

Computer Name: USAF-RUFELZ7HLJ | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gupdate) Google Update Service (gupdate) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)


========== Driver Services (SafeList) ==========

DRV - (EuDisk) -- C:\WINDOWS\system32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (wlanCIG) -- C:\WINDOWS\system32\drivers\wlanCIG.sys ( )
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/27 20:02:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/27 20:02:16 | 000,000,000 | ---D | M]

[2011/02/27 20:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Mozilla\Extensions
[2011/01/07 21:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011/03/04 19:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Mozilla\Firefox\Profiles\is1tz9oa.default\extensions
[2011/02/27 20:13:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Mozilla\Firefox\Profiles\is1tz9oa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/27 20:04:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Mozilla\Firefox\Profiles\is1tz9oa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/04 19:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 10:25:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/13 10:25:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/26 12:35:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/02 19:28:05 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 17:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
[2011/03/05 14:50:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/04 19:25:02 | 000,000,000 | --SD | C] -- C:\logger
[2011/03/01 17:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011/03/01 17:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SpywareBlaster
[2011/03/01 17:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/02/27 20:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox
[2011/02/27 19:57:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Recent
[2011/02/27 19:57:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/27 16:11:36 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/27 16:10:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/27 16:10:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/27 16:10:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/27 15:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/27 15:52:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\PrivacIE
[2011/02/27 15:49:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\IETldCache
[2011/02/27 15:36:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/02/27 15:32:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/02/27 15:29:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/02/27 15:26:01 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/02/27 15:26:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/02/27 15:25:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/02/27 15:25:46 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/02/27 15:25:13 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/02/26 12:35:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/26 12:28:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/26 12:28:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/26 12:28:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/26 12:28:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/26 12:28:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/26 12:04:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/26 11:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/26 11:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Start Menu\Programs\HiJackThis
[2011/02/26 11:44:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2011/02/23 20:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/02/22 21:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SafeReturner
[2011/02/19 16:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Malwarebytes
[2011/02/19 16:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/19 16:22:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/19 16:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/02/19 16:22:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/19 16:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/19 11:44:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/02/18 13:42:22 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/18 13:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Local Settings\Application Data\Sunbelt Software
[2011/02/18 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2011/02/09 17:26:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/06 19:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Apple Computer
[2011/02/06 19:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2011/02/06 19:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Local Settings\Application Data\Apple
[2011/02/04 15:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\My Documents\Books
[2010/12/14 16:10:22 | 000,675,840 | ---- | C] (SmileyCentral) -- C:\Program Files\Uninstall SmileyCentral.dll
[2009/03/20 23:07:35 | 000,390,752 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\wlanCIG.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/05 17:07:05 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/03/04 19:33:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/04 16:06:42 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Desktop\HiJackThis.lnk
[2011/03/02 17:17:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/01 17:15:42 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Desktop\SpywareBlaster.lnk
[2011/03/01 17:00:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/27 20:02:21 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 20:02:21 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/02/27 15:58:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/27 15:58:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/27 15:58:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/27 15:58:26 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/02/27 15:58:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/02/26 12:35:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/24 18:19:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\defogger_reenable
[2011/02/22 22:12:10 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/02/18 13:42:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/10 18:26:57 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 17:26:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/04 18:14:55 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Local Settings\Application Data\Media Holder.xml
[2011/02/04 15:42:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/04 15:42:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 17:07:05 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk
[2011/03/01 17:15:42 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Desktop\SpywareBlaster.lnk
[2011/03/01 16:57:41 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/27 20:02:21 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 20:02:21 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2011/02/26 12:28:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/26 12:28:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/26 12:28:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/26 12:28:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/26 12:28:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/26 11:47:14 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Desktop\HiJackThis.lnk
[2011/02/24 18:19:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\defogger_reenable
[2011/02/22 22:11:31 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/02/04 16:03:38 | 000,002,334 | ---- | C] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Local Settings\Application Data\Media Holder.xml
[2011/02/04 15:42:00 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/04 15:42:00 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/09 21:10:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2010/01/18 11:42:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/18 11:40:40 | 000,134,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/06 10:35:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/06 09:32:45 | 000,000,012 | ---- | C] () -- C:\WINDOWS\EZMediaBox2.ini
[2009/08/30 09:36:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\EZVMail3.ini
[2009/08/15 17:54:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/08/06 23:05:46 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/06 22:56:10 | 000,000,012 | ---- | C] () -- C:\WINDOWS\EZLiveMonitor2.0.ini
[2009/08/06 22:54:35 | 000,011,170 | R--- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2009/08/05 18:40:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/16 22:32:12 | 000,000,074 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/04/14 21:32:43 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/14 21:32:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/04/05 21:14:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/30 21:56:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/20 21:08:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 20:59:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/30 14:51:09 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/08/29 03:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 06:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 06:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

Edited by f6e9a, 05 March 2011 - 06:44 PM.


#5 Guest_f6e9a_*

Guest_f6e9a_*

  • Guests
  • OFFLINE
  •  

Posted 05 March 2011 - 06:44 PM

OTL Extras logfile created on: 3/5/2011 5:31:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Administrator.USAF-RUFELZ7HLJ\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 59.00% Memory free
625.00 Mb Paging File | 483.00 Mb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 8.49 Gb Free Space | 45.56% Space Free | Partition Type: NTFS

Computer Name: USAF-RUFELZ7HLJ | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.scr [@ = scrfile] -- "%1" /S

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Revo Uninstaller" = Revo Uninstaller 1.91
"SpywareBlaster_is1" = SpywareBlaster 4.4
"VLC media player" = VLC media player 1.1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2011 6:06:20 PM | Computer Name = USAF-RUFELZ7HLJ | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/4/2011 6:06:20 PM | Computer Name = USAF-RUFELZ7HLJ | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 3/4/2011 6:11:04 PM | Computer Name = USAF-RUFELZ7HLJ | Source = Application Hang | ID = 1002
Description = Hanging application HiJackThis.exe, version 2.0.0.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2011 9:23:27 PM | Computer Name = USAF-RUFELZ7HLJ | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/4/2011 9:23:27 PM | Computer Name = USAF-RUFELZ7HLJ | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 3/4/2011 9:33:31 PM | Computer Name = USAF-RUFELZ7HLJ | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/4/2011 9:33:31 PM | Computer Name = USAF-RUFELZ7HLJ | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 3/4/2011 9:24:05 PM | Computer Name = USAF-RUFELZ7HLJ | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058

Error - 3/4/2011 9:33:29 PM | Computer Name = USAF-RUFELZ7HLJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/4/2011 9:33:31 PM | Computer Name = USAF-RUFELZ7HLJ | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/4/2011 9:33:38 PM | Computer Name = USAF-RUFELZ7HLJ | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1058

Error - 3/5/2011 4:40:18 PM | Computer Name = USAF-RUFELZ7HLJ | Source = wlanCIG | ID = 262187
Description =

Error - 3/5/2011 4:40:18 PM | Computer Name = USAF-RUFELZ7HLJ | Source = PSched | ID = 14103
Description = QoS [Adapter {6E51DC3E-0738-476B-B20B-98561190F199}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/5/2011 4:40:18 PM | Computer Name = USAF-RUFELZ7HLJ | Source = PSched | ID = 14103
Description = QoS [Adapter {6E51DC3E-0738-476B-B20B-98561190F199}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/5/2011 6:19:49 PM | Computer Name = USAF-RUFELZ7HLJ | Source = wlanCIG | ID = 262187
Description =

Error - 3/5/2011 6:19:49 PM | Computer Name = USAF-RUFELZ7HLJ | Source = PSched | ID = 14103
Description = QoS [Adapter {6E51DC3E-0738-476B-B20B-98561190F199}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/5/2011 6:19:49 PM | Computer Name = USAF-RUFELZ7HLJ | Source = PSched | ID = 14103
Description = QoS [Adapter {6E51DC3E-0738-476B-B20B-98561190F199}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.


< End of report >

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:36 PM

Posted 06 March 2011 - 03:53 AM

Hi,

Delete C:\Program Files\Uninstall SmileyCentral.dll file. No other issues left?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Guest_f6e9a_*

Guest_f6e9a_*

  • Guests
  • OFFLINE
  •  

Posted 06 March 2011 - 11:34 AM

thanks for your help,

i deleted it, but i still think there might be something in my computer because ddr froze my computer, and combofix did too. other than that i have no problems

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland

Posted 06 March 2011 - 12:16 PM

Hi,

That happens with some systems no matter if clean or not. If there're no other issues than freezing with dds/combofix I'd say there's no need to worry.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


  • Double-click OTL.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button (at the lower left hand corner of your screen)
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok
  • Download and run Secunia Personal Software Inspector (PSI) and fix its findings.
  • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
    Antivir
    Avast!
    Good commercial ones are from:
    Kaspersky and
    ESET
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Guest_f6e9a_*

Guest_f6e9a_*

  • Guests
  • OFFLINE
  •  

Posted 06 March 2011 - 01:52 PM

thanks blade,

everything is good, just to let u know i dont use ie i use firefox.
i followed all the instructions and everything is okay.
am i supposed to delete this thread or close it?


thanks again,

f6e9a

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland

Posted 06 March 2011 - 02:30 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users