WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


trojan and virus overload

2 posters

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload2nd November 2009, 3:42 am

more_horiz
Here is the new combofix report


ComboFix 09-10-30.01 - Adam 11/01/2009 21:24.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2847 [GMT -6:00]
Running from: c:\documents and settings\Adam\desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 03:22 . 2009-11-02 03:22 -------- d-----w- C:\32788R22FWJFW
2009-11-01 22:41 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 22:41 . 2009-11-01 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 22:41 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 03:44 . 2009-11-01 03:44 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-11-01 03:41 . 2009-11-01 03:42 -------- d-----w- c:\windows\ERUNT
2009-11-01 03:25 . 2009-11-01 03:58 -------- d-----w- C:\SDFix
2009-11-01 01:53 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-01 01:53 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-10-31 16:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 16:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-29 15:23 . 2009-10-29 15:23 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-25 06:11 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 16:33 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-22 16:33 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-22 16:33 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-22 16:33 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-22 16:32 . 2009-10-22 16:33 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-22 16:32 . 2009-10-22 16:32 -------- d-----w- c:\program files\McAfee.com
2009-10-22 16:30 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-22 13:19 . 2009-10-22 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 13:19 . 2009-11-02 03:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 13:19 . 2009-10-22 13:19 -------- d-----w- c:\documents and settings\Adam\Application Data\SUPERAntiSpyware.com
2009-10-22 13:09 . 2009-10-22 13:09 -------- d-----w- c:\documents and settings\Adam\Application Data\Malwarebytes
2009-10-22 13:09 . 2009-10-22 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 01:11 . 2009-10-22 01:11 -------- d-----w- c:\program files\Common Files\eSellerate
2009-10-21 19:41 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-21 19:41 . 2009-10-21 19:41 -------- d-----w- c:\program files\Panda Security
2009-10-21 15:14 . 2009-10-21 15:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-21 13:48 . 2009-10-21 13:49 -------- d-----w- c:\program files\ATT-SST
2009-10-21 13:23 . 2009-10-21 13:29 -------- d-----w- c:\program files\ATT-PRT22-WISE
2009-10-21 12:59 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-10-21 06:16 . 2009-10-25 19:26 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-21 04:30 . 2009-10-21 04:30 271 ----a-w- c:\documents and settings\Adam\Local Settings\Application Data\pelf.vbs
2009-10-21 04:27 . 2009-10-21 04:27 271 ----a-w- c:\documents and settings\Adam\Local Settings\Application Data\hlgp.vbs
2009-10-16 15:00 . 2009-10-20 18:49 -------- d-----w- c:\windows\system32\Adobe
2009-10-08 19:57 . 2009-10-08 19:57 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2009-10-04 16:46 . 2009-10-21 18:20 -------- d-----w- c:\documents and settings\Adam\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 03:24 . 2009-02-03 22:56 -------- d-----w- c:\documents and settings\Adam\Application Data\DNA
2009-11-02 03:10 . 2007-11-08 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-02 02:04 . 2006-03-13 00:04 -------- d-----w- c:\program files\DNA
2009-11-02 02:01 . 2009-02-03 22:56 -------- d-----w- c:\documents and settings\Adam\Application Data\BitTorrent
2009-11-02 02:00 . 2008-12-08 03:48 -------- d-----w- c:\program files\WinTV
2009-10-30 19:55 . 2005-12-24 05:00 -------- d-----w- c:\program files\Dl_cats
2009-10-30 00:19 . 2005-12-16 08:29 -------- d-----w- c:\program files\McAfee
2009-10-22 16:35 . 2005-12-16 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 16:19 . 2005-12-16 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-22 14:56 . 2005-12-16 08:25 -------- d-----w- c:\program files\WildTangent
2009-10-22 14:54 . 2008-11-23 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-22 14:51 . 2005-12-27 04:53 -------- d-----w- c:\program files\EarthLink
2009-10-22 14:48 . 2008-01-29 00:52 -------- d-----w- c:\program files\Cap'n Crunch
2009-10-22 14:48 . 2005-12-16 08:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 14:04 . 2005-12-16 08:22 -------- d-----w- c:\program files\Viewpoint
2009-10-22 11:10 . 2005-12-16 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-21 15:30 . 2008-01-03 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-21 14:58 . 2009-01-12 14:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 14:39 . 2007-06-24 22:11 -------- d-----w- c:\program files\Common Files\Motive
2009-10-21 14:37 . 2007-06-24 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-10-21 14:32 . 2007-07-01 04:53 -------- d-----w- c:\documents and settings\Adam\Application Data\Motive
2009-10-21 13:00 . 2009-03-06 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-21 12:59 . 2009-01-02 21:34 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-21 06:52 . 2006-03-29 23:29 120816 -c--a-w- c:\documents and settings\Tiffany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-16 15:25 . 2009-08-27 18:12 -------- d-----w- c:\documents and settings\Adam\Application Data\dvdcss
2009-10-14 19:06 . 2008-10-12 06:16 101188 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-13 12:25 . 2005-12-27 03:01 120816 -c--a-w- c:\documents and settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 08:05 . 2008-01-03 02:18 -------- d-----w- c:\program files\Microsoft Works
2009-10-08 19:57 . 2009-10-08 19:57 611328 ----a-w- c:\windows\system32\SETD2.tmp
2009-10-08 19:57 . 2009-10-08 19:57 220160 ----a-w- c:\windows\system32\SETD0.tmp
2009-10-08 19:56 . 2009-10-08 19:56 20480 ----a-w- c:\windows\system32\SETD1.tmp
2009-09-17 19:43 . 2009-09-17 19:43 -------- d-----w- c:\documents and settings\Adam\Application Data\McAfee
2009-09-17 19:22 . 2007-12-12 03:32 -------- d-----w- c:\program files\The Weather Channel FW
2009-09-16 15:40 . 2009-01-02 21:40 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-16 15:40 . 2009-09-16 15:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 15:57 . 2005-12-16 08:12 -------- d-----w- c:\program files\Java
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2005-08-16 10:40 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-01-03 03:25 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-01-03 03:25 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-08-16 10:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-02-16 19:18 . 2009-02-16 19:18 4823040 -c----w- c:\program files\ehthumbs.db
2006-11-05 22:36 . 2006-11-05 22:36 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-05-03 21:01 . 2005-12-27 03:00 104 -csh--r- c:\windows\system32\7D6C9378DC.sys
2008-05-03 21:01 . 2005-12-27 03:00 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_16.21.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-08-17 03:06 . 2008-05-06 21:16 26488 c:\windows\system32\spupdsvc.exe
+ 2005-08-17 03:06 . 2009-03-23 15:50 26488 c:\windows\system32\spupdsvc.exe
+ 2009-08-01 16:49 . 2009-03-23 15:50 17272 c:\windows\system32\spmsg.dll
- 2009-08-01 16:49 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2005-08-16 10:18 . 2009-11-02 02:08 84444 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2009-10-21 15:32 84444 c:\windows\system32\perfc009.dat
+ 2005-12-24 04:38 . 2009-11-02 02:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-24 04:38 . 2009-10-31 13:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-24 04:38 . 2009-10-31 13:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-31 17:20 . 2009-11-02 02:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-01 03:42 . 2009-11-01 03:42 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-11-01 03:42 . 2009-11-01 03:42 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2005-08-16 10:18 . 2009-10-21 15:32 475006 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2009-11-02 02:08 475006 c:\windows\system32\perfh009.dat
+ 2009-11-01 03:42 . 2009-11-01 03:42 598016 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-11-01 03:42 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-11-01 03:42 . 2009-11-01 03:42 598016 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-11-01 03:42 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-03 342848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-13 180269]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-02 18944]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\Tiffany\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Adam\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Adam\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-10-21 73728]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-22 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-16 156784]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-24 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-16 24576]
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-5 813584]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-02-18 18:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/21/2009 1:41 PM 28552]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/22/2009 10:35 AM 203280]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [7/8/2008 6:35 PM 27904]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [7/8/2008 6:37 PM 1198720]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [7/8/2008 6:41 PM 1191552]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Medcin;Medcin;c:\program files\Medicomp Systems, Inc\Server\medcinserv --> c:\program files\Medicomp Systems, Inc\Server\medcinserv [?]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 krdpdre;krdpdre;\??\c:\docume~1\Adam\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\Adam\LOCALS~1\Temp\krdpdre.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 03:39]

2009-11-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.att.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = 127.0.0.1;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 21:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys sfsync02.sys hal.dll iastor.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

iastor.sys @ 0xB9E36000 0xD4E80 bytes

\Driver\iastor [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xB9E48B10 != 0xBA0C98B4 sfsync02.sys
\Driver\iastor IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Medcin]
"ImagePath"="c:\program files\Medicomp Systems, Inc\Server\medcinserv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-02 21:36
ComboFix-quarantined-files.txt 2009-11-02 03:36
ComboFix2.txt 2009-11-01 02:16
ComboFix3.txt 2009-10-31 16:27

Pre-Run: 80,104,730,624 bytes free
Post-Run: 80,085,897,216 bytes free

- - End Of File - - 5BD81022B8B4D9ECBDD6994CB61A301A

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload2nd November 2009, 4:14 am

more_horiz
Jotti File Submission:
  • Please go to Jotti's malware scan

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • c:\windows\system32\dllcache\oleacc.dll


  • Click on the submit button

  • Please post the results (URL) in your next reply.


==

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\SETD2.tmp
    c:\windows\system32\SETD0.tmp
    c:\windows\system32\SETD1.tmp
  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    trojan and virus overload - Page 1 2v3rg44

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Also, please tell me how your computer is running.

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload2nd November 2009, 4:57 am

more_horiz
My computer seems to be running faster and without all the redirecting. Even the activity light on my modem seems to have stabalized and i have been able to update some of my windows. I dont know how i stumbled onto this site but i sure am glad there are people in this world who still have kindness, thanks to all the people who make this site possible.

The Jotti report

Filename: oleacc.dll
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Mon 2 Nov 2009 05:19:46 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 220160 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: dfc132d3ec7900bcb21e9375a10130c8
SHA1: bd575cfd062fbb03d5c25268835be84a0d7d03e4



And the combofix report



ComboFix 09-10-30.01 - Adam 11/01/2009 22:29.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2886 [GMT -6:00]
Running from: c:\documents and settings\Adam\Desktop\commy.exe
Command switches used :: c:\documents and settings\Adam\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\SETD0.tmp"
"c:\windows\system32\SETD1.tmp"
"c:\windows\system32\SETD2.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 04:27 . 2009-11-02 04:27 -------- d-----w- C:\32788R22FWJFW
2009-11-01 22:41 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 22:41 . 2009-11-01 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-01 22:41 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 03:44 . 2009-11-01 03:44 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-11-01 03:41 . 2009-11-01 03:42 -------- d-----w- c:\windows\ERUNT
2009-11-01 03:25 . 2009-11-01 03:58 -------- d-----w- C:\SDFix
2009-11-01 01:53 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-01 01:53 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-10-31 16:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 16:01 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-10-29 15:23 . 2009-10-29 15:23 22016 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-25 06:11 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 16:33 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-22 16:33 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-22 16:33 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-22 16:33 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-22 16:32 . 2009-10-22 16:33 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-22 16:32 . 2009-10-22 16:32 -------- d-----w- c:\program files\McAfee.com
2009-10-22 16:30 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-22 13:19 . 2009-10-22 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 13:19 . 2009-11-02 04:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 13:19 . 2009-10-22 13:19 -------- d-----w- c:\documents and settings\Adam\Application Data\SUPERAntiSpyware.com
2009-10-22 13:09 . 2009-10-22 13:09 -------- d-----w- c:\documents and settings\Adam\Application Data\Malwarebytes
2009-10-22 13:09 . 2009-10-22 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 01:11 . 2009-10-22 01:11 -------- d-----w- c:\program files\Common Files\eSellerate
2009-10-21 19:41 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-21 19:41 . 2009-10-21 19:41 -------- d-----w- c:\program files\Panda Security
2009-10-21 15:14 . 2009-10-21 15:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-21 13:48 . 2009-10-21 13:49 -------- d-----w- c:\program files\ATT-SST
2009-10-21 13:23 . 2009-10-21 13:29 -------- d-----w- c:\program files\ATT-PRT22-WISE
2009-10-21 12:59 . 2009-07-20 17:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-10-21 06:16 . 2009-10-25 19:26 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-21 04:30 . 2009-10-21 04:30 271 ----a-w- c:\documents and settings\Adam\Local Settings\Application Data\pelf.vbs
2009-10-21 04:27 . 2009-10-21 04:27 271 ----a-w- c:\documents and settings\Adam\Local Settings\Application Data\hlgp.vbs
2009-10-16 15:00 . 2009-10-20 18:49 -------- d-----w- c:\windows\system32\Adobe
2009-10-08 19:57 . 2009-10-08 19:57 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2009-10-04 16:46 . 2009-10-21 18:20 -------- d-----w- c:\documents and settings\Adam\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 04:34 . 2009-02-03 22:56 -------- d-----w- c:\documents and settings\Adam\Application Data\DNA
2009-11-02 03:10 . 2007-11-08 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-02 02:04 . 2006-03-13 00:04 -------- d-----w- c:\program files\DNA
2009-11-02 02:01 . 2009-02-03 22:56 -------- d-----w- c:\documents and settings\Adam\Application Data\BitTorrent
2009-11-02 02:00 . 2008-12-08 03:48 -------- d-----w- c:\program files\WinTV
2009-10-30 19:55 . 2005-12-24 05:00 -------- d-----w- c:\program files\Dl_cats
2009-10-30 00:19 . 2005-12-16 08:29 -------- d-----w- c:\program files\McAfee
2009-10-22 16:35 . 2005-12-16 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-22 16:19 . 2005-12-16 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-22 14:56 . 2005-12-16 08:25 -------- d-----w- c:\program files\WildTangent
2009-10-22 14:54 . 2008-11-23 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-22 14:51 . 2005-12-27 04:53 -------- d-----w- c:\program files\EarthLink
2009-10-22 14:48 . 2008-01-29 00:52 -------- d-----w- c:\program files\Cap'n Crunch
2009-10-22 14:48 . 2005-12-16 08:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 14:04 . 2005-12-16 08:22 -------- d-----w- c:\program files\Viewpoint
2009-10-22 11:10 . 2005-12-16 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-21 15:30 . 2008-01-03 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-21 14:58 . 2009-01-12 14:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 14:39 . 2007-06-24 22:11 -------- d-----w- c:\program files\Common Files\Motive
2009-10-21 14:37 . 2007-06-24 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-10-21 14:32 . 2007-07-01 04:53 -------- d-----w- c:\documents and settings\Adam\Application Data\Motive
2009-10-21 13:00 . 2009-03-06 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-10-21 12:59 . 2009-01-02 21:34 -------- d-----w- c:\program files\Common Files\Logitech
2009-10-21 06:52 . 2006-03-29 23:29 120816 -c--a-w- c:\documents and settings\Tiffany\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-16 15:25 . 2009-08-27 18:12 -------- d-----w- c:\documents and settings\Adam\Application Data\dvdcss
2009-10-14 19:06 . 2008-10-12 06:16 101188 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-13 12:25 . 2005-12-27 03:01 120816 -c--a-w- c:\documents and settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 08:05 . 2008-01-03 02:18 -------- d-----w- c:\program files\Microsoft Works
2009-09-17 19:43 . 2009-09-17 19:43 -------- d-----w- c:\documents and settings\Adam\Application Data\McAfee
2009-09-17 19:22 . 2007-12-12 03:32 -------- d-----w- c:\program files\The Weather Channel FW
2009-09-16 15:40 . 2009-01-02 21:40 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-16 15:40 . 2009-09-16 15:40 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 15:57 . 2005-12-16 08:12 -------- d-----w- c:\program files\Java
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2005-08-16 10:40 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-01-03 03:25 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2008-01-03 03:25 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-08-16 10:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 04:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-02-16 19:18 . 2009-02-16 19:18 4823040 -c----w- c:\program files\ehthumbs.db
2006-11-05 22:36 . 2006-11-05 22:36 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-05-03 21:01 . 2005-12-27 03:00 104 -csh--r- c:\windows\system32\7D6C9378DC.sys
2008-05-03 21:01 . 2005-12-27 03:00 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_16.21.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-08-17 03:06 . 2008-05-06 21:16 26488 c:\windows\system32\spupdsvc.exe
+ 2005-08-17 03:06 . 2009-03-23 15:50 26488 c:\windows\system32\spupdsvc.exe
+ 2009-08-01 16:49 . 2009-03-23 15:50 17272 c:\windows\system32\spmsg.dll
- 2009-08-01 16:49 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2005-08-16 10:18 . 2009-11-02 02:08 84444 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2009-10-21 15:32 84444 c:\windows\system32\perfc009.dat
+ 2005-12-24 04:38 . 2009-11-02 02:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-24 04:38 . 2009-10-31 13:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-01 03:42 . 2009-11-01 03:42 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-11-01 03:42 . 2009-11-01 03:42 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2005-08-16 10:18 . 2009-10-21 15:32 475006 c:\windows\system32\perfh009.dat
+ 2005-08-16 10:18 . 2009-11-02 02:08 475006 c:\windows\system32\perfh009.dat
+ 2009-11-01 03:42 . 2009-11-01 03:42 598016 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-11-01 03:42 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-11-01 03:42 . 2009-11-01 03:42 598016 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-11-01 03:42 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-03 342848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-13 180269]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-02 18944]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\Tiffany\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Adam\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Adam\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-10-21 73728]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-22 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-16 156784]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-24 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-16 24576]
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-5 813584]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-02-18 18:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/21/2009 1:41 PM 28552]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/22/2009 10:35 AM 203280]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [7/8/2008 6:35 PM 27904]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [7/8/2008 6:37 PM 1198720]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [7/8/2008 6:41 PM 1191552]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Medcin;Medcin;c:\program files\Medicomp Systems, Inc\Server\medcinserv --> c:\program files\Medicomp Systems, Inc\Server\medcinserv [?]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 krdpdre;krdpdre;\??\c:\docume~1\Adam\LOCALS~1\Temp\krdpdre.sys --> c:\docume~1\Adam\LOCALS~1\Temp\krdpdre.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 03:39]

2009-11-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.att.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = 127.0.0.1;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 22:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys sfsync02.sys hal.dll iastor.sys
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

iastor.sys @ 0xB9E36000 0xD4E80 bytes

\Driver\iastor [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xB9E48B10 != 0xBA0C98B4 sfsync02.sys
\Driver\iastor IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Medcin]
"ImagePath"="c:\program files\Medicomp Systems, Inc\Server\medcinserv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
.
Completion time: 2009-11-02 22:40
ComboFix-quarantined-files.txt 2009-11-02 04:40
ComboFix2.txt 2009-11-02 03:36
ComboFix3.txt 2009-11-01 02:16
ComboFix4.txt 2009-10-31 16:27

Pre-Run: 80,052,609,024 bytes free
Post-Run: 80,031,080,448 bytes free

- - End Of File - - 2EF78595FC65B0CA62F47854298802AF

After the combofix finished running it had me upload some file.

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload2nd November 2009, 10:01 am

more_horiz
Please download the OTM.exe by OldTimer.

  • Save it to your Desktop.
  • Please double-click OTM.exe to run it.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    c:\windows\system32\dllcache\oleacc.dll


  • Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload3rd November 2009, 3:29 pm

more_horiz
Sorry it took so long to reply but here are the results


Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.0.0.6 log created on 11032009_092744

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload4th November 2009, 3:28 am

more_horiz
Please delete this file manually: c:\windows\system32\dllcache\oleacc.dll

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload4th November 2009, 5:30 am

more_horiz
It seems to have succesfully deleted. i search all my files and it showed no results. not sure if it made a difference but i deleted it using mcafee shredder with 10 passes. it just sounded better but maybe im easy to fool. Please let me know if there is anything else i should do. Again, thanks to all that make this site what it is.

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload4th November 2009, 6:27 am

more_horiz
Oh good. I was expecting it to give a little trouble deleting. Luckily you had that, otherwise Malwarebytes has a built-in FileAssassin tool that works similarly. Just need a good virus scan to make sure the malware is gone:

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload5th November 2009, 1:12 am

more_horiz
Hello again,

I tried to use the Kaspersky scanner but i keep receiving an error message that says"Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program."

I went to the Java website and installed the program from them so it should be working fine. Other than that i am at a loss about how i have an interrupted internet connection. ? Have any suggestions? Hope im just missing something. thank you

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload5th November 2009, 2:56 am

more_horiz
Try this:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload5th November 2009, 1:35 pm

more_horiz
OK that scanner worked and here are the results

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a8da0b40c7578c4f8eebe2b325b60893
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-05 06:18:04
# local_time=2009-11-05 12:18:04 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776613 100 96 0 9397925 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=129010
# found=5
# cleaned=5
# scan_time=9085
C:\Documents and Settings\Adam\Desktop\SDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\iaStor.sys.vir Win32/Olmarik.OF virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP13\A0000872.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP13\A0000873.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload5th November 2009, 4:09 pm

more_horiz
Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload5th November 2009, 5:56 pm

more_horiz
I ran the check, it said it can't find server name for adress192.168.0.1: Non-existent domain. Default servers are not available. other than that here is the log info


Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee SecurityCenter
McAfee Virtual Technician
Pathophysiology
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


Hope everything is looking better couldn't of done it without you THANK YOU

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload6th November 2009, 12:19 am

more_horiz
To remove all of the tools we used and the files and folders they created do the following:
Double click OTM.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload6th November 2009, 2:36 am

more_horiz
THANK YOU VERY MUCH for all your time and help. Your advice has been priceless, and a big learning experience for me. If i can only retain half of what you probably forgot then i will be ok. Im a man of my word, so when its possible i will donate what i can, because you guys are awesome. I plan on keeping up my registration and hopefully someday i can lend a hand to help someone. Best of all my three girls are happy that dad will let them on the computer again, thanks a million. ADAM

descriptiontrojan and virus overload - Page 1 EmptyRe: trojan and virus overload

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum