Unsolved
This post is more than 5 years old
8 Posts
0
3627
August 11th, 2010 01:00
Google redirects / Cannot perform Windows Update: 80072efe / Host Process shut down
HI, thanks so much for your help. I am a Windows Vista user with Bit Defender anti-virus and regularly update and run Malwarebytes. I noticed a new error message from windows about the Host Process being shut down, the Problems and Solutions window informed me to perform a Windows Update. I was unable to run Windows Update and received the error code: 80072efe. Also around this time I noticed whenever I would do a Google search my results would show up fine but sometimes (not always) when I click on the link it redirects me to an alternate website. I immediately updated Malwarebytes and Bit Defender and ran both programs. Neither reported any findings. I also downloaded and used Unhackme. It found something but told me I had to buy one of their programs to remove it. I was discouraged and shut down the program however I now wish had jotted down the name of what was found before getting mad as it may have been legit. Thank you again for your help and here is my Hijackthis log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:18 AM, on 8/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 6537 bytes
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
August 11th, 2010 15:00
Hi MGbad,
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE
Please proceed as follows :-
Step 1
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Combofix
Don`t forget Combofix must be saved to your desktop. <--Very important
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important
Please include the C:\ComboFix.txt in your next reply for further review.
Examples of how to disable realtime protection available at the following link :-
Disable realtime protection
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
Step 2
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Let me see the logs from Combofix and Security Checks in your reply...
Kevin
MGBad
8 Posts
0
August 11th, 2010 17:00
I have completed my tasks. Something I forgot to say in my first post is I also have undesired changes in my display which I understand may be part of the redirect virus. Here is my Security Check log:
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
BitDefender Internet Security 2008
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 8.1.0
Chinese Traditional Fonts Support For Adobe Reader 8
Mozilla Firefox (3.5.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Common Files BitDefender BitDefender Communicator xcommsvr.exe
Common Files BitDefender BitDefender Update Service livesrv.exe
BitDefender BitDefender 2008 vsserv.exe
BitDefender BitDefender 2008 bdagent.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)
``````````End of Log````````````
And here is my Combofix log:
ComboFix 10-08-11.04 - Chris 08/11/2010 16:58:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2040 [GMT -5:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.
2010-08-08 02:45 . 2010-08-08 02:45 -------- d-----w- c:\program files\Samsung
2010-08-07 17:18 . 2010-08-07 17:18 2 --shatr- c:\windows\winstart.bat
2010-08-07 17:17 . 2010-08-07 17:29 -------- d-----w- c:\program files\UnHackMe
2010-08-05 20:52 . 2010-08-05 20:52 -------- d-----w- c:\program files\Trend Micro
2010-08-04 02:07 . 2010-08-05 16:44 -------- d-----w- c:\users\Chris\AppData\Local\wfgoebfoj
2010-07-30 04:05 . 2010-07-30 04:05 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 21:58 . 2009-03-29 02:49 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-11 17:26 . 2009-03-29 02:45 5972 ----a-w- c:\users\Chris\AppData\Local\d3d9caps.dat
2010-08-08 02:45 . 2009-03-28 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 21:28 . 2009-04-10 03:06 -------- d-----w- c:\program files\Moyea
2010-08-05 21:22 . 2010-02-06 17:04 -------- d-----w- c:\program files\CCleaner
2010-08-02 07:02 . 2009-08-06 06:41 3644 ----a-w- c:\users\Chris\AppData\Roaming\wklnhst.dat
2010-07-25 06:55 . 2009-10-16 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 17:07 . 2009-03-31 21:29 -------- d-----w- c:\programdata\dl_cats
2010-07-14 15:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 15:54 . 2010-06-30 15:54 -------- d-----w- c:\program files\Microsoft.NET
2010-05-26 17:06 . 2010-06-11 03:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 03:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-10 06:23 . 2010-01-10 06:23 952 --sha-w- c:\windows\System32\KGyGaAvL.sys
2009-03-26 16:29 . 2009-03-26 16:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-05 368640]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-03-20 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-20 16624]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-28 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):aa,56,c7,1f,ee,4d,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2317450895-358879591-3431765280-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k2wjhvne.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 17:07
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-11 17:10:11
ComboFix-quarantined-files.txt 2010-08-11 22:10
Pre-Run: 169,449,914,368 bytes free
Post-Run: 168,878,723,072 bytes free
- - End Of File - - AB262B4DDBE820932FCC3D34905258DA
MGBad
8 Posts
0
August 11th, 2010 18:00
Since I ran Combofix I have ran Google many times and received no redirects! Also no Host Process issues but sometimes those take a while to show up. I have not attempted a Windows Update. I'd rather wait for your feedback first. Thank you so much again.
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
August 12th, 2010 01:00
Yep, leave windows updates until we get you confirmed clean, we should know from the Kaspersky online scan log
Please proceed as follows :-
Step 1
Lets update Java before we go any further. Select > Start > Control Panel > Programs. You should see the Java icon (looks like coffee cup) Select it > select "update tab" and follow the prompts, this will also remove the old version.
Step 2
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <-- Very important
3. Open notepad and copy/paste the text inbetween the dotted lines below into it:
----------------------------------------------------------------------------------------------------------------
KillAll::
Folder::
c:\users\Chris\AppData\Local\wfgoebfoj
File::
c:\windows\system32\bdod.bin
c:\users\Chris\AppData\Roaming\wklnhst.dat
c:\windows\System32\KGyGaAvL.sys
----------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 3
Run an online virus scan with Kaspersky from HERE. This scan is very thorough and may take several hours to run, please allow it to complete.
1. At the main page. Press on " Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well.
The following animation may help.
Kaspersky Gif
Let me see the logs from Combofix and Kaspersky in your reply please.
Also how is your system responding, any specific issues?
Kevin
MGBad
8 Posts
0
August 12th, 2010 22:00
Here's the Combofix log. Will do the other soon:
ComboFix 10-08-12.02 - Chris 08/12/2010 23:01:51.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2029 [GMT -5:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Chris\AppData\Roaming\wklnhst.dat"
"c:\windows\system32\bdod.bin"
"c:\windows\System32\KGyGaAvL.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bdod.bin
.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.
2010-08-13 04:06 . 2010-08-13 04:07 -------- d-----w- c:\users\Chris\AppData\Local\temp
2010-08-13 04:06 . 2010-08-13 04:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-13 04:06 . 2010-08-13 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-13 03:59 . 2010-08-13 03:59 -------- d-----w- C:\32788R22FWJFW
2010-08-13 03:07 . 2010-08-13 03:08 22215 ----a-w- C:\BdUninstallTool2010.08.12-10.07.33.reg
2010-08-13 00:49 . 2010-08-13 00:49 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 00:49 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 23:55 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 23:55 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 23:55 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 23:55 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 23:55 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 23:55 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 23:54 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 23:54 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 23:50 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 23:50 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 23:50 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 23:50 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-08 02:45 . 2010-08-08 02:45 -------- d-----w- c:\program files\Samsung
2010-08-07 17:18 . 2010-08-07 17:18 2 --shatr- c:\windows\winstart.bat
2010-08-07 17:17 . 2010-08-07 17:29 -------- d-----w- c:\program files\UnHackMe
2010-08-05 20:52 . 2010-08-05 20:52 -------- d-----w- c:\program files\Trend Micro
2010-07-30 04:05 . 2010-07-30 04:05 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 03:36 . 2009-03-28 21:36 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 03:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-13 02:09 . 2009-03-29 02:45 5972 ----a-w- c:\users\Chris\AppData\Local\d3d9caps.dat
2010-08-13 00:48 . 2009-03-28 21:28 -------- d-----w- c:\program files\Java
2010-08-08 02:45 . 2009-03-28 21:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 21:28 . 2009-04-10 03:06 -------- d-----w- c:\program files\Moyea
2010-08-05 21:22 . 2010-02-06 17:04 -------- d-----w- c:\program files\CCleaner
2010-07-25 06:55 . 2009-10-16 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 17:07 . 2009-03-31 21:29 -------- d-----w- c:\programdata\dl_cats
2010-06-30 15:54 . 2010-06-30 15:54 -------- d-----w- c:\program files\Microsoft.NET
2010-05-26 17:06 . 2010-06-11 03:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 03:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-03-26 16:29 . 2009-03-26 16:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-03-20 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-20 16624]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-28 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):aa,56,c7,1f,ee,4d,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2317450895-358879591-3431765280-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k2wjhvne.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 23:07
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Dell V305\dldtMsdMon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-12 23:14:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-13 04:14
ComboFix2.txt 2010-08-13 03:29
ComboFix3.txt 2010-08-11 22:10
Pre-Run: 167,323,582,464 bytes free
Post-Run: 168,124,698,624 bytes free
- - End Of File - - 877414920D4D50B26E7B4ED0CE807E40
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
August 13th, 2010 12:00
Did you take the time to read my opening reply to you?
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
If you did I suppose you just chose to ignore it, where did Norton find the infection, was it here: "Qoobox"
Post the Kaspersky log if you have time
MGBad
8 Posts
0
August 13th, 2010 12:00
I have removed BitDefender and put on Norton. They found Backdoor.Tidserv!inf and suggest the following:
I will also run Kaspersky before I do anything.
MGBad
8 Posts
0
August 14th, 2010 12:00
Looks like Kaspersky found the same thing. And, sure enough, qoobox:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 14, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 14, 2010 03:16:25
Records in database: 4132424
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 160459
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:58:16
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\pci.sys.vir Infected: Virus.Win32.TDSS.b 1
Selected area has been scanned.
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
August 14th, 2010 13:00
Qoobox is where Combofix quarantines any infected files etc, this will be dealt with during the normal cleanup procedure. Proceed as follows :-
Step 1
Remove Combofix now that we're done with it
Step 2
Step 3
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Go to Start > Control Panel, double-click on Uninstall a Program and remove all older versions of Java.
If using Windows Vista or Windows 7 and the installer refuses to launch due to insufficient user permissions, then Right Click and Run As Administrator.
If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.
Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it:
Step 4
Download and scan with CCleaner
1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
In the Applications Tab:
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Step 5
Try windows updates now, you should also turn on UAC user access control. I see Internet Explorer and Firefox are both outdated, I recommend that you update them at your earliest convenience.
Let me know how your system is responding and if you have any issues.
Kevin.
MGBad
8 Posts
0
August 14th, 2010 15:00
Heya Kevin,
System has worked great since running Combofix! Thanks for your help so far. I saw this is the second time you noticed my Java was out of date. The first time you told me to update it I thought I had, perhaps I went to the wrong place? Or is it a problem with Java on my computer? I followed your steps for updating Java and once I clicked on agreeing to the license agreement and continued I received the following error message: Your download transaction cannot be approved. Contact Customer Service. Any ideas? Luckily I already have CCleaner on my computer. I will update it and run it as you specified once I can figure out this Java thing.
Thanks
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
August 14th, 2010 17:00
Yep you`re correct we`d already done the Java update, my mistake. Have a look in Uninstall a Program list from the Control Panel, you will see Java listed there. It should be version 6 update 21. If there are any others present; uninstall them. That`s probably why you got the error.
Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.
Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
Make proper use of your antivirus and firewall
Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.
You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.
You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.
Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
Firefox,
Opera, and
Chrome.
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.
These browser add-ons will help to make your browser safer:
Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:
Available for Firefox and Internet Explorer.
Green to go,
Yellow for caution, and
Red to stop.
Grey for unknown
Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.
These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.
Here a couple of links by two security experts that will give some excellent tips and advice.
So how did I get infected in the first place by Tony Klein
How to prevent Malware by Miekiemoes
Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.
Please reply so I know you have read this, its been a pleasure to work you.
Take care,
Kevin
MGBad
8 Posts
0
August 14th, 2010 21:00
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
August 15th, 2010 01:00
Since this issue appears to be resolved the topic has been closed. Glad we could help.:emotion-21:
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.
Garth.Bale
6 Posts
0
October 19th, 2010 17:00
Could you give more details? It has been solved, but why's that?
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
October 19th, 2010 19:00
I`m not sure what exactly you want to know. The TDL infection or TIDSERV as was identified by Norton had already been quarantined. So Norton found nothing new. That is why we tell you guys not to run scans on your own when we have started helping. It really does confuse things.
Does that answer your question?
kevinf80