Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Cannot go online - please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Cannot go online - please help

Unread postby jason77063 » March 27th, 2009, 10:44 pm

I think I infected my computer by downloading some malware.

I didnt have any protection on my computer earlier, then I downloaded pc tools, win patrol, spybot and avg.

Running these programs gave me a list of viruses and malware which I removed.

Now I cannot go online anymore. I am connecting to the internet via a wired router, but keep getting cannot find server error.

My other computer can connect fine using the same router.

Please Help.

Here is the log from highjackthis

----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:12 PM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6133336097
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 7690 bytes
--------------------------------------------------------------------------------------------

Thank You
jason77063
Active Member
 
Posts: 3
Joined: March 27th, 2009, 10:27 pm
Top
Advertisement
Register to Remove

Re: Cannot go online - please help

Unread postby jmw3 » April 4th, 2009, 3:44 pm

Hello & Welcome to Malware Removal
Apologies for the delay. As you can appreciate the forums are quite busy.
Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the Post A Reply page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Thanks

Disable Spybot's TeaTimer 1.5 & 1.6
  • If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol)
  • Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless
  • Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy
  • Click on Mode > Advanced Mode. When it prompts you, click Yes
  • On the left hand side, click on Tools
  • Check this box if it is not yet ticked: Resident
  • You will notice that Resident is now added under Tools. Click on Resident
  • Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active
  • Exit Spybot Search & Destroy
  • Restart your computer for the changes to take effect
If you still have no Internet Connection you will need to transfer programs to the infected computer via a Flash Drive or some other removable media.

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after a log will appear
  • Click Yes at the next prompt, another log named attach.txt will appear
  • A window will open instructing you to post both logs. Copy the contents of both logs & post in your next reply
Gmer
Download gmer.zip from Gmer here & save it to your desktop.
  • Right click on gmer.zip, select Extract All... & extract the contents to your desktop
  • Double click the Gmer.exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

To post in next reply:
DDS log
Contents of Attach.txt
Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Cannot go online - please help

Unread postby jason77063 » April 5th, 2009, 11:26 am

Thanks a lot for your help.

I disabled tea timer, but still cannot connect to internet.

Here are the 3 files after running dds and gmer

DDS
-----------------------------------------------------------------------------------------------------------
DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 21:55:01.37 on Sat 04/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.137 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 6133336097
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\pjntdccy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-26 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-26 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-26 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-26 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-3-26 159600]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-26 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-3-26 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-3-26 146800]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-3-26 95640]

=============== Created Last 30 ================

2009-03-27 21:32 <DIR> --d----- c:\program files\Trend Micro
2009-03-27 21:20 812,344 a------- C:\HJTInstall.exe
2009-03-26 12:45 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-26 12:40 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-26 12:40 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-03-26 12:40 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-26 12:39 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-26 12:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-26 12:39 <DIR> --d----- c:\program files\AVG
2009-03-26 12:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-26 11:53 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WinPatrol
2009-03-26 11:53 <DIR> --d----- c:\program files\BillP Studios
2009-03-26 11:45 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-26 11:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 11:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-26 11:40 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\PCToolsFirewallPlus
2009-03-26 11:30 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-26 11:30 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-26 11:30 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-26 11:29 97,408 a------- c:\windows\system32\drivers\pctfw.sys
2009-03-26 11:29 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-26 11:29 95,640 a------- c:\windows\system32\drivers\pctplfw.sys
2009-03-26 11:29 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-03-23 16:08 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-23 16:08 1,409 a------- c:\windows\QTFont.for
2009-03-21 19:56 118 a------- c:\windows\system32\MRT.INI
2009-03-21 19:51 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-21 19:48 2 ----h--- c:\windows\t55ft2808f44.dat
2009-03-19 06:57 <DIR> --d----- c:\program files\WinPcap
2009-03-19 06:41 0 a------- c:\windows\system32\nfr.gpref
2009-03-19 06:32 0 a------- c:\windows\system32\nfr.assembly
2009-03-19 06:32 1 a------- c:\windows\9g234sdfdfgjf23
2009-03-19 06:31 2 ----h--- c:\windows\t55ft2951f44.dat
2009-03-19 06:30 <DIR> --dsh--- c:\windows\system32\lowsec
2009-03-15 13:42 1,294 a------- c:\windows\checkip.dat
2009-03-09 11:35 <DIR> --d----- c:\program files\Yahoo!
2009-03-09 07:50 129,784 -------- c:\windows\system32\pxafs.dll
2009-03-09 07:50 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-09 07:50 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-09 07:49 <DIR> --d----- c:\program files\DivX
2009-03-09 07:35 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-09 07:34 <DIR> --d----- C:\9cd1c71bac501af3f5deb282ea
2009-03-09 07:34 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-09 07:34 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-09 07:34 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-09 07:34 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-09 07:34 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-09 07:34 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-09 07:34 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-09 07:21 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-03-09 07:20 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2009-03-09 07:20 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2009-03-09 07:20 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-03-09 07:20 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2009-03-09 07:19 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-09 07:19 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-03-09 07:19 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-03-09 07:19 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-09 07:19 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-09 07:19 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-09 07:19 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-09 07:18 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-03-09 07:18 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-03-09 07:18 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-09 07:17 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-03-09 07:17 203,136 -------- c:\windows\system32\dllcache\rmcast.sys

==================== Find3M ====================

2009-03-03 22:07 92,191 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-03 22:06 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-03-03 22:06 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-03-03 22:06 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-03-03 22:06 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-03-03 22:06 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-03-03 22:06 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-03-03 22:06 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-03-03 22:06 287,310 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 21:55:42.67 ===============

ATTACH
----------------------------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/2/2006 2:17:20 PM
System Uptime: 4/4/2009 9:51:31 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 166.446 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.899 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 298 GiB total, 44.713 GiB free.
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1033: 2/22/2009 1:58:46 PM - System Checkpoint
RP1034: 2/23/2009 2:11:00 PM - System Checkpoint
RP1035: 2/24/2009 2:59:00 PM - System Checkpoint
RP1036: 2/25/2009 3:59:00 PM - System Checkpoint
RP1037: 2/26/2009 5:11:00 PM - System Checkpoint
RP1038: 2/27/2009 5:47:00 PM - System Checkpoint
RP1039: 2/28/2009 5:59:00 PM - System Checkpoint
RP1040: 3/1/2009 6:25:30 PM - System Checkpoint
RP1041: 3/2/2009 7:23:00 PM - System Checkpoint
RP1042: 3/3/2009 8:37:33 PM - Software Distribution Service 3.0
RP1043: 3/4/2009 8:45:42 PM - System Checkpoint
RP1044: 3/5/2009 9:18:36 PM - System Checkpoint
RP1045: 3/7/2009 6:35:15 AM - System Checkpoint
RP1046: 3/8/2009 7:18:36 AM - System Checkpoint
RP1047: 3/9/2009 6:27:10 AM - Software Distribution Service 3.0
RP1048: 3/10/2009 6:18:46 PM - System Checkpoint
RP1049: 3/11/2009 8:42:40 PM - System Checkpoint
RP1050: 3/13/2009 4:57:40 AM - System Checkpoint
RP1051: 3/14/2009 5:30:44 AM - System Checkpoint
RP1052: 3/15/2009 7:54:41 AM - System Checkpoint
RP1053: 3/15/2009 3:07:13 PM - Removed Norton Security Center
RP1054: 3/15/2009 3:09:27 PM - Removed Sonic RecordNow Audio
RP1055: 3/15/2009 3:10:14 PM - Removed Sonic MyDVD Plus
RP1056: 3/15/2009 3:11:12 PM - Configured easy Internet sign-up
RP1057: 3/15/2009 3:12:39 PM - Removed Sonic RecordNow Data
RP1058: 3/15/2009 3:13:01 PM - Removed Sonic RecordNow Copy
RP1059: 3/15/2009 3:14:05 PM - Removed Sonic Update Manager
RP1060: 3/15/2009 3:14:31 PM - Configured PC-Doctor 5 for Windows
RP1061: 3/16/2009 4:56:21 PM - System Checkpoint
RP1062: 3/17/2009 6:20:13 PM - System Checkpoint
RP1063: 3/18/2009 7:20:15 PM - System Checkpoint
RP1064: 3/21/2009 7:52:15 PM - Software Distribution Service 3.0
RP1065: 3/26/2009 12:33:53 AM - System Checkpoint
RP1066: 3/26/2009 11:38:02 AM - Installed Java(TM) 6 Update 13
RP1067: 3/26/2009 11:42:21 AM - Installed Java(TM) 6 Update 13
RP1068: 3/26/2009 11:50:45 AM - Installed Java(TM) 6 Update 11
RP1069: 3/26/2009 12:39:42 PM - Installed AVG 8.5
RP1070: 3/27/2009 1:18:31 PM - System Checkpoint
RP1071: 3/28/2009 6:18:30 PM - System Checkpoint
RP1072: 3/30/2009 8:26:38 PM - System Checkpoint
RP1073: 4/1/2009 3:46:14 AM - System Checkpoint
RP1074: 4/2/2009 10:22:16 AM - System Checkpoint
RP1075: 4/3/2009 1:16:18 PM - System Checkpoint
RP1076: 4/4/2009 1:46:14 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AiO_Scan
AiOSoftware
AutoUpdate
AVG 8.5
BufferChm
CameraDrivers
Canon i250
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
Fax
GemMaster Mystic
H.264 Decoder
High Definition Audio Driver Package - KB888111
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
Java(TM) 6 Update 11
Java(TM) 6 Update 13
LightScribe 1.4.31.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 97, Professional Edition
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
NewCopy
Office 2003 Tour
Otto
PanoStandAlone
PC Tools Firewall Plus 5.0
PhotoGallery
PS2
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickTime
RandMap
Readme
RealPlayer
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SkinsHP1
SolutionCenter
Sonic Encoders
Sonic Express Labeler
Sonic_PrimoSDK
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.1
Status
Trader Workstation
TrayApp
Type 101
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
Windows XP Service Pack 3
WinPatrol 2009
WinRAR archiver
Yahoo! Messenger

==== End Of File ===========================

GMER
-----------------------------------------------------------------------------------------------------------------

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-05 10:18:02
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAllocateVirtualMemory [0xAA212B94]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAssignProcessToJobObject [0xAA212586]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwConnectPort [0xAA2125DA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateFile [0xAA212640]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcess [0xAA21272E]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcessEx [0xAA2127BA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateThread [0xAA21284A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDebugActiveProcess [0xAA212980]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDuplicateObject [0xAA2129D4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwLoadDriver [0xAA212A3A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenKey [0xAA212A8C]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenSection [0xAA212AE4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenThread [0xAA212B3C]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwProtectVirtualMemory [0xAA212BFA]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwRestoreKey [0xAA212C58]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwResumeThread [0xAA212CB6]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSecureConnectPort [0xAA212D74]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSetValueKey [0xAA212D08]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSuspendProcess [0xAA212DDE]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSystemDebugControl [0xAA212E30]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwTerminateProcess [0xAA212E90]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwWriteVirtualMemory [0xAA212EF4]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

------------------------------------------------------------------------------------------------------------------
jason77063
Active Member
 
Posts: 3
Joined: March 27th, 2009, 10:27 pm
Top

Re: Cannot go online - please help

Unread postby jmw3 » April 5th, 2009, 10:25 pm

Hi
Sorry to be the bearer of bad news.

Backdoor Warning
Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

To help you understand more, please take some time to read the following articles:
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I re-format and reinstall my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Cannot go online - please help

Unread postby NonSuch » April 10th, 2009, 11:23 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 552 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index