Suspicious processes running in Task Manager.

Did some research. SSDMonitor is junk file left behind by Registry Mechanic.

Hello again. Facebook install is a TR/Spy.GEN2. Just read that it steals information.

XpUser4Real February 17, 2012 at 07:49:33

IMO, I would DUMP Avira and install Avast Free....MUCH better protection, and get Avast to do a bootscan on reboot. http://filehippo.com/download_avast... Also run a quickscan using Malwarebytes and fix all it finds http://filehippo.com/download_avast... Some HELP in posting on Computing.net plus free progs and instructions 7 Medals

OK, will try.

Ummm, It seems I am getting redirected to spam websites.

XpUser4Real February 17, 2012 at 08:35:42

use these free progs in EXACTLY the order listed 1- rkill.exe http://www.bleepingcomputer.com/dow... 2- tdss killer http://support.kaspersky.com/faq/?q... 3- malwarebytes run a full scan and fix all it finds and then reboot Some HELP in posting on Computing.net plus free progs and instructions 7 Medals

Can I run them in safe mode or not?

XpUser4Real February 17, 2012 at 09:06:59

yes, that or normal mode Some HELP in posting on Computing.net plus free progs and instructions 7 Medals

RKill Log: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 17.02.2012 at 18:06:13. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: C:\Users\ilija_iksi99\AppData\Local\Akamai\netsession_win.exe C:\Users\ilija_iksi99\AppData\Local\Akamai\netsession_win.exe C:\Users\ilija_iksi99\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ilija_iksi99\AppData\Local\Google\Chrome\Application\chrome.exe Rkill completed on 17.02.2012 at 18:06:27.

One more thing: What am I supposed to do with the TDSSKiller detections? Delete or what? Oh, and please post a link to MalwareBytes, Google getting redirected.

XpUser4Real February 17, 2012 at 09:42:26

The link is in response #3 what did tdss killer find? It removes unwanted rootkits if found Some HELP in posting on Computing.net plus free progs and instructions 7 Medals

I didn't run it yet. Can give me the link to Malwarebytes? I'm getting redirected.

XpUser4Real February 17, 2012 at 10:03:41

http://filehippo.com/download_avast... I told you it was in response #3...TWICE.....hmmmm Why didn't you follow response #6? Some HELP in posting on Computing.net plus free progs and instructions 7 Medals

Sry, running it now...

TDSS Killer found nothing. What now?

mikelinus February 17, 2012 at 10:34:15

Keep moving on and run malwarebytes. TDSSKiller may not find anything. It searches for a particular series of rootkits. mike

XpUser4Real February 17, 2012 at 12:52:53

yes, like I said in my responses...RUN all 3 utilities in the EXACT order Some HELP in posting on Computing.net plus free progs and instructions 7 Medals

Heres the Malwarebytes log. NOTE: It says no action taken, but that's because I saved the log before deleting the malware. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.17.05 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 ilija_iksi99 :: LAPTOP [administrator] 17.2.2012 19:43:46 mbam-log-2012-02-17 (21-54-33).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 788955 Time elapsed: 2 hour(s), 5 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Users\Mamica\AppData\Local\Temp\msitcm.cpl (Rootkit.MBR) -> No action taken. C:\Users\Public\Downloads\WinZumaSetup.exe (Adware.TryMedia) -> No action taken. D:\$RECYCLE.BIN\S-1-5-21-2460506696-2778253166-2730111924-1001\$R8ECX1Q.exe (Adware.MyWebSearch) -> No action taken. D:\Downloads\Windows 7 Activator\win7\win-egydown.exe (Riskware.Tool.CK) -> No action taken. D:\Šerovanje\Terraria.v1.0.4.cracked-THETA\Terraria.v1.0.4.cracked-THETA\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken. D:\Šerovanje\Terraria.v1.0.4.cracked-THETA\Terraria.v1.0.4.cracked-THETA\t-terra5\NFOviewer.exe (Malware.Packer.Krunchy) -> No action taken. (end)

Guess what? My brother just told me that he browsed the web this morning with Avira Virus Guard off. I'm furious! At least I know how I got this rootkit it mentions. The other viruses are months old. I had no idea those were viruses, though. Used them for so long. So, am I clean or not? That's it for today! Hear from you tommorow. Don't know about you guys, but here in Serbia it's half past 10 in the evening!

Still infected! What do I do now?!?

mikelinus February 18, 2012 at 05:38:59

Its really wierd, I would have thought that between rkill and tdss, the kit would have been shut down. Slide over to safe mode, Clear your Hosts file, check your proxy, then try running the three programs again. IF you dont mind, repost the rkill and the malwarebytes logs. mike

OK, will do later. I wasn't able to post MalwareBytes log because I forgot to turn off Avira and it dleted the detections before MB. As far as I remember, those were identified as exploits.

Sorry, no infection. Turns out that Avira found a file MalwareBytes didn't pay attention to. I'm clean because no more redirections, too. It's because I configured Avira to protect me not only from viruses, but other nuisances like jokes and adware.

mikelinus February 19, 2012 at 08:11:54

thank you for returning to let us know. hopefully thats the last of that. mike