Hi.
I asked because some IP addresses are malicious but in this case i think it's ok.I have ABSOLUTELY no idea either, and i was wondering "why did you ask?"
Are you're searches still being redirected i need to know?
As to what is causes excessive downloading there is nothing in you're logs that would cause that.
Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.
Therefore once you're PC is clean it may be prudent to:
- Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
- Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)
What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
Fix HijackThis entries
Run HijackThis
- If you are on the Main Menu page... Click "Do a system scan only"
- If you are on the "scan & fix stuff" page... Press the Scan...button.
- When the scan finishes...Place a check mark next to the following entries (if they are still present)
- Note: Only check those items listed below.
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)- After checking these items... CLOSE ALL open windows except HijackThis.
- Click the Fix Checked ...button...to remove the entries you checked.
- Choose YES...when prompted to fix the selected items.
Next.
- Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
- Click on OK within the pop-up menu.
- In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
- System registry.
- Current user registry.
- Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.- Now click on "OK". A registry backup has now been created.
Next.
Re-run OTM
- Double-click OTM.exe to run it.
- Right-click then copy the following code, Do not include the word Code.
Code::Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12607271-78e8-11de-91a9-0025b3488224}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c9d89be-952b-11de-91cc-0025b3488224}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb4-7200-11de-9197-0025b3488224}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb6-7200-11de-9197-0025b3488224}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a91adfa7-72a9-11de-9199-0025b3488224}] :Commands [emptytemp] [start explorer] [Reboot]
- Return to OTM, right-click then paste the code into the blank box below
- Next click on the large button.
- OTM may ask to reboot the machine. Please do so if asked.
- Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
- Double click on RSIT.exe to run it.
- Please read the disclaimer... click on Continue.
- RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
- Please post ONLY the "log.txt", file contents in your next reply.
(This log can be lengthy, so a separate post may be needed.)
Logs/Information to Post in your Next Reply
- OTM log.
- RSITlog.txt log.
- Please give me an update on your computers performance, are you're searches still redirected?