Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win Antivirus 2006 & Other Popups


  • Please log in to reply

#1
gabebillings

gabebillings

    Member

  • Member
  • PipPip
  • 58 posts
How depressing. I've had my new laptop less than a week and I've already managed to get some stupid piece of malware on it. I tried basic scanning with my antivirus program with no results, so did some searches regarding my issue and found my way to this forum. I've followed all the instructions and think I'm finally ready for my post.

First let me describe the problem itself. I've gotten a couple different types of popups. One starts with an MS IE message window that says "Important Google Message Received!" which seems to then spawn an IE page with a random web page. The others are simple IE popups with no message window beforehand. In case it was important in tracking down the culprit I noted down some of the sites on the popups:

http://70.87.13.78/o...tion_g_x8m.html
http://count.exitexc...om/exit/1281705
http://www.octanetv.com/_pop/
http://www.speedyfish.com/

When the popups originally started happening it seemed like all were directed toward a program called Win Antivirus 2006, but they seem to have broadened their scope, as noted above.

There was a period while I was removing the bloatware that came with the laptop when I had no antivirus protection. I picked up Kaspersky Antivirus 6.0 a day or two after that. So here's what I've done so far:

-Full System Scan with Kaspersky Antivirus 6.0

-Checked the status of Windows Messenger in the MS Services menu (already disabled)

-Reenabled the items in the startup manager via MSCONFIG which I'd disabled during my original system cleanup, as instructed by the note after the first step in your instruction list

-Installed and ran CleanUp!

-Installed and ran Ad-aware SE (log listed below)

-Installed and ran CWShreder in Safe Mode

-Installed and ran Spybot S&D

-Installed and ran Ewido Anti-Malware in Safe Mode (log listed below)

-Ran Trend Housecall web antivirus scan

-Installed and ran TrojanHunter

-Checked for critical updates via Windows Update (none found)

-Installed and ran Hijack This (log listed below)


I'm a little uncertain as to which programs I should still be running. I saw the note regarding not having multiple AV programs running. Currently I have my Kaspersky AV, ewido anti-spyware and Trojanhunter.

That's what I've got so far. To the best of my knowledge, these popups continue to appear as of the writing of this forum post. Let me know if there's anything else I can do. Thank you for your assistance.


************************************************************
Ad-aware Scan***********************************************
************************************************************
************************************************************
************************************************************

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, July 30, 2006 8:24:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R116 24.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-30-2006 8:24:35 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 852
ThreadCreationTime : 7-31-2006 3:17:00 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 7-31-2006 3:17:06 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 7-31-2006 3:17:07 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 7-31-2006 3:17:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 7-31-2006 3:17:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 7-31-2006 3:17:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1300
ThreadCreationTime : 7-31-2006 3:17:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 1460
ThreadCreationTime : 7-31-2006 3:17:14 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1504
ThreadCreationTime : 7-31-2006 3:17:15 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1592
ThreadCreationTime : 7-31-2006 3:17:15 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Event Log
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Event Log
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : EvtEng.EXE

#:11 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1660
ThreadCreationTime : 7-31-2006 3:17:17 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 33
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Service
CompanyName : Intel Corporation
FileDescription : Wireless Management Service
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : S24EvMon.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1872
ThreadCreationTime : 7-31-2006 3:17:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1960
ThreadCreationTime : 7-31-2006 3:17:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 7-31-2006 3:17:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
ProcessID : 668
ThreadCreationTime : 7-31-2006 3:17:25 AM
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE

#:16 [cfsvcs.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 740
ThreadCreationTime : 7-31-2006 3:17:26 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 1
ProductVersion : 6, 0, 0, 0
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : ©copyright TOSHIBA CORPORATION 2003-2005
LegalTrademarks : ConfigFree™
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:17 [dvdramsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1180
ThreadCreationTime : 7-31-2006 3:17:26 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : DVD-RAM Utility Helper Service
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2004
OriginalFilename : DVDRAMSV.EXE

#:18 [ehrecvr.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 1240
ThreadCreationTime : 7-31-2006 3:17:26 AM
BasePriority : Above Normal
FileVersion : 5.1.2715.2773 (xpsp(wmbla).051011-0745)
ProductVersion : 5.1.2715.2773
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Receiver Service
InternalName : ehRecvr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehRecvr.exe

#:19 [ehsched.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 1224
ThreadCreationTime : 7-31-2006 3:17:27 AM
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:20 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1536
ThreadCreationTime : 7-31-2006 3:17:27 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 1
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless Registry Service
CompanyName : Intel Corporation
FileDescription : Intel® PROSet/Wireless Registry Service
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products

#:21 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1784
ThreadCreationTime : 7-31-2006 3:17:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1900
ThreadCreationTime : 7-31-2006 3:17:28 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [swupdtmr.exe]
FilePath : c:\TOSHIBA\IVP\swupdate\
ProcessID : 132
ThreadCreationTime : 7-31-2006 3:17:28 AM
BasePriority : Normal


#:24 [tappsrv.exe]
FilePath : C:\Program Files\TOSHIBA\TOSHIBA Applet\
ProcessID : 1992
ThreadCreationTime : 7-31-2006 3:17:29 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 13M
ProductVersion : 1.0.0.13M
ProductName : TOSHIBA TAPPSRV
CompanyName : TOSHIBA Corp.
FileDescription : TOSHIBA TAPPSRV
InternalName : TOSHIBA
LegalCopyright : Copyright © 2005
LegalTrademarks : TOSHIBA® is a registered trademark of TOSHIBA Corporation.
OriginalFilename : TAPPSRV.EXE
Comments : Written by Inventec ODM Software Team

#:25 [mcrdsvc.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 336
ThreadCreationTime : 7-31-2006 3:17:29 AM
BasePriority : Normal
FileVersion : 4.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 4.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : MCRD Device Service
InternalName : McrdSvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : McrdSvc.exe

#:26 [tfncky.exe]
FilePath : C:\Program Files\TOSHIBA\TOSHIBA Controls\
ProcessID : 2756
ThreadCreationTime : 7-31-2006 3:17:48 AM
BasePriority : Normal
FileVersion : 3.21.02
ProductVersion : 3.21.00
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright © 2001-2005 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:27 [tdispvol.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2828
ThreadCreationTime : 7-31-2006 3:17:49 AM
BasePriority : Normal
FileVersion : 3, 18, 0, 0
ProductVersion : 3, 18, 0, 0
ProductName : TDispVol
CompanyName : TOSHIBA Corporation
FileDescription : TDispVol
InternalName : TDispVol
LegalCopyright : Copyright 1997-2005 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TDispVol.exe

#:28 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2836
ThreadCreationTime : 7-31-2006 3:17:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:29 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2840
ThreadCreationTime : 7-31-2006 3:17:49 AM
BasePriority : Normal
FileVersion : 3.0.0.4436
ProductVersion : 7.0.0.4436
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:30 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2852
ThreadCreationTime : 7-31-2006 3:17:49 AM
BasePriority : Normal
FileVersion : 3.0.0.4436
ProductVersion : 7.0.0.4436
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE

#:31 [thotkey.exe]
FilePath : C:\Program Files\Toshiba\Toshiba Applet\
ProcessID : 2904
ThreadCreationTime : 7-31-2006 3:17:50 AM
BasePriority : Normal
FileVersion : 1.00.0018
ProductVersion : 1.00.0018
ProductName : THotkey
CompanyName : TOSHIBA
FileDescription : Hotkey Utility
InternalName : THotkey
LegalCopyright : 2005
LegalTrademarks : TOSHIBA Corporation
OriginalFilename : THotkey.exe

#:32 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2928
ThreadCreationTime : 7-31-2006 3:17:50 AM
BasePriority : Normal
FileVersion : 8.2.9 16Dec05
ProductVersion : 8.2.9 16Dec05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : SynTPEnh.exe

#:33 [tpsmain.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2960
ThreadCreationTime : 7-31-2006 3:17:51 AM
BasePriority : Normal
FileVersion : 1, 0, 15, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSMain
LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSMain.EXE

#:34 [dlactrlw.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 3060
ThreadCreationTime : 7-31-2006 3:17:51 AM
BasePriority : Normal
FileVersion : 5.20.09a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:35 [pinger.exe]
FilePath : C:\toshiba\ivp\ism\
ProcessID : 3068
ThreadCreationTime : 7-31-2006 3:17:51 AM
BasePriority : Normal
FileVersion : 3.7.0.0
ProductVersion : 3.7.0.0
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Pinger
InternalName : PINGER
LegalCopyright : © 1997-2005 TOSHIBA Corporation
OriginalFilename : PINGER.EXE

#:36 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\bin\
ProcessID : 3120
ThreadCreationTime : 7-31-2006 3:17:52 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 42
ProductVersion : 10, 1, 0, 0
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : ZeroCfgSvc.EXE

#:37 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3176
ThreadCreationTime : 7-31-2006 3:17:53 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 17
ProductVersion : 10, 1, 0, 0
ProductName : Intel® PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2005
OriginalFilename : iFramewrk.exe

#:38 [toshiba.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 3192
ThreadCreationTime : 7-31-2006 3:17:53 AM
BasePriority : Normal
FileVersion : 8.2.9 16Dec05
ProductVersion : 8.2.9 16Dec05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Toshiba Custom PlugIn Application
InternalName : Toshiba
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : Toshiba.exe

#:39 [cfsserv.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 3336
ThreadCreationTime : 7-31-2006 3:17:54 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 116
ProductVersion : 6, 0, 0, 0
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : ConfigFree™ Search for Wireless Devices Version 5.70
InternalName : CFSServ
LegalCopyright : Copyright © 2002-2005 TOSHIBA CORPORATION. All rights reserved.
LegalTrademarks : ConfigFree™
OriginalFilename : CFSServ.EXE
Comments : ConfigFree™ Search for Wireless Devices

#:40 [tpsbattm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3440
ThreadCreationTime : 7-31-2006 3:17:55 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 0
ProductVersion : 7, 0, 0, 0
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
InternalName : TPSBattM
LegalCopyright : Copyright © 1998-2004 TOSHIBA Corporation
OriginalFilename : TPSBattM.exe

#:41 [avp.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
ProcessID : 3492
ThreadCreationTime : 7-31-2006 3:17:57 AM
BasePriority : Normal
FileVersion : 6.0.0.299
ProductVersion : 6.0.0.299
ProductName : Kaspersky Anti-Virus
CompanyName : Kaspersky Lab
FileDescription : Kaspersky Anti-Virus
InternalName : AVP
LegalCopyright : Copyright © Kaspersky Lab 1996-2006.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : AVP.EXE

#:42 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 3520
ThreadCreationTime : 7-31-2006 3:17:57 AM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:43 [tvstray.exe]
FilePath : C:\Program Files\Toshiba\Tvs\
ProcessID : 3568
ThreadCreationTime : 7-31-2006 3:17:58 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : TOSHIBA Virtual Sound
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Virtual Sound Taskbar Module
InternalName : TvsTray
LegalCopyright : Copyright © 2004-2005 TOSHIBA Corporation.
OriginalFilename : TvsTray.exe
Comments : TOSHIBA Virtual Sound Taskbar Module

#:44 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 3604
ThreadCreationTime : 7-31-2006 3:17:58 AM
BasePriority : Normal
FileVersion : 8.2.9 16Dec05
ProductVersion : 8.2.9 16Dec05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : SynTPLpr.exe

#:45 [ndstray.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 3612
ThreadCreationTime : 7-31-2006 3:17:58 AM
BasePriority : Normal


#:46 [ltmoh.exe]
FilePath : C:\Program Files\ltmoh\
ProcessID : 3620
ThreadCreationTime : 7-31-2006 3:17:59 AM
BasePriority : Normal
FileVersion : 1.75
ProductVersion : 1.75
ProductName : LtMoh Application
CompanyName : Agere Systems
FileDescription : LtMoh MFC Application
InternalName : LtMoh
LegalCopyright : Agere Copyright © 2001-2005
LegalTrademarks : Agere Systens
OriginalFilename : LtMoh.EXE

#:47 [igfxtray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3656
ThreadCreationTime : 7-31-2006 3:17:59 AM
BasePriority : Normal
FileVersion : 3.0.0.4436
ProductVersion : 7.0.0.4436
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:48 [ehtray.exe]
FilePath : C:\WINDOWS\ehome\
ProcessID : 3684
ThreadCreationTime : 7-31-2006 3:17:59 AM
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe

#:49 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 3700
ThreadCreationTime : 7-31-2006 3:18:00 AM
BasePriority : Normal
FileVersion : 2.1.60.5 2.1.60.5 10/14/2005 13:29:07
ProductVersion : 2.1.60.5 2.1.60.5 10/14/2005 13:29:07
ProductName : Agere SoftModem Messaging Applet
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Agere Systems 1998-2000
OriginalFilename : smdmstat.exe

#:50 [toscdspd.exe]
FilePath : C:\Program Files\TOSHIBA\TOSCDSPD\
ProcessID : 3744
ThreadCreationTime : 7-31-2006 3:18:00 AM
BasePriority : Normal


#:51 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3840
ThreadCreationTime : 7-31-2006 3:18:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:52 [ehmsas.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 3888
ThreadCreationTime : 7-31-2006 3:18:02 AM
BasePriority : Normal
FileVersion : 5.1.2710.2732 (xpsp(wmbla).050805-1239)
ProductVersion : 5.1.2710.2732
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe

#:53 [ramasst.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3988
ThreadCreationTime : 7-31-2006 3:18:04 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 1, 0, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : CD Burning of Windows XP disabling tool for DVD MULTI Drive
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2004
OriginalFilename : RAMASST.EXE

#:54 [dllhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2352
ThreadCreationTime : 7-31-2006 3:18:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe

#:55 [dot1xcfg.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 2476
ThreadCreationTime : 7-31-2006 3:18:10 AM
BasePriority : Normal
FileVersion : 10, 1, 0, 79
ProductVersion : 10, 1, 0, 1
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel 802.1x Server
InternalName : Dot1xCfg
LegalCopyright : Copyright © Intel Corporation 2005
OriginalFilename : Dot1xCfg.exe

#:56 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3380
ThreadCreationTime : 7-31-2006 3:19:35 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:57 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2076
ThreadCreationTime : 7-31-2006 3:22:51 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0


8:29:03 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:28.235
Objects scanned:122353
Objects identified:0
Objects ignored:0
New critical objects:0






************************************************************
ewido Scan**************************************************
************************************************************
************************************************************
************************************************************

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:16:11 PM 7/30/2006

+ Scan result:



C:\Documents and Settings\GABE\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\GABE\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end





************************************************************
Hijack This Scan********************************************
************************************************************
************************************************************
************************************************************


Logfile of HijackThis v1.99.1
Scan saved at 6:46:11 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\GABE\My Documents\Downloads\Spyware Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33cd0685-0285-4942-bb05-54e9374aa318} - C:\WINDOWS\system32\crypph.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://phstreamweb2/...tsweb/msrdp.cab
O16 - DPF: {D965D483-9F35-47D9-AF34-D448CACE97F7} (AAInstall Control) - http://phstreamweb2/...e/AAInstall.ocx
O20 - Winlogon Notify: crypph - C:\WINDOWS\SYSTEM32\crypph.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:



Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

  • 0

#3
gabebillings

gabebillings

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Hey Sam! Thanks for helping out so quickly. Unfortunately it looks as though that didn't help.
Here are the logs:

VundoFix:

VundoFix V5.1.6

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.4

Scan started at 3:09:58 PM 7/31/2006

Listing files found while scanning....

No infected files were found.

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 3:14:27 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RAMASST.exe
c:\windows\system32\VundoFix.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GABE\My Documents\Downloads\Spyware Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33cd0685-0285-4942-bb05-54e9374aa318} - C:\WINDOWS\system32\crypph.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://phstreamweb2/...tsweb/msrdp.cab
O16 - DPF: {D965D483-9F35-47D9-AF34-D448CACE97F7} (AAInstall Control) - http://phstreamweb2/...e/AAInstall.ocx
O20 - Winlogon Notify: crypph - C:\WINDOWS\SYSTEM32\crypph.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's get some confirmation on a suspicious file before we proceed.
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:

    • C:\WINDOWS\system32\crypph.dll
  • Disable your firewall if you are using one.
  • Click on the submit button
  • Reenable your firewall as soon as you get results.
  • Please post the results in your next reply.

  • 0

#5
gabebillings

gabebillings

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Well that's something at least... I also tried wrapping my router in a giant condom. I thought that might help.


**************************************************
Service load: 0% 100%

File: crypph.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 5bbe8c004c8dfc9dc98742ee21347e70
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found DLOADER.Trojan (probable variant)
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
It seems you may have something new here. I'm going to contact an expert in malware analysis to see if we can sort out exactly what it is we're dealing with.

Please download the Suspicious File Packer from here:
http://www.safer-net...g/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following list of bad files into the Suspicious File Packer window:

C:\WINDOWS\system32\crypph.dll

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Just hang onto that until I hear back.


================


Now that we have a copy of it safely stored away, let's see if we can go ahead and get rid of it for you.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {33cd0685-0285-4942-bb05-54e9374aa318} - C:\WINDOWS\system32\crypph.dll
O20 - Winlogon Notify: crypph - C:\WINDOWS\SYSTEM32\crypph.dll



========



Download KillBox and unzip it to your desktop.

Open Killbox and select the Delete on reboot option.
Copy and paste the following file to the field labeled "Full path of file to delete"

C:\WINDOWS\SYSTEM32\crypph.dll

Press the Delete button (the button that looks like a red circle with a white X in it).
A first dialog box will ask if you want to delete the file on reboot, press the YES button.
A second dialog box will ask you if you want to REBOOT now. Press the YES button.

Your computer will reboot.



========


Please post a new hijackthis log.
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
As expected, there is some interest in getting a closer look at that file.

Please go to this forum: http://www.thespykil...x.php?board=1.0
You don't need to be a member to upload the archive!
Just press new topic, fill in the needed details and just give a link to your HijackThis log topic at this forum & then press the browse button and then navigate to & select the archive on your computer, press Post to upload the files. In the subject line put "For TonyKlein".

Let me know if you have any problems.
  • 0

#8
gabebillings

gabebillings

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Huzzah! Let's hope that did the trick. Once I've posted this I'll upload the CAB file to the other forum. Thank you very much for all your help. I'm going to give a shot at learning how to do this myself, so maybe I can help out others. (Not to mention learning how to fix my own problems so I don't need to bug you with them.)

Gabe

*************************************************

Logfile of HijackThis v1.99.1
Scan saved at 12:32:25 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\GABE\My Documents\Downloads\Spyware Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33cd0685-0285-4942-bb05-54e9374aa318} - C:\WINDOWS\system32\crypph.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://phstreamweb2/...tsweb/msrdp.cab
O16 - DPF: {D965D483-9F35-47D9-AF34-D448CACE97F7} (AAInstall Control) - http://phstreamweb2/...e/AAInstall.ocx
O20 - Winlogon Notify: crypph - crypph.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
We found out that file is a new Vundo variant. And Vundo never goes away quite that easily, so we're going to take another run at it.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {33cd0685-0285-4942-bb05-54e9374aa318} - C:\WINDOWS\system32\crypph.dll (file missing)
O20 - Winlogon Notify: crypph - crypph.dll (file missing)




And now let's use VundoFix again.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • In case it says that nothing was been found, close the alert window and right click the list box (white box) in the main VundoFix window.
  • Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\system32\crypph.dll
  • Copy and paste next in the second field: C:\WINDOWS\system32\hppyrc.*
  • Click the “Add Files” button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • A log will be created, C:\vundofix.txt which you will need to include in your next reply.

Also post a new hijackthis log.
  • 0

#10
gabebillings

gabebillings

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I'm having trouble getting the VundoFix to work. The scans are still coming up empty so I'm attempting to add the files by hand. I can copy and paste the filenames into the Add Files textboxes, and then I'm running into problems. Clicking the 'Add Files' button seems to be doing nothing. I was expecting the filenames to show up in the white box in the other window, but nothing is happening. (Perhaps that's normal.)

So when I click 'Close Window', I'm back to the main Vundo window looking like it did before. When I click 'Remove Vundo', I get an alert window reading the following:

"No files were found, VundoFix V5.1.6 will now close."

I've tried it several times to make sure I wasn't messing something up. Any thoughts?

Log files:

***********************************************

No infected files were found.


Beginning removal...

VundoFix V5.1.6

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.4

Scan started at 4:58:39 PM 8/1/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

***********************************************

Logfile of HijackThis v1.99.1
Scan saved at 5:02:07 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GABE\My Documents\Downloads\Spyware Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://phstreamweb2/...tsweb/msrdp.cab
O16 - DPF: {D965D483-9F35-47D9-AF34-D448CACE97F7} (AAInstall Control) - http://phstreamweb2/...e/AAInstall.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
  • 0

#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That just indicates that those files aren't present, which is a very good thing! :whistling:

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.


=============



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:blink: :help:
  • 0

#12
gabebillings

gabebillings

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Man. It's enough to make me want to throw my computers away and hide under the bed.

Do you think the software firewall built into XP is sufficient, or would a separate program be better? I've used ZoneAlarm in the past. I also have a router with a firewall.

Thanks again for all the help!


Gabe
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Windows firewall should be considered bare minimum protection. I would definitely recommend Zone Alarm.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP