Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All my spyware programs keep crashing [RESOLVED]

Started by BrandonKeith , Oct 11 2006 04:18 AM

  • This topic is locked This topic is locked

#1
BrandonKeith
Posted 11 October 2006 - 04:18 AM

BrandonKeith

    Member

  • Member
  • PipPip
  • 35 posts
Well, I managed to get a Hijack log. Basically, mozilla has been crashing a bit lately and I've never had problems like that. I started having some troubles with one of my games crashing today, so I decided to do a system scan.

Adaware, spybot S&D , and CleanUp! all crash. Also, Trend House Call's online check keeps crashing. Please help.






Logfile of HijackThis v1.99.1
Scan saved at 3:11:35 AM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgrounds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Webeye USB PC Camera
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Startup: Registration Pacific Fighters.LNK = E:\registration_us\RegistrationReminder.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01911178-010F-4C35-B4CE-0C5F99AA9205}: NameServer = 85.255.116.24,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{18F826EA-BB3A-4FCB-9DBA-865D276A9434}: NameServer = 85.255.116.24,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{692237B2-4BA0-4455-B13C-BEB2150CB93B}: NameServer = 85.255.116.24,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B11958C-8737-492A-8D54-655D63ED5877}: NameServer = 85.255.116.24,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\..\{A23E07AC-946A-4AB4-845A-34F25806E849}: NameServer = 85.255.116.24,85.255.112.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: UmxSbxExw.dll,wbsys.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
O23 - Service: FW User to IP Address Translation (UmxUTA) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\umxuta.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

Edited by BrandonKeith, 11 October 2006 - 04:20 AM.

  • 0

Advertisements

#2
jamielaw
Posted 11 October 2006 - 10:30 AM

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Welcome BrandonKeith! :whistling:

I will be helping you under the guidance of one of our expert coaches.

Please give me a little time to get back to you with instructions.

Thanks
Jamie
  • 0

#3
jamielaw
Posted 11 October 2006 - 11:37 AM

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Hey BrandonKeith

Antivirus:

Please download one of these free antiviruses and install it, either AVG or Avast

Update Java:

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 5.0 Update 9 ). Please install it and then reboot your computer.

Remove the older versions of Java:
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except J2SE Runtime Environment 5.0 Update 9
Wareout:

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Please post the contents of this text file (C:\fixwareout\report.txt) in your next reply.

Viewpoint:

Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto-updating for the Viewpoint Manager" -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.


I recommend that you remove the Viewpoint products; however, decide for yourself.

Fix the HJT entries:
  • Open hijackthis and select the DO A SYSTEM SCAN ONLY option.
  • Place a check next to the following items:

    O1 - Hosts: 66.98.136.25 auto.search.msn.com
    O1 - Hosts: 66.98.136.25 auto.search.msn.es
    O4 - Startup: Registration Pacific Fighters.LNK = E:\registration_us\RegistrationReminder.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{01911178-010F-4C35-B4CE-0C5F99AA9205}: NameServer = 85.255.116.24,85.255.112.84
    O17 - HKLM\System\CCS\Services\Tcpip\..\{18F826EA-BB3A-4FCB-9DBA-865D276A9434}: NameServer = 85.255.116.24,85.255.112.84
    O17 - HKLM\System\CCS\Services\Tcpip\..\{692237B2-4BA0-4455-B13C-BEB2150CB93B}: NameServer = 85.255.116.24,85.255.112.84
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7B11958C-8737-492A-8D54-655D63ED5877}: NameServer = 85.255.116.24,85.255.112.84
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A23E07AC-946A-4AB4-845A-34F25806E849}: NameServer = 85.255.116.24,85.255.112.84
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.84
  • Close all open browsers and windows, except hijackthis. Then select fix checked . Now close HJT.
Hoster:

Download the Hoster.
  • Unzip Hoster to a convenient folder such as C:\Hoster.
  • Run Hoster.exe from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Original Hosts and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Kaspersky Online Scanner
Go to http://www.kaspersky.com/virusscanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with another HJT log.

  • 0

#4
BrandonKeith
Posted 11 October 2006 - 11:01 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ok, here are my results.


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}50B84FE9CA4D-489A-D584-71A2-E04E75DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7DC808A4BB19-A088-F914-0901-A888B16D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xkjmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmjkx.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSDKL.EXE 51,801 2006-09-25
C:\WINDOWS\SYSTEM32\DMJKX.EXE 61,969 2004-08-10

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.


Wednesday, October 11, 2006 9:55:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/10/2006
Kaspersky Anti-Virus database records: 230884
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 97496
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:51:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_2898216512_131072_54865 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{921CB5A6-07D0-457B-B77C-1DB862823FBA}.TmpSBE Object is locked skipped
C:\Documents and Settings\Brandon Keith\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Brandon Keith\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\history.dat Object is locked skipped
C:\Documents and Settings\Brandon Keith\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\key3.db Object is locked skipped
C:\Documents and Settings\Brandon Keith\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Brandon Keith\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\Application Data\Mozilla\Firefox\Profiles\5uw2ipyx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brandon Keith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Brandon Keith\ntuser.dat Object is locked skipped
C:\Documents and Settings\Brandon Keith\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Games(2)\ut\utils\DoxV103.zip.exe Object is locked skipped
C:\Games(2)\ut\utils\odwizard126.zip.exe Object is locked skipped
C:\Program Files\Electronic Arts\EA Downloader\logs\Core.html Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP449\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{DCBE875E-E101-4B07-9DC8-3F69A7B95FAF}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D2A4D134-A157-46DB-ACAE-A62733A402C9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 10:01:21 PM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Webeye USB PC Camera
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: UmxSbxExw.dll,wbsys.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
O23 - Service: FW User to IP Address Translation (UmxUTA) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\umxuta.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

#5
jamielaw
Posted 12 October 2006 - 12:06 PM

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Hey BrandonKeith

Upload Samples:

You have a file/s of interest to us. It would help the detection rates of the tools we use by getting hold of samples of these infections.

Please download this Malware Submission Tool. Save this file where it is quick to access i.e. C:\Submitter.exe.

Instructions for setting it up:

1. Go to this folder: C:\Documents and Settings\{Your username}\SendTo
2. Right-click inside the folder and click New > Shortcut
3. Enter the location of where you saved the file (e.g. C:\Submitter.exe)
4. Type a name for the shortcut e.g. Submit Malware
5. Then once you have created the shortcut you need to right-click it and select Properties
6. In the target box you need to replace that with this: {File Location} -all
7. So in my case I would type: C:\submitter.exe -all
8. Then click OK.

To enable the Show Hidden Folders option:
  • From your Desktop, right-Click: My Computer. Left-Click: Explore.
  • Select from the Tools menu:Folder Options.
  • Select the View Tab.
  • Under the Advanced Settings>Hidden files and folders, select: Show hidden files and folders.
  • Uncheck: Hide extensions for known file types
  • Also, uncheck the Hide protected operating system files (recommended) option.
  • Click: Yes to confirm warning[s].
  • Click: OK.
Locate File:

1. Click Start > Run and type:C:\WINDOWS\SYSTEM32
2. Then locate this file in the folder: CSDKL.EXE and DMJKX.EXE
3. Right-click on the file and select Send To and select Submit Malware {or whatever you named your shortcut}
4. This will then load a series of websites. Please give them a few minutes to load.
5. Please copy/paste this filepath for the Kaspersky website and the Fortinet website: C:\WINDOWS\SYSTEM32\CSDKL.EXE and C:\WINDOWS\SYSTEM32\DMJKX.EXE
6. Post the results of the Jotti, VirusTotal, Kaspersky and Fortinet scan back into this thread in your next reply.

To reset the hidden/system files and folders:
  • From your Desktop, right-Click: My Computer. Left-Click: Explore.
  • Select from the Tools menu:Folder Options.
  • Select the View Tab.
  • Under the Advanced Settings>Hidden files and folders, de-select: Show hidden files and folders.
  • Check: Hide extensions for known file types
  • Also, check the Hide protected operating system files (recommended) option.
  • Click: OK.
How is your computer running now? Are you still having trouble with programs crashing?
  • 0

#6
BrandonKeith
Posted 12 October 2006 - 02:44 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
The link you have up for the malware submission tool is broken.. as for how my system is running, firefox hasn't crashed yet, but my auto updates from microsoft aren't downloading, and an application I was trying to download last night stopped halfway through and I couldn't get it to start back up.

I'm going to reboot and see if that helps since I left my comp on last night. Also, in firefox, whenever I go to a post here on the forum, it comes up like a text file, but if I use IE, then it comes up normal. Can't quite figure that one out.
  • 0

#7
jamielaw
Posted 12 October 2006 - 04:06 PM

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Hey BrandonKeith

Submit Malware:

Please go here and upload each file: VirusTotal

C:\WINDOWS\SYSTEM32\CSDKL.EXE
C:\WINDOWS\SYSTEM32\DMJKX.EXE

Please copy/paste the results back into this thread

Upload Malware:

You have a file/s of interest to us. It would help the detection rates of the tools we use by getting hold of samples of these infections.

Please could you upload both files here: BC Submission. In the link to topic field put: jamielaw
  • 0

#8
BrandonKeith
Posted 12 October 2006 - 09:02 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hey, well, my, firefox problem has gone away. I've uploaded the files you wanted. I've only got one response so far. I'll post the results from the other file scan when it arrives.



complete scanning result of "csdkl.exe", processed in VirusTotal at 10/13/2006
05:06:16 (CET).

[ file data ]
* name: csdkl.exe
* size: 51801
* md5.: d768af9a86ab5aa5988e764fb5061889
* sha1: f9aee6d53c9b01157c89ce2a6f3f6c2fc974ef2e

[ scan result ]
AntiVir 7.2.0.30/20061012 found nothing
Authentium 4.93.8/20061013 found [could be a corrupted executable file]
Avast 4.7.892.0/20061012 found nothing
AVG 386/20061012 found nothing
BitDefender 7.2/20061013 found [MemScan:Trojan.Downloader.Mohbpork.A]
CAT-QuickHeal 8.00/20061012 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061012 found nothing
DrWeb 4.33/20061013 found nothing
eTrust-InoculateIT 23.73.21/20061012 found nothing
eTrust-Vet 30.3.3129/20061012 found [Win32/Alureon!generic]
Ewido 4.0/20061012 found [Downloader.Agent.uj]
F-Prot 3.16f/20061012 found nothing
F-Prot4 4.2.1.29/20061013 found nothing
Fortinet 2.82.0.0/20061013 found [suspicious]
Ikarus 0.2.65.0/20061012 found nothing
Kaspersky 4.0.2.24/20061013 found nothing
McAfee 4872/20061012 found [Spy-Agent.bc]
Microsoft 1.1603 /20061013 found nothing
NOD32v2 1.1801/20061012 found [a variant of Win32/Small.FB]
Norman 5.80.02/20061012 found nothing
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.096/20061011 found nothing
UNA 1.83/20061012 found nothing
VBA32 3.11.1/20061012 found [suspected of Trojan-Downloader.Agent.32]
VirusBuster 4.3.7:9/20061012 found nothing

[ notes ]
packers: PECRYPT
  • 0

#9
BrandonKeith
Posted 12 October 2006 - 09:10 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here's the run down on the other file.




Complete scanning result of "dmjkx.exe", processed in VirusTotal at 10/13/2006
05:18:16 (CET).

[ file data ]
* name: dmjkx.exe
* size: 61969
* md5.: 0b390b7d0c4fd008ef41b0a1a9ceb81f
* sha1: cd8e30ecb714395ee463e16804359a12bc75735f

[ scan result ]
AntiVir 7.2.0.30/20061012 found [TR/Agent.QB.161]
Authentium 4.93.8/20061013 found [could be a corrupted executable file]
Avast 4.7.892.0/20061012 found nothing
AVG 386/20061012 found nothing
BitDefender 7.2/20061013 found [MemScan:Trojan.Agent.QB]
CAT-QuickHeal 8.00/20061012 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061012 found nothing
DrWeb 4.33/20061013 found nothing
eTrust-InoculateIT 23.73.21/20061012 found nothing
eTrust-Vet 30.3.3129/20061012 found [Win32/Alureon!generic]
Ewido 4.0/20061012 found nothing
F-Prot 3.16f/20061012 found nothing
F-Prot4 4.2.1.29/20061013 found nothing
Fortinet 2.82.0.0/20061013 found [suspicious]
Ikarus 0.2.65.0/20061012 found [Win32.SuspectCrc]
Kaspersky 4.0.2.24/20061013 found nothing
McAfee 4872/20061012 found nothing
Microsoft 1.1603 /20061013 found nothing
NOD32v2 1.1801/20061012 found [a variant of Win32/Small.FB]
Norman 5.80.02/20061012 found nothing
Panda 9.0.0.4/20061012 found [Trj/Ruins.CI]
Sophos 4.10.0/20061005 found nothing
TheHacker 6.0.1.096/20061011 found nothing
UNA 1.83/20061012 found nothing
VBA32 3.11.1/20061012 found [Trojan.Win32.Small.fb]
VirusBuster 4.3.7:9/20061012 found nothing

[ notes ]
packers: PECRYPT

___________________
  • 0

#10
jamielaw
Posted 14 October 2006 - 08:38 AM

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Hey BrandonKeith

Using Windows Explorer please could you navigate to this folder C:\WINDOWS\SYSTEM32 and delete these files:

CSDKL.EXE
DMJKX.EXE

Please could you then post a fresh Hijackthis log.
  • 0

#11
BrandonKeith
Posted 14 October 2006 - 01:01 PM

BrandonKeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here's my new log.


Logfile of HijackThis v1.99.1
Scan saved at 12:00:23 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgrounds.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Webeye USB PC Camera
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: UmxSbxExw.dll,wbsys.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: FW Event Manager (UmxAgent) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW Live Update (UmxLU) - Tiny Software, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Tiny Software Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
O23 - Service: FW User to IP Address Translation (UmxUTA) - Tiny Software, Inc. - C:\Program Files\Tiny Firewall Pro\umxuta.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
  • 0

#12
jamielaw
Posted 15 October 2006 - 02:14 PM

jamielaw

    Member

  • Member
  • PipPipPip
  • 350 posts
Hey BrandonKeith

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Please pay particular attention to Step A & G!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and re-enable system restore to make sure there are no infected files found in a restore point. Sometimes viruses can hide in there and if you ever needed to restore your system you would then re-infect your self
    You can find instructions on how to enable and re enable system restore here:Windows XP System Restore Guide

    Or simply follow these instructions:
    • Click Start, run and type SYSDM.CPL
    • Select the System Restore Tab
    • Check the box to Turn off System Restore on all drives
    • Click Apply and then OK to the confirmation window
    • Then uncheck the box, click apply and then OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Install HostsMan - HostsMan will add a large list of restricted websites to your hosts file. This will prevent you from visiting some bad websites.
    Download Hostsman here!
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.

NOW is the time you can start to hit back at the people who infected you.
Posted Image
Please take the time to go and complain - that forum has a topic for your infection which is ................ please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


Happy Surfing!

Jamie
  • 0

#13
therock247uk
Posted 17 October 2006 - 07:27 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP