Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected? Very Slow Response, Igfxtray, Hkcmd Error Messages On Windows Startup, And Internet Constantly Being Dropped


  • This topic is locked This topic is locked
12 replies to this topic

#1 JasonD1

JasonD1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:08:40 PM

Posted 18 June 2008 - 09:25 PM

Hello,

This is my first port, and not sure if I am in the correct area. My computer has been unusually slow loading windows, upon start-up I get error messages stating the igfxtray.exe and hkcmd.exe are unable to initialize properly. Additionally, I use a wireless internet connection. THe connection shows I am still connect very good, but I get the page cannot be displayed. Any help would be greatly appreciated.

Thanks!
JayD

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:53 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6776 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:40 PM

Posted 08 July 2008 - 10:51 PM

Hello JasonD1. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)

We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

If you still would like help, please follow the following instructions:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please make sure the following reports are present:
  • The Kaspersky scan report
  • DSS's Main.txt
  • DSS's Extra.txt

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 JasonD1

JasonD1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:08:40 PM

Posted 09 July 2008 - 07:45 PM

Hi Billy! Thanks for helping me!

I downloaded Deckard's, its runs, but it gets to what appears to be the last step and I get an error message...

"dss.exe has encountered a problem and needs to close. We are sorry for the inconvenience."


Kaspersky log to come.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:40 PM

Posted 09 July 2008 - 08:28 PM

Post a fresh HJT log instead of the DSS logs, please :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 JasonD1

JasonD1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:08:40 PM

Posted 09 July 2008 - 09:25 PM

Sorry, tried to download it from both places and got same message.

Here is the fresh HJT log. The kaspersky is still running.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:21 PM, on 7/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5479 bytes

#6 JasonD1

JasonD1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:08:40 PM

Posted 10 July 2008 - 07:19 AM

Kasperspy did not find anything, so there was no scan report? Here are the scan details.

Scan statistics

Files scanned 100095

Threat names 0

Infected objects 0

Suspicious objects 0

Duration of the scan 05:10:51

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:40 PM

Posted 11 July 2008 - 06:24 AM

Hello, JasonD1.

We need to run ComboFix.Please include the ComboFix report in your next reply.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 JasonD1

JasonD1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:08:40 PM

Posted 11 July 2008 - 06:05 PM

Here is the ComboFix log... And I noticed the following things:

When I turned off Norton- my computer seemed to no really change in performance

When I turned of Spysweeper:
1) My computer seemed to not freeze for long periods of time
2) My computer stayed connected to the internet more

So I am begining to think it my be a problem with that program.


ComboFix 08-07-11.1 - Jason 2008-07-11 18:45:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.261 [GMT -4:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\oeminfo.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-09 20:17 . 2008-07-09 20:17 <DIR> d-------- C:\Deckard
2008-07-05 18:51 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-05 18:48 . 2008-07-05 18:48 911,250 --a------ C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe
2008-07-05 18:43 . 2008-07-05 18:43 <DIR> d-------- C:\Program Files\Prison Tycoon 2
2008-07-05 18:43 . 2008-07-05 18:43 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-07-05 18:42 . 2008-07-05 18:42 5,694 --a------ C:\Sdicon32.ico
2008-07-05 10:38 . 2008-07-05 10:38 <DIR> d-------- C:\Documents and Settings\Administrator.JAYD\Application Data\Gtek
2008-07-05 10:37 . 2008-07-05 10:38 <DIR> d--h----- C:\Documents and Settings\Jason\Application Data\GTek
2008-07-05 10:37 . 2008-07-05 10:37 3,316 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-07-05 10:36 . 2006-04-02 16:52 1,851,546 --a------ C:\WINDOWS\system32\gdql_lsa.dll
2008-07-05 10:36 . 2006-01-16 22:08 683,150 --a------ C:\WINDOWS\system32\qdiaglsa.ocx
2008-07-05 10:36 . 2005-11-21 13:17 135,168 --a------ C:\WINDOWS\system32\GoProto.dll
2008-07-05 10:36 . 2008-07-05 10:36 29,184 --a------ C:\WINDOWS\system32\drivers\goprot51.sys
2008-07-05 10:35 . 2008-07-05 12:04 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-05 10:35 . 2008-07-05 10:38 <DIR> d-ah----- C:\Documents and Settings\All Users\Application Data\GTek
2008-07-05 10:35 . 2005-08-30 12:23 208,896 --a------ C:\WINDOWS\system32\GTDownLS_125.ocx
2008-07-05 10:35 . 2004-06-09 09:29 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys
2008-07-05 10:35 . 2005-03-13 16:54 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys
2008-06-22 18:32 . 2008-06-22 18:32 <DIR> d-------- C:\cabs
2008-06-20 23:10 . 2008-06-20 23:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-20 20:25 . 2008-06-20 20:25 <DIR> d-------- C:\WINDOWS\Sun
2008-06-19 22:50 . 2008-06-19 22:50 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-19 22:50 . 2008-06-19 23:03 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-06-19 22:49 . 2008-06-19 22:52 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-19 22:49 . 2008-06-19 22:52 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-19 22:49 . 2008-06-19 22:52 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-19 22:49 . 2008-06-19 22:52 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-19 22:48 . 2008-06-19 22:52 <DIR> d-------- C:\Program Files\Symantec
2008-06-19 22:18 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-19 22:18 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-19 22:18 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-19 22:18 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-19 22:18 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-19 22:18 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-19 22:18 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-19 22:18 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-19 22:18 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-19 21:04 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-19 20:48 . 2008-06-19 20:48 <DIR> d-------- C:\agnis-sites
2008-06-17 21:09 . 2008-06-17 21:09 <DIR> d-------- C:\ERDNT
2008-06-17 21:09 . 2008-06-17 21:10 <DIR> d-------- C:\backup617
2008-06-17 20:56 . 2008-06-17 20:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 20:38 . 2008-06-15 20:38 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\System Tweaker
2008-06-15 20:19 . 2008-06-15 20:37 <DIR> d-------- C:\Program Files\Uniblue
2008-06-15 20:19 . 2008-06-15 20:19 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Uniblue
2008-06-15 11:20 . 2008-06-21 09:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-15 10:33 . 2008-06-15 11:14 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-06-15 10:33 . 2008-06-15 11:14 4 --a------ C:\WINDOWS\system32\8CE05F
2008-06-15 10:32 . 2008-06-15 10:32 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-06-15 10:25 . 2008-06-15 10:25 25 --a------ C:\WINDOWS\cdplayer.ini
2008-06-15 10:20 . 2008-06-15 10:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-15 10:08 . 2008-06-15 10:08 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-15 09:59 . 2008-06-15 09:59 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-06-15 09:58 . 2008-06-15 09:59 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-14 22:25 . 2008-06-14 22:25 <DIR> d-------- C:\Program Files\Smart Projects
2008-06-14 20:10 . 2008-06-14 20:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\McAfee
2008-06-14 19:16 . 2008-06-15 01:42 <DIR> d-------- C:\Program Files\AnyReader
2008-06-14 18:52 . 2008-06-14 18:52 <DIR> d-------- C:\Program Files\CDCheck
2008-06-14 17:25 . 2008-06-14 17:25 2 --a------ C:\WINDOWS\msoffice.ini
2008-06-14 11:40 . 2008-06-14 11:40 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-06-14 11:40 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d--hs---- C:\Documents and Settings\Jason\UserData
2008-06-13 19:35 . 2008-06-13 19:35 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\iWin
2008-06-13 19:17 . 2008-07-05 01:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 19:14 . 2008-06-13 19:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-13 18:59 . 2008-07-06 11:48 <DIR> d-------- C:\Program Files\Webroot
2008-06-13 18:59 . 2008-07-06 11:48 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Webroot
2008-06-13 18:47 . 2008-06-29 21:23 <DIR> d-------- C:\Program Files\Shockwave.com
2008-06-13 18:45 . 2008-06-13 18:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-06-12 22:48 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 22:48 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 22:20 . 2008-06-12 22:20 <DIR> d-------- C:\My Backup -- 11-06-08 2050
2008-06-12 21:45 . 2004-08-27 05:54 <DIR> d-------- C:\Documents and Settings\Jason\WINDOWS
2008-06-12 21:45 . 2008-06-12 00:43 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\SampleView
2008-06-12 21:45 . 2008-07-05 11:25 <DIR> d-------- C:\Documents and Settings\Jason
2008-06-12 21:34 . 2008-07-08 21:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-12 21:34 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 01:28 . 2004-08-27 05:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-12 01:28 . 2008-06-12 00:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-06-12 01:28 . 2004-08-27 05:54 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-12 01:24 . 2008-06-12 01:24 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-12 01:19 . 2008-06-12 01:19 0 --a------ C:\WINDOWS\system32\Gateway_6510GZ_Rev.1_T365311004607.MRK
2008-06-12 01:18 . 2008-06-12 01:18 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
2008-06-12 01:11 . 2008-06-12 01:07 2 --a------ C:\WINDOWS\UNSIGNED.LST
2008-06-12 01:01 . 2008-06-12 01:01 <DIR> d-------- C:\Intel
2008-06-12 01:01 . 2004-12-24 20:54 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-12 00:48 . 2004-08-04 15:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-12 00:47 . 2008-06-12 00:47 <DIR> d-------- C:\Program Files\CyberLink
2008-06-12 00:47 . 2008-06-12 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-12 00:46 . 2008-06-12 00:46 <DIR> d-------- C:\Program Files\MSN Encarta Plus
2008-06-12 00:46 . 2008-06-12 00:46 <DIR> d-------- C:\Program Files\Gateway
2008-06-12 00:46 . 2003-03-25 08:00 67,072 --a------ C:\WINDOWS\POWERCFG.EXE
2008-06-12 00:44 . 2008-06-12 00:45 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-12 00:44 . 2004-09-03 19:07 20,480 --a------ C:\WINDOWS\system32\Marker32.exe
2008-06-12 00:43 . 2008-06-12 00:43 <DIR> d-------- C:\WINDOWS\tiinst
2008-06-12 00:43 . 2008-06-12 01:28 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-12 00:43 . 2004-07-15 17:06 471,298 --a------ C:\WINDOWS\wallpg.exe
2008-06-12 00:43 . 2002-09-23 15:37 51,656 --a------ C:\WINDOWS\system32\OEMLOGO.BMP
2008-06-12 00:42 . 2008-06-12 00:42 <DIR> d-------- C:\Program Files\Synaptics
2008-06-12 00:42 . 2004-11-05 12:47 185,824 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-06-12 00:42 . 2004-11-05 12:47 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-06-12 00:42 . 2004-11-05 12:47 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-06-12 00:42 . 2004-10-08 14:46 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2008-06-12 00:42 . 2004-11-05 12:47 77,917 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-06-12 00:42 . 2004-11-05 12:47 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2008-06-12 00:42 . 2008-06-12 00:49 749 --a------ C:\RebootLog.ini
2008-06-12 00:42 . 2008-06-12 00:42 2 --a------ C:\AUDIT_INSTALL_IN_PROGRESS
2008-06-12 00:40 . 2008-06-12 00:40 <DIR> d--hs---- C:\found.001
2008-06-12 00:35 . 2008-06-12 00:35 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee
2008-06-12 00:35 . 2008-06-12 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-12 00:35 . 2008-06-12 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 00:34 . 2008-06-12 00:34 <DIR> d-------- C:\Program Files\Intel
2008-06-12 00:34 . 2008-06-12 00:47 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 00:34 . 2008-06-12 00:34 <DIR> d-------- C:\Program Files\Google
2008-06-12 00:34 . 2008-06-12 00:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-12 00:33 . 2008-06-14 17:27 <DIR> d-------- C:\Program Files\BigFix
2008-06-12 00:33 . 2004-01-14 04:53 1,658,880 --------- C:\WINDOWS\UNNeroBurnRights.exe
2008-06-12 00:33 . 2002-10-09 07:36 57,344 --a------ C:\WINDOWS\system32\NeroBurnRights.cpl
2008-06-12 00:33 . 2002-10-09 07:36 53,248 --a------ C:\WINDOWS\system32\NeroCo.dll
2008-06-12 00:33 . 2003-05-05 13:52 25,214 --a------ C:\WINDOWS\gtwdocs.ico
2008-06-12 00:33 . 2004-06-21 05:35 23,512 --------- C:\WINDOWS\UNNeroBurnRights.cfg
2008-06-12 00:33 . 2004-08-09 13:16 17,956 --a------ C:\WINDOWS\BigFixClientOverride.dll
2008-06-12 00:32 . 2008-06-12 00:32 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-06-12 00:32 . 2008-06-12 00:32 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-12 00:32 . 2008-06-14 21:49 <DIR> d-------- C:\Program Files\Pure Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-28 02:39 164 ----a-w C:\Documents and Settings\My Backup -- 11-06-08 2050\install.dat
2004-08-26 18:04 0 --sha-r C:\Documents and Settings\My Backup -- 11-06-08 2050\MSDOS.SYS
2004-08-26 18:04 0 --sha-r C:\Documents and Settings\My Backup -- 11-06-08 2050\IO.SYS
2004-08-26 18:04 0 ----a-w C:\Documents and Settings\My Backup -- 11-06-08 2050\CONFIG.SYS
2004-08-04 19:00 47,564 --sha-r C:\Documents and Settings\My Backup -- 11-06-08 2050\NTDETECT.COM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 16:42 212992]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50 155648]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 12:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 12:47 688218]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 22:42 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-24 20:54 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-24 20:54 118784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-15 10:19 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 02:49 718704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7b1d851-3835-11dd-b230-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 12:35:46 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jason.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 18:48:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-11 18:50:53
ComboFix-quarantined-files.txt 2008-07-11 22:50:50

Pre-Run: 50,935,271,424 bytes free
Post-Run: 50,923,040,768 bytes free

211 --- E O F --- 2008-07-10 00:32:07

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:40 PM

Posted 15 July 2008 - 09:36 AM

Hello, Jason D1.
Sorry for the delay, I missed your reply somehow.

Yes, spysweeper can be a good scanner, but it can cause issues as well.

You now appear to be clean. Congratulations!

We need to remove ComboFix
  • Click START then RUN
  • Now type or copy Combofix /u in the runbox and click OK.
    Note the space between the X and the U, it needs to be there.
    Posted Image
We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "None"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :thumbup2:
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :spacer:
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 JasonD1

JasonD1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:08:40 PM

Posted 17 July 2008 - 09:26 PM

Billy,

Thaks for your help. I actually deleted Norton and Spysweeper since they were causing obvious demand on resources. Are the programs that you recomended all I would need for basic spyware and virus protection?

Thanks again!

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:40 PM

Posted 17 July 2008 - 10:06 PM

Hello, JasonD1.

Yes, that should be sufficient to protect yourself :thumbsup:

Do you have any other questions?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 JasonD1

JasonD1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:PA
  • Local time:08:40 PM

Posted 18 July 2008 - 06:44 PM

Nope, you were very helpful!

This tread can be closed.

Thanks again!

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:40 PM

Posted 12 August 2008 - 01:12 AM

Since this issue appears resolved, this topic is closed.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users