Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Win?


  • This topic is locked This topic is locked
9 replies to this topic

#1 Zalandar

Zalandar

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 12 May 2007 - 06:18 PM

Hi all

I'm having a problem with all kinds of pop ups and windows opening on thier own.IE is slow to start and go from site to site.Also my computer is slow to start up{aprox. 3 min.}.I also have this annoying notification pop up saying i can't connect to net --Try working offline or connect.

I went through all the steps in the "start here" section of Bleeeping Comp. and and still having same problems. I run Vundo Fix and it always has 3 dlls to take off.

Here is my HackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 3:47:12 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3675D6FB-0E3A-48C1-BE1A-BE11ACDD5212} - (no file)
O2 - BHO: (no name) - {3973722C-58CE-4716-82CB-C11CE44F9189} - (no file)
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - (no file)
O2 - BHO: (no name) - {4E5F55C4-8E66-475B-9E4A-D474FE2B833B} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60D04B44-0E87-4A8A-8404-CEB1E8B1F21A} - (no file)
O2 - BHO: (no name) - {6F8BD212-052E-4250-8F2B-0C8FC8B39243} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {BD1E5CD7-9EC4-4B13-9127-B4177ED5B628} - (no file)
O2 - BHO: (no name) - {CCC01A29-E2B5-4C05-8222-B88569287D90} - (no file)
O2 - BHO: (no name) - {E245B8E0-2762-4649-9B56-5B0770502B19} - (no file)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\lnfgdprc.dll
O2 - BHO: (no name) - {FF77EBEA-D551-4CD4-A271-836E01B94019} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\kpmmsuwh.dll",realset
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.my_favorite_domain.com
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hope u will be able to tell what to dellete from my computer and how to do it


Please keep in mind that i am a bit of a commputer dummie.
thks lots

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 12 May 2007 - 07:24 PM

Welcome to BC :thumbsup:

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#3 Zalandar

Zalandar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 13 May 2007 - 12:01 AM

Hi Sjpritch25

well i clicked on the site in your reply and downloaded Combofix. then closed browser and double cliked on Combofix.exe on the desktop.

it says that files are corrupted ...

"CRC failed in Combofix\swerg.exe--unexepected end of archive" is what i got .

I can see that this is not going to be my lucky day.

thanks for replying and i hope u have some good news for me.

Sjpritch25
I tried it again and this time it worked.Here is the log from combofix.

"Pic'senstuff" - 2007-05-12 22:20:12 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Pic'senstuff\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\kpmmsuwh.dll
C:\WINDOWS\system32\lnfgdprc.dll
C:\WINDOWS\system32\hwusmmpk.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\sfsync02.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))


2007-05-12 22:21 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-05-12 15:54 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-05-12 14:35 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-05-12 14:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-08 11:16 <DIR> d-------- C:\WINDOWS\UFO Extraterrestrials
2007-05-08 11:16 <DIR> d-------- C:\Matrix Games
2007-05-05 15:23 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-05 15:23 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-05 15:23 <DIR> d-------- C:\WINDOWS\nview
2007-05-05 13:28 <DIR> d-------- C:\DOCUME~1\PIC'SE~1\APPLIC~1\RegistrySmart
2007-04-29 15:46 <DIR> d--h----- C:\WINDOWS\PIF
2007-04-29 13:47 <DIR> d-------- C:\VundoFix Backups
2007-04-25 21:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-04-25 21:33 <DIR> d-------- C:\Program Files\MSBuild
2007-04-25 21:30 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-25 21:29 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-04-25 21:29 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-04-25 16:18 <DIR> d-------- C:\WINDOWS\network diagnostic


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-13 05:22:15 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000004-20021102}.dat
2007-05-13 05:22:15 384 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000009-00001102-00000004-20021102}.dat
2007-05-12 22:21:35 529,792 ----a-w C:\Program Files\autoruns.exe
2007-05-12 22:21:35 447,872 ----a-w C:\Program Files\autorunsc.exe
2007-05-12 22:02:49 -------- d-----w C:\Program Files\Google
2007-05-05 21:48:39 -------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix
2007-05-05 21:46:44 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 22:03:01 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\OpenOffice.org2
2007-04-23 18:48:17 -------- d-----w C:\Program Files\RegCure
2007-04-10 20:44:12 -------- d-----w C:\Program Files\THQ
2007-04-09 01:35:22 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\Logitech
2007-04-09 01:34:53 -------- d-----w C:\Program Files\Common Files\Logitech
2007-04-09 01:34:38 -------- d-----w C:\Program Files\Logitech
2007-04-07 23:19:19 87,608 ----a-w C:\DOCUME~1\PIC'SE~1\APPLIC~1\ezpinst.exe
2007-04-07 23:19:19 47,360 ----a-w C:\DOCUME~1\PIC'SE~1\APPLIC~1\pcouffin.sys
2007-04-07 23:19:19 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\Vso
2007-04-07 23:12:31 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-04-07 18:30:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-07 06:26:59 -------- d-----w C:\Program Files\Yahoo!
2007-04-07 06:25:18 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\RegSweep
2007-04-05 17:55:43 -------- d-----w C:\Program Files\Pariah
2007-04-04 22:08:20 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-04 04:20:56 -------- d-----w C:\Program Files\UBISOFT
2007-04-03 06:19:58 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\UFOAI
2007-04-01 07:56:23 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\Apple Computer
2007-04-01 05:01:19 -------- d-----w C:\Program Files\TVAnts
2007-03-30 06:21:13 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\MSN6
2007-03-25 03:44:39 -------- d-----w C:\Program Files\Lame
2007-03-25 03:39:53 -------- d-----w C:\Program Files\IrfanView
2007-03-25 02:47:50 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-03-25 02:41:14 -------- d-----w C:\Program Files\Aspyr
2007-03-25 00:17:06 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-03-25 00:05:55 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\Google
2007-03-24 23:47:15 -------- d-----w C:\Program Files\Game folder
2007-03-24 22:50:57 -------- d-----w C:\Program Files\Creative
2007-03-24 22:49:54 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\Creative
2007-03-24 22:49:16 184 ----a-w C:\WINDOWS\system32\e000002.dat
2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-12 23:18:56 -------- d-----w C:\Program Files\QuickTime
2007-03-12 06:36:10 -------- d-----w C:\Program Files\MTV Networks
2007-03-12 06:11:43 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-03-12 04:57:02 -------- d-----w C:\Program Files\extras
2007-03-12 02:28:59 23,510,720 ----a-w C:\Program Files\dotnetfx.exe
2007-03-12 02:04:11 -------- d-----w C:\DOCUME~1\PIC'SE~1\APPLIC~1\Real
2007-03-12 01:59:23 -------- d-----w C:\Program Files\Common Files\xing shared
2007-03-12 01:59:22 -------- d-----w C:\Program Files\Real
2007-03-12 01:59:17 -------- d-----w C:\Program Files\Common Files\Real
2007-03-12 01:34:27 -------- d-----w C:\Program Files\goggleboxtv_full
2007-03-09 08:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe
2007-03-09 08:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-08 20:26:40 -------- d-----w C:\Program Files\SOLDIE~1
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 04:46:12 -------- d-----w C:\Program Files\Ascaron Entertainment
2007-02-24 05:17:38 585 ----a-w C:\WINDOWS\PowerReg.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{6F8BD212-052E-4250-8F2B-0C8FC8B39243}=C:\WINDOWS\system32\mljgd.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Launch Ai Booster"="C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe"
"RemoteControl"="C:\\Program Files\\Roxio\\Roxio DVDMax Player\\PDVDServ.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-25 20:48]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 19:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 19:51]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2004-08-17 17:57]
"RemoteControl"="C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe" [2003-10-27 03:04]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00]
"CTHelper"="CTHELPER.EXE" [2003-10-05 23:57 C:\WINDOWS\system32\CTHELPER.EXE])
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe])
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 12:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 17:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^plextools professional.lnk
C:\PROGRA~1\Plextor\PlexTool.exe Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^pic'senstuff^start menu^programs^startup^powerreg scheduler.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\freeram xp

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel and hardware abstraction layer
KHALMNPR.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitech hardware abstraction layer
KHALMNPR.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roxiodragtodisc
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updreg
C:\WINDOWS\UpdReg.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Schedule"=dword:00000002
"NtmsSvc"=dword:00000003
"iPod Service"=dword:00000003

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegSweep Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 22:24:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-12 22:25:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-12 22:25

Have a good day Sjpritch25

Edited by Zalandar, 13 May 2007 - 12:37 AM.


#4 sjpritch25

sjpritch25

  • Security Colleague
  • 896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 13 May 2007 - 07:06 AM

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O2 - BHO: (no name) - {3675D6FB-0E3A-48C1-BE1A-BE11ACDD5212} - (no file)
O2 - BHO: (no name) - {3973722C-58CE-4716-82CB-C11CE44F9189} - (no file)
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - (no file)
O2 - BHO: (no name) - {4E5F55C4-8E66-475B-9E4A-D474FE2B833B} - (no file)
O2 - BHO: (no name) - {60D04B44-0E87-4A8A-8404-CEB1E8B1F21A} - (no file)
O2 - BHO: (no name) - {6F8BD212-052E-4250-8F2B-0C8FC8B39243} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {BD1E5CD7-9EC4-4B13-9127-B4177ED5B628} - (no file)
O2 - BHO: (no name) - {CCC01A29-E2B5-4C05-8222-B88569287D90} - (no file)
O2 - BHO: (no name) - {E245B8E0-2762-4649-9B56-5B0770502B19} - (no file)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\lnfgdprc.dll
O2 - BHO: (no name) - {FF77EBEA-D551-4CD4-A271-836E01B94019} - (no file)
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\kpmmsuwh.dll",realset

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...

==========================================

Download DellDomains by Right-Clicking on DellDomains and select (for IE) Save Target As.
Save [color]DelDomains.inf[/color] to your Desktop.
Right-Click on DelDomains.inf and click on Install.

[color="red"]Note:[/color] This .inf file will remove ALL entries in the Trusted Zone and Restricted Zone. Any entries that you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads if you use any of these programs.


===========================================
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan [color="blue"](Note: It may take a couple of minutes)[/color]
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Microsoft MVP Consumer Security--2007-2010

#5 Zalandar

Zalandar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 13 May 2007 - 01:17 PM

Hi Sjpritch25

okay i ran DelDomains and then tried to run the Panda scan but it quit at about 110000 files scanned and thier is about 314000 files on my puter.
so then i ran Spybot search and destroy and tried the Panda again.Got the same result.Tried it on more time with the same result.When Panda quits any open window all close.Panda is showing that it has found 1 hacking tool.

there were 3 files missing from the group u asked me to fix---

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\kpmmsuwh.dll",realset
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - (no file)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\lnfgdprc.dll

I took the rest of them out.

Here are logs for DelDomain and Hijackthis

; DelDomains.inf 11-28-04 | Revised 01-15-06
; Created by: Mike Burgess Microsoft MVP
; http://mvps.org/winhelp2002/
;
; Warning: Deletes all entries in the Restricted & Trusted Zone list
; http://mvps.org/winhelp2002/restricted.htm
;
; Revised to include the EscDomains key
;
; To execute this file: in Explorer - right-click (this file)
; Select Install from the Menu.
; Note: you will not see any onscreen action.

[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps

[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

; Recreate the keys to avoid a restart

[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"




Logfile of HijackThis v1.99.1
Scan saved at 10:59:16 AM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



Something i noticed last nite was that i would set my internet security at Medium High but would go back later and find that it had gone back to lowest setting. That has changed since running DelDomain, the setting will now stay at Medium High.

Hope i'm giving u enough info.
thks

Edited by Zalandar, 13 May 2007 - 02:51 PM.


#6 sjpritch25

sjpritch25

  • Security Colleague
  • 896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 13 May 2007 - 09:04 PM

Log looks clean. How is everything running??? Did you run panda??? If so, please post the results. Thanks.
Microsoft MVP Consumer Security--2007-2010

#7 Zalandar

Zalandar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 13 May 2007 - 11:30 PM

Hi Sjpritch25

No as i said i could not get it to run all the way trough,everytime i tried it would shut all open windows at around 110,000 files.I tried it with only Panda window open and with 2 o3 other windows.It did'nt seem to matter it would just stop and then after a minute or so shut down all open windows.

However my i don.t seem to have all the popup and other problems as before.I think u have solved the problem.My fingers are crossed.

thks muchly foor the help.

P.s

I did run BitDefender and this is the log from that...................also ran VundoFix and it came up clean..


//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 13/05/2007 14:46:36
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
E:\
Folders : 6460
Files : 490079
Archives : 1893
Packed files : 11794
Identified viruses : 4
Infected files : 7
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 5
Renamed files : 0
I/O errors : 29
Scan time : 01:15:56
Scan speed (files/sec) : 107

Virus definitions : 505860
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\Pic'senstuff\My Documents\My Pictures\Pictures\My Pictures\battleofthedragons.exe=>wise0017 Infected Dropped:Application.Adware.NewDotNet.A
C:\Documents and Settings\Pic'senstuff\My Documents\My Pictures\Pictures\My Pictures\battleofthedragons.exe=>wise0017 Disinfection failed
C:\Documents and Settings\Pic'senstuff\My Documents\My Pictures\Pictures\My Pictures\battleofthedragons.exe=>wise0017 Move failed
C:\Documents and Settings\Pic'senstuff\My Documents\My Pictures\Pictures\My Pictures\dragdest.exe=>wise0017 Infected Dropped:Application.Adware.NewDotNet.A
C:\Documents and Settings\Pic'senstuff\My Documents\My Pictures\Pictures\My Pictures\dragdest.exe=>wise0017 Disinfection failed
C:\Documents and Settings\Pic'senstuff\My Documents\My Pictures\Pictures\My Pictures\dragdest.exe=>wise0017 Move failed
C:\VundoFix Backups\ddayx.dll.bad Infected MemScan:Trojan.Vundo.DLR
C:\VundoFix Backups\ddayx.dll.bad Disinfection failed
C:\VundoFix Backups\ddayx.dll.bad Moved
C:\VundoFix Backups\ddcdebb.dll.bad Infected MemScan:Trojan.Vundo.DLM
C:\VundoFix Backups\ddcdebb.dll.bad Disinfection failed
C:\VundoFix Backups\ddcdebb.dll.bad Moved
C:\VundoFix Backups\jkkjk.dll.bad Infected MemScan:Trojan.Vundo.DLR
C:\VundoFix Backups\jkkjk.dll.bad Disinfection failed
C:\VundoFix Backups\jkkjk.dll.bad Moved
C:\VundoFix Backups\ssqpo.dll.bad Infected MemScan:Trojan.Vundo.DLR
C:\VundoFix Backups\ssqpo.dll.bad Disinfection failed
C:\VundoFix Backups\ssqpo.dll.bad Moved
C:\VundoFix Backups\vtsqn.dll.bad Infected MemScan:Trojan.Virtumod.JQ
C:\VundoFix Backups\vtsqn.dll.bad Disinfection failed
C:\VundoFix Backups\vtsqn.dll.bad Moved

Edited by Zalandar, 13 May 2007 - 11:33 PM.


#8 sjpritch25

sjpritch25

  • Security Colleague
  • 896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 14 May 2007 - 07:47 AM

Good your log is clean!!!!! :thumbsup:




Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  • Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  • If you don't have a Firewall installed, please choose from the following:
  • If you don't have a Anti-Virus installed, please download the following free program:
  • Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  • Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown
    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  • Anti-Spyware Programs I Recommend:
  • For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]

Microsoft MVP Consumer Security--2007-2010

#9 Zalandar

Zalandar
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 14 May 2007 - 11:19 PM

Hi sjpritch25

Thanks for help.Will pass this site on to others.

you people are great.

Patrick

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:19 PM

Posted 15 May 2007 - 04:20 AM

Your Welcome!!!! :thumbsup: Since this issue is resolved, i am closing this thread.
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users