Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91910 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer abnormal


  • This topic is locked This topic is locked
7 replies to this topic

#1 nugget

nugget

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 05 October 2009 - 11:48 AM

Hey recently my computer has been running a little funny. It has been slowing down to an obnoxious point and often has trouble restarting. I have run all my virus scans including search and destroy and malware remover. I have also done registry cleans with regcure. Today my computer shut down (went to blue screen) as i was playing WoW. Also a lot of programs have been failing to respond. I reinstalled Windows Vista a couple weeks ago.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/05 13:36
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: av5flt.sys
Image Path: C:\Windows\system32\drivers\av5flt.sys
Address: 0x9CC43000 Size: 92544 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D489000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D47E000 Size: 45056 File Visible: No Signed: -
Status: -

Name: PavSRK.sys
Image Path: C:\Windows\system32\PavSRK.sys
Address: 0x9B4C4000 Size: 32768 File Visible: No Signed: -
Status: -

Name: PavTPK.sys
Image Path: C:\Windows\system32\PavTPK.sys
Address: 0x8C3F0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CCBA000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 688 Status: Locked to the Windows API!

==EOF====EOF==


DDS (Ver_09-06-26.01) - NTFSx86
Run by Travis at 13:31:18.95 on Mon 10/05/2009

Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1242 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost -k Panda
C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrvx86.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Travis\Desktop\My Things\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2009\Inicio.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-6-20 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-6-20 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-6-20 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-6-20 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-6-20 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-6-20 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-6-20 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-6-20 46720]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2009-6-20 49208]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-9 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-9 234888]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-6-20 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-6-20 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2009\psksvc.exe [2009-6-20 28928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-9 1153368]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-9-27 12032]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-6-20 197888]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2009-9-27 14592]

=============== Created Last 30 ================

2009-10-03 01:19 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 23:27 <DIR> --d----- c:\users\travis\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-09-27 23:58 249,856 a------- c:\windows\system32\Lachesis.cpl
2009-09-27 23:58 <DIR> --d----- c:\programdata\Razer
2009-09-27 16:17 <DIR> --d----- c:\users\travis\appdata\roaming\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-09-27 16:16 <DIR> --d----- c:\programdata\Adobe
2009-09-27 16:16 <DIR> --d----- c:\users\travis\appdata\roaming\Raptr
2009-09-27 16:16 <DIR> --d----- c:\program files\Raptr
2009-09-27 15:47 14,592 a------- c:\windows\system32\drivers\Usbicp.sys
2009-09-27 15:45 12,032 a------- c:\windows\system32\drivers\Lachesis.sys
2009-09-24 20:12 <DIR> --d----- c:\program files\Ventrilo
2009-09-24 20:12 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-09-21 19:55 376 a------- c:\windows\ODBC.INI
2009-09-21 19:53 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-09-21 19:48 680 a------- c:\windows\lrun32.ini
2009-09-21 19:48 <DIR> --d----- c:\program files\MSPress
2009-09-21 19:47 88,092 a------- c:\windows\lrun32.isu
2009-09-21 19:47 306,688 a------- c:\windows\IsUninst.exe
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-18 01:05 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-13 21:57 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-09-13 21:51 <DIR> --d----- c:\program files\common files\Merge Modules
2009-09-13 21:51 <DIR> --d----- c:\programdata\Microsoft Help
2009-09-09 18:45 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-09-09 18:45 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-09-09 16:55 <DIR> --d----- c:\windows\pss
2009-09-09 13:12 <DIR> --d----- c:\programdata\Blizzard
2009-09-09 13:12 <DIR> --d----- c:\progra~2\Blizzard
2009-09-09 11:23 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-09-09 05:43 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 05:43 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-09 05:43 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 05:43 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 05:43 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 05:43 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 05:43 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 05:43 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 05:43 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 05:43 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 05:43 17,920 a------- c:\windows\system32\netevent.dll

==================== Find3M ====================

2009-10-05 13:10 264,344 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-10-05 13:10 264,344 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-10-05 13:09 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-10-05 13:09 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-10-05 01:02 31,966 a------- c:\programdata\nvModes.dat
2009-10-05 01:02 31,966 a------- c:\progra~2\nvModes.dat
2009-09-27 23:58 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-27 23:58 51,200 a------- c:\windows\inf\infpub.dat
2009-09-27 15:46 86,016 a------- c:\windows\inf\infstor.dat
2009-09-18 08:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-30 15:28 50,759 a------- c:\windows\War3Unin.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-09 11:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-02 10:45 33,021 a------- c:\windows\scunin.dat
2009-08-02 10:45 94,208 a------- c:\windows\ScUnin.exe
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-11 15:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 15:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 15:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 15:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 13:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-06-24 19:31 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 15:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:32:51.57 ===============

Attached Files


    Advertisements

Register to Remove


#2 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 09 October 2009 - 06:15 PM

Hello and :welcome: Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#3 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 12 October 2009 - 06:50 PM

Hi nugget,

I will be helping you on removing malwares on your computer. Log research takes time, so please be patient and I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Do not install/uninstall anything on your computer unless advised.
  • Do not run any other scanning tools other than those instructed for you to use.
  • Follow the instructions on the order they are given.
  • Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
  • If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
  • And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.

_________________________________________________


FOR VISTA

As a Vista user, you will need to right click and choose "Run as Administrator" to run the tools we will use.

You have Vuze, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

I would recommend that you uninstall Vuze, via Control Panel -> Add or Remove Programs.

However, if you do not wish to remove this program please be advised not to use the said program during the course of cleaning your machine.

Also, you have two anti spyware running on your computer, Panda Internet Security 2009 and Windows Defender. Running more than one anti spyware at the same time does not only slow down your computer but provides less protection than they are programmed to do, due to the fact that they will be conflicting with each other rather than providing sufficient protection for your computer. Please uninstall one of your anti spyware before proceeding with any of the fixes.

--Next--

  • Right click MBAM.exe then choose Run as Administrator.
  • Update MBAM.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

--Next--

Please do a scan with Kaspersky Online Scanner or from Here.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.

Posted Image



--Next--

Please run DDs again so that it will produce a fresh log. Thank you.

Log to post in your next reply:
1. MBAM log.
2. Kaspersky log.
3. DDs log.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#4 nugget

nugget

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 15 October 2009 - 02:02 PM

Hey sorry for the late post. I was away for a bit. Here is the things you requested though i had to download a trial version of kaspersky because the internet scan was unavailable. In order to install kaspersky i had to remove panda antivirus (which is ok because it was a free trial version anyway).

Malwarebytes' Anti-Malware 1.41
Database version: 2968
Windows 6.0.6002 Service Pack 2

10/15/2009 2:44:33 PM
mbam-log-2009-10-15 (14-44-33).txt


Scan type: Quick Scan
Objects scanned: 85994
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------------------------------------------------------------
I am unsure if this is what you wanted I am using the trial version of Kaspersky. I found this after a scan.

Date: Today (events: 25)
My Protection (events: 3)
10/15/2009 3:26:30 PM Threats have been detected Kaspersky Anti-Virus
10/15/2009 3:13:49 PM Protection is not running Kaspersky Anti-Virus
10/15/2009 2:59:26 PM Databases are obsolete Kaspersky Anti-Virus
File Anti-Virus (events: 2)
10/15/2009 3:14:56 PM Task started Kaspersky Anti-Virus File Anti-Virus
10/15/2009 2:59:26 PM Task started Kaspersky Anti-Virus File Anti-Virus
Mail Anti-Virus (events: 2)
10/15/2009 3:14:56 PM Task started Kaspersky Anti-Virus Mail Anti-Virus
10/15/2009 2:59:26 PM Task started Kaspersky Anti-Virus Mail Anti-Virus
Web Anti-Virus (events: 2)
10/15/2009 3:14:56 PM Task started Kaspersky Anti-Virus Web Anti-Virus
10/15/2009 2:59:31 PM Task started Kaspersky Anti-Virus Web Anti-Virus
Self-Defense (events: 3)
10/15/2009 3:17:19 PM Denied Host Process for Windows Services C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
10/15/2009 3:15:50 PM Denied Windows Explorer C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
10/15/2009 2:59:44 PM Denied Host Process for Windows Services C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
Proactive Defense (events: 2)
10/15/2009 3:14:56 PM Task started Kaspersky Anti-Virus Proactive Defense
10/15/2009 2:59:26 PM Task started Kaspersky Anti-Virus Proactive Defense
IM Anti-Virus (events: 2)
10/15/2009 3:14:56 PM Task started Kaspersky Anti-Virus IM Anti-Virus
10/15/2009 2:59:26 PM Task started Kaspersky Anti-Virus IM Anti-Virus
Objects Scan (events: 4)
10/15/2009 3:51:12 PM Task completed Kaspersky Anti-Virus Objects Scan
10/15/2009 3:46:10 PM Task completed Kaspersky Anti-Virus Rootkit Scan
10/15/2009 3:45:06 PM Task started Kaspersky Anti-Virus Rootkit Scan
10/15/2009 3:17:48 PM Task started Kaspersky Anti-Virus Objects Scan
My Update Center (events: 5)
10/15/2009 3:13:12 PM Task completed Kaspersky Anti-Virus My Update Center
10/15/2009 3:12:21 PM Task started Kaspersky Anti-Virus My Update Center
10/15/2009 3:12:15 PM Task completed Kaspersky Anti-Virus My Update Center
10/15/2009 3:12:14 PM It is necessary to restart the computer after update Kaspersky Anti-Virus
10/15/2009 2:59:54 PM Task started Kaspersky Anti-Virus My Update Center
-------------------------------------------------------------------------------------------------------------------------------------------


DDS (Ver_09-06-26.01) - NTFSx86
Run by Travis at 15:58:31.29 on Thu 10/15/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1306 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}


============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Travis\Desktop\My Things\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-9 1153368]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-9-27 12032]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2009-9-27 14592]

=============== Created Last 30 ================

2009-10-15 14:59 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
2009-10-15 14:58 108,059 a------- c:\windows\system32\drivers\klin.dat
2009-10-15 14:58 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-10-15 14:57 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-10-15 14:57 <DIR> --d----- c:\program files\Kaspersky Lab
2009-10-15 14:57 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-10-15 14:48 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-10-15 14:48 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-10-13 19:03 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-13 19:03 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-13 19:03 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-10-12 19:18 45,056 a------- c:\windows\NCUNINST.EXE
2009-10-12 19:13 17,060 a------- c:\windows\hplj1010.hi1
2009-10-12 19:13 3,353 a------- c:\windows\hplj1010.bu1
2009-10-12 19:11 103 a------- c:\windows\system32\hptrace.ini
2009-10-12 19:11 20,799 a------- c:\windows\hplj1010.his
2009-10-12 19:11 3,878 a------- c:\windows\hplj1010.ini
2009-10-12 19:10 <DIR> --d----- c:\program files\common files\SWF Studio
2009-10-03 01:19 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 23:27 <DIR> --d----- c:\users\travis\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-09-27 23:58 249,856 a------- c:\windows\system32\Lachesis.cpl
2009-09-27 23:58 <DIR> --d----- c:\programdata\Razer
2009-09-27 16:17 <DIR> --d----- c:\users\travis\appdata\roaming\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-09-27 16:16 <DIR> --d----- c:\programdata\Adobe
2009-09-27 16:16 <DIR> --d----- c:\users\travis\appdata\roaming\Raptr
2009-09-27 16:16 <DIR> --d----- c:\program files\Raptr
2009-09-27 15:47 14,592 a------- c:\windows\system32\drivers\Usbicp.sys
2009-09-27 15:45 12,032 a------- c:\windows\system32\drivers\Lachesis.sys
2009-09-24 20:12 <DIR> --d----- c:\program files\Ventrilo
2009-09-24 20:12 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-09-21 19:55 376 a------- c:\windows\ODBC.INI
2009-09-21 19:53 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-09-21 19:48 680 a------- c:\windows\lrun32.ini
2009-09-21 19:48 <DIR> --d----- c:\program files\MSPress
2009-09-21 19:47 88,092 a------- c:\windows\lrun32.isu
2009-09-21 19:47 306,688 a------- c:\windows\IsUninst.exe
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-18 08:08 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-18 01:05 <DIR> --d----- c:\windows\system32\EventProviders

==================== Find3M ====================

2009-10-15 14:58 86,016 a------- c:\windows\inf\infstor.dat
2009-10-15 14:58 51,200 a------- c:\windows\inf\infpub.dat
2009-10-15 14:58 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-15 14:30 31,966 a------- c:\programdata\nvModes.dat
2009-10-15 14:30 31,966 a------- c:\progra~2\nvModes.dat
2009-09-18 08:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-14 05:29 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 07:41 60,928 a------- c:\windows\system32\msasn1.dll
2009-08-30 15:28 50,759 a------- c:\windows\War3Unin.dat
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 20:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-28 20:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 11:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 09:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-09 11:28 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-02 10:45 33,021 a------- c:\windows\scunin.dat
2009-08-02 10:45 94,208 a------- c:\windows\ScUnin.exe
2009-06-24 19:31 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 15:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:59:12.35 ===============

#5 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 15 October 2009 - 11:16 PM

Hi,

Please open Kaspersky then go to "View Reports".
Post the log in your next reply. Thank you.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#6 nugget

nugget

    New Member

  • Authentic Member
  • Pip
  • 4 posts

Posted 16 October 2009 - 07:32 AM

Status: Deleted (events: 3) 10/15/2009 3:32:04 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.bxoj C:\Documents and Settings\Travis\Documents\Azureus Downloads\ Microsoft Office Word 2008 + CD KEY\MS Office Word 2008.exe 10/15/2009 3:32:04 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.bxoj C:\Documents and Settings\Travis\Documents\Azureus Downloads\ Microsoft Office Word 2008 + CD KEY\MS Office Word 2008.exe//data0000.cab 10/15/2009 3:32:04 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.bxoj C:\Documents and Settings\Travis\Documents\Azureus Downloads\ Microsoft Office Word 2008 + CD KEY\MS Office Word 2008.exe//data0000.cab/downloader.exe Status: Absent (events: 1) 10/15/2009 3:53:23 PM Not found Trojan program Trojan-Downloader.Win32.Agent.bxoj C:\Documents and Settings\Travis\My Documents\Azureus Downloads\ Microsoft Office Word 2008 + CD KEY\MS Office Word 2008.exe//data0000.cab/downloader.exe Status: Detected (events: 1) 10/15/2009 7:17:35 PM Detected legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger C:\PROGRAM FILES\VENTRILO\VENTRILO.EXE ----------------------------------------- There is a lot of choices from the Reports Screen. Idk what to give you.

#7 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 16 October 2009 - 08:36 PM

Hi,

I think those items deleted by Kaspersky are software cracks. We do not support any form of cracked software in this forum.
Furthermore, those infections are from downloading stuff via P2P applications such as Vuze.

P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.


I don't see any malware except from those detected by Kaspersky.

Please read here then create a thread in the Windows Forum describing them of your symptoms and linking back here so that they could review your logs.

Let's do some clean up.

Please do the following:

Delete DDS, RootRepeal and the logs we've created from your desktop.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

The latest update is Java 6 update 16

Next,

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance.
  • Select System.
  • On the left select Advance System Settings and accept the warning if you get one.
  • Select System Protection Tab.
  • Select Create at the bottom.
  • Type in a name i.e. Clean.
  • Select Create.

Now we can purge the infected ones

  • Go back to the System and Maintenance page.
  • Select Performance Information and Tools.
  • On the left select Open Disk Cleanup.
  • Select Files from all users and accept the warning if you get one.
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab.
  • In the System Restore and Shadow Backups select Clean up.
  • Select Delete on the pop up.
  • Select OK.
  • Select Delete.

Next,

To keep your operating system up to date visit

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. SpywareBlaster - Download and install SpywareBlaster. This program prevents the installation of ActiveX-based spyware and other potentially unwanted programs.

7. Protect your computer from internet threats with SandboxIE. This program isolates Internet Explorer from the rest of your operating system, 'sandboxing' it away - so malicious websites can't do damage to the rest of your system. There is a Getting Started guide on their website.

8. And finally, please read these excellent articles:
Malware: Help prevent the Infection by Sandi Hardmeier,
Preventing Malware - Tools and Practices for Safe Computing

For more safe computing tips please read the guide by Rorschach112 on how to prevent malware and about safe computing here.


Goodluck, happy computing and stay clean! ^_^

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 18 October 2009 - 08:31 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users