Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Riyocodec logs


  • This topic is locked This topic is locked
8 replies to this topic

#1 mattscope

mattscope

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 22 October 2007 - 03:56 AM

here are the logs I have following your instructions to get rid of the Riyo Codec.

Fixware log:


Username "Administrator" - 10/22/2007 10:30:58 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.27 85.255.112.70" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{792D8002-5C8C-4BE2-B81D-724A4BFBFA78}
"nameserver"="85.255.116.27,85.255.112.70" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{06AE0BBF-8FC8-4343-B287-61F743A514F1}
"DhcpNameServer"="85.255.116.27,85.255.112.70" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"="C:\\Program Files\\VMware\\VMware Tools\\VMwareTray.exe"
"VMware User Process"="C:\\Program Files\\VMware\\VMware Tools\\VMwareUser.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"outlook"="C:\\Program Files\\outlook\\outlook.exe /auto"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~



Hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 10:43:08 AM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com...S01?FORM=TOOLBR
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?8a5f8ea6ae4a466f8de31e445b2a9bb6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?8a5f8ea6ae4a466f8de31e445b2a9bb6
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware Physical Disk Helper Service - Unknown owner - C:\Program Files\VMware\VMware Tools\vmacthlp.exe




thank you very much, hope to hear from you soon

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 October 2007 - 10:13 AM

Hello and welcome to the forums

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

Next:


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 mattscope

mattscope

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 October 2007 - 03:27 AM

ComboFix 07-10-26.4 - Administrator 2007-10-27 10:16:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.165 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\onoes.exe
C:\Program Files\3
C:\Program Files\3\Mobile Broadband Modem Manager\configMMM.ini
C:\Program Files\3\Mobile Broadband Modem Manager\DefaultMMM.ini
C:\Program Files\3\Mobile Broadband Modem Manager\Driver.ini
C:\Program Files\3\Mobile Broadband Modem Manager\MMModem.cnt
C:\Program Files\3\Mobile Broadband Modem Manager\MMModem.exe
C:\Program Files\3\Mobile Broadband Modem Manager\MMMODEM.HLP
C:\Program Files\outlook
C:\Program Files\outlook\outlook.exe
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\v.tmp
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com

.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-27 10:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 10:57 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-22 10:57 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-22 10:57 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-22 10:57 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-22 10:57 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-22 10:57 1,464 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-10 12:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-09 15:43 <DIR> d-------- C:\Documents and Settings\Administrator\Shared
2007-10-09 15:43 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2007-10-09 15:42 <DIR> d-------- C:\Program Files\Java
2007-10-09 15:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-09 15:41 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-09 15:40 <DIR> d-------- C:\Program Files\LimeWire
2007-10-07 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser
2007-10-02 16:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-01 17:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Final Draft
2007-10-01 16:59 <DIR> d-------- C:\Program Files\Final Draft Tagger
2007-10-01 16:59 <DIR> d-------- C:\Program Files\Final Draft 7
2007-10-01 16:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Final Draft
2007-10-01 16:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-10-01 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-01 16:17 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-10-01 16:16 <DIR> d-------- C:\Program Files\CyberLink
2007-10-01 16:14 <DIR> d-------- C:\PDVDBD
2007-10-01 15:49 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2007-10-01 15:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2007-10-01 15:47 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-01 15:47 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-01 15:46 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-10-01 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-01 15:46 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-01 15:46 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-10-01 15:46 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-10-01 15:45 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-10-01 15:44 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-01 15:31 <DIR> d-------- C:\Program Files\PowerISO
2007-10-01 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-01 14:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2007-10-01 14:19 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-01 14:19 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-10-01 14:19 <DIR> d-------- C:\Program Files\Nokia
2007-10-01 14:19 <DIR> d-------- C:\Program Files\DIFX
2007-10-01 14:19 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-01 14:19 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-01 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-01 14:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2007-10-01 14:19 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-10-01 14:19 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-10-01 14:19 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-10-01 14:19 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-10-01 14:19 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-10-01 14:19 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 15:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-01 12:45 9,897 ----a-w C:\WINDOWS\nmwcdcp.sys
2007-10-01 12:45 89,728 ----a-w C:\WINDOWS\usbvsp.sys
2007-10-01 12:45 87,456 ----a-w C:\WINDOWS\k600mdm.sys
2007-10-01 12:45 84,480 ----a-w C:\WINDOWS\U81xmdm.sys
2007-10-01 12:45 8,704 ----a-w C:\WINDOWS\nmwcdc.sys
2007-10-01 12:45 79,248 ----a-w C:\WINDOWS\k600mgmt.sys
2007-10-01 12:45 77,472 ----a-w C:\WINDOWS\U81xmgmt.sys
2007-10-01 12:45 77,072 ----a-w C:\WINDOWS\k600obex.sys
2007-10-01 12:45 75,456 ----a-w C:\WINDOWS\U81xobex.sys
2007-10-01 12:45 6,672 ----a-w C:\WINDOWS\U81xwh95.sys
2007-10-01 12:45 6,672 ----a-w C:\WINDOWS\k600wh95.sys
2007-10-01 12:45 6,144 ----a-w C:\WINDOWS\U81xcmnt.sys
2007-10-01 12:45 6,112 ----a-w C:\WINDOWS\k600cmnt.sys
2007-10-01 12:45 6,096 ----a-w C:\WINDOWS\k600mdfl.sys
2007-10-01 12:45 6,064 ----a-w C:\WINDOWS\U81xmdfl.sys
2007-10-01 12:45 52,384 ----a-w C:\WINDOWS\k600bus.sys
2007-10-01 12:45 52,352 ----a-w C:\WINDOWS\U81xbus.sys
2007-10-01 12:45 52,193 ----a-w C:\WINDOWS\lgusbmdm.sys
2007-10-01 12:45 50,200 ----a-w C:\WINDOWS\lgusbsdm.sys
2007-10-01 12:45 5,744 ----a-w C:\WINDOWS\U81xwhnt.sys
2007-10-01 12:45 5,744 ----a-w C:\WINDOWS\k600whnt.sys
2007-10-01 12:45 48,128 ----a-w C:\WINDOWS\nmwcdcls.dll
2007-10-01 12:45 46,810 ----a-w C:\WINDOWS\ctl_w2kh.sys
2007-10-01 12:45 43,264 ----a-w C:\WINDOWS\urusbc.sys
2007-10-01 12:45 43,264 ----a-w C:\WINDOWS\liusbc.sys
2007-10-01 12:45 43,136 ----a-w C:\WINDOWS\n808usbc.sys
2007-10-01 12:45 41,520 ----a-w C:\WINDOWS\CCPORT.SYS
2007-10-01 12:45 4,608 ----a-w C:\WINDOWS\nmwcdlog.dll
2007-10-01 12:45 4,048 ----a-w C:\WINDOWS\U81xcr.sys
2007-10-01 12:45 39,036 ----a-w C:\WINDOWS\lgusbmodem.sys
2007-10-01 12:45 38,144 ----a-w C:\WINDOWS\lgusbdiag.sys
2007-10-01 12:45 37,120 ----a-w C:\WINDOWS\n808usbm.sys
2007-10-01 12:45 37,120 ----a-w C:\WINDOWS\mdm_w2kh.sys
2007-10-01 12:45 36,352 ----a-w C:\WINDOWS\urusbm.sys
2007-10-01 12:45 36,352 ----a-w C:\WINDOWS\liusbm.sys
2007-10-01 12:45 337,320 ----a-w C:\WINDOWS\difxapi.dll
2007-10-01 12:45 33,920 ----a-w C:\WINDOWS\urusbo.sys
2007-10-01 12:45 33,920 ----a-w C:\WINDOWS\liusbo.sys
2007-10-01 12:45 33,664 ----a-w C:\WINDOWS\n808usbo.sys
2007-10-01 12:45 33,536 ----a-w C:\WINDOWS\obx_w2kh.sys
2007-10-01 12:45 31,232 ----a-w C:\WINDOWS\nmwcdcocls.dll
2007-10-01 12:45 3,984 ----a-w C:\WINDOWS\k600cr.sys
2007-10-01 12:45 28,304 ----a-w C:\WINDOWS\tac_w2kh.sys
2007-10-01 12:45 25,856 ----a-w C:\WINDOWS\urusba.sys
2007-10-01 12:45 25,856 ----a-w C:\WINDOWS\liusba.sys
2007-10-01 12:45 25,344 ----a-w C:\WINDOWS\n808usba.sys
2007-10-01 12:45 22,328 ----a-w C:\WINDOWS\lgbus9x.sys
2007-10-01 12:45 22,048 ----a-w C:\WINDOWS\cocpyinf.dll
2007-10-01 12:45 21,344 ----a-w C:\WINDOWS\lgusbbus.sys
2007-10-01 12:45 21,296 ----a-w C:\WINDOWS\USBSER.SYS
2007-10-01 12:45 14,458 ----a-w C:\WINDOWS\enu_w2kh.sys
2007-10-01 12:45 13,696 ----a-w C:\WINDOWS\n808usbe.sys
2007-10-01 12:45 13,312 ----a-w C:\WINDOWS\nmwcdcm.sys
2007-10-01 12:45 13,312 ----a-w C:\WINDOWS\nmwcdcj.sys
2007-10-01 12:45 127,488 ----a-w C:\WINDOWS\nmwcd.sys
2007-10-01 12:45 12,928 ----a-w C:\WINDOWS\urusbe.sys
2007-10-01 12:45 12,928 ----a-w C:\WINDOWS\liusbe.sys
2007-10-01 12:45 10,672 ----a-w C:\WINDOWS\k600cm95.sys
2007-10-01 12:45 10,640 ----a-w C:\WINDOWS\U81xcm95.sys
2007-10-01 12:32 --------- d-----w C:\Program Files\DVD Region+CSS Free
2007-10-01 12:04 92,720 ----a-w C:\WINDOWS\system32\hgfs.dll
2007-10-01 12:04 92,464 ----a-r C:\WINDOWS\system32\vmx_fb.dll
2007-10-01 12:04 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
2007-10-01 12:04 63,280 ----a-r C:\WINDOWS\system32\drivers\vmx_svga.sys
2007-10-01 12:04 36,400 ----a-w C:\WINDOWS\system32\drivers\lgtosync.sys
2007-10-01 12:04 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-01 12:04 34,992 ----a-r C:\WINDOWS\system32\drivers\vmxnet.sys
2007-10-01 12:04 33,840 ----a-w C:\WINDOWS\system32\vmGuestLib.dll
2007-10-01 12:04 17,968 ----a-r C:\WINDOWS\system32\drivers\vmscsi.sys
2007-10-01 12:04 16,688 ----a-r C:\WINDOWS\system32\vmx_mode.dll
2007-10-01 12:04 11,696 ----a-r C:\WINDOWS\system32\drivers\vmmouse.sys
2007-10-01 12:04 102,704 ----a-w C:\WINDOWS\system32\drivers\hgfs.sys
2007-10-01 12:04 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
2007-10-01 12:04 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
2007-10-01 12:04 --------- d-----w C:\Program Files\VMware
2007-10-01 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2007-10-01 12:01 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"="C:\Program Files\VMware\VMware Tools\VMwareTray.exe" [2007-10-01 13:04]
"VMware User Process"="C:\Program Files\VMware\VMware Tools\VMwareUser.exe" [2007-10-01 13:04]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 15:19:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]

R0 vmscsi;vmscsi;C:\WINDOWS\system32\drivers\vmscsi.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 hgfs;hgfs;C:\WINDOWS\system32\DRIVERS\hgfs.sys
R2 LGTO_Sync;Sync Driver;\??\C:\WINDOWS\system32\Drivers\lgtosync.sys
R2 VMMEMCTL;VMware server memory controller;\??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
R2 VMTools;VMware Tools Service;"C:\Program Files\VMware\VMware Tools\VMwareService.exe"
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;"C:\Program Files\VMware\VMware Tools\vmacthlp.exe"
R3 vmmouse;VMware Pointing Device;C:\WINDOWS\system32\DRIVERS\vmmouse.sys
R3 vmx_svga;vmx_svga;C:\WINDOWS\system32\DRIVERS\vmx_svga.sys
R3 vmxnet;VMware Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\vmxnet.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-27 09:16:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 10:18:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-27 10:18:50 - machine was rebooted
.
--- E O F ---

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 October 2007 - 03:28 PM

"copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 mattscope

mattscope

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 01 November 2007 - 09:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:18:57 AM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com...S01?FORM=TOOLBR
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?8a5f8ea6ae4a466f8de31e445b2a9bb6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?8a5f8ea6ae4a466f8de31e445b2a9bb6
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware Physical Disk Helper Service - Unknown owner - C:\Program Files\VMware\VMware Tools\vmacthlp.exe



computer seems to be running okay...

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 November 2007 - 03:50 PM

You don't need limewire running at startup

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"



I don't see a anti-virus program running. Get this free one.

Click HERE and Save, Install, Update and run a full scan.


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 mattscope

mattscope

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 November 2007 - 01:51 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:46:07 AM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com...S01?FORM=TOOLBR
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?8a5f8ea6ae4a466f8de31e445b2a9bb6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?8a5f8ea6ae4a466f8de31e445b2a9bb6
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware Physical Disk Helper Service - Unknown owner - C:\Program Files\VMware\VMware Tools\vmacthlp.exe


computer seems to be running okay

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 November 2007 - 06:39 AM

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Posted Image
  • If shown the disclaimer, Select "2"
Here's my usual all clean post

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
    You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    Using IE-SPYAD to help block unwanted sites and activities

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.
Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 09 November 2007 - 06:11 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users